[
{
"path": ".dockerignore",
"content": "vendor\nui/node_modules\npb_data\nbuild\n.vscode\n"
},
{
"path": ".editorconfig",
"content": "# http://editorconfig.org\nroot = true\n\n[*]\ncharset = utf-8\nend_of_line = crlf\nindent_size = 2\nindent_style = space\ntrim_trailing_whitespace = true\ninsert_final_newline = true\n\n[*.go]\ncharset = utf-8\nend_of_line = lf\nindent_size = 2\nindent_style = tab\n"
},
{
"path": ".gitattributes",
"content": "* text=auto eol=crlf\n*.go text eol=lf\n"
},
{
"path": ".github/FUNDING.yml",
"content": "# These are supported funding model platforms\n\ngithub: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]\npatreon: # Replace with a single Patreon username\nopen_collective: # Replace with a single Open Collective username\nko_fi: # Replace with a single Ko-fi username\ntidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel\ncommunity_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry\nliberapay: # Replace with a single Liberapay username\nissuehunt: # Replace with a single IssueHunt username\nlfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry\npolar: # Replace with a single Polar username\nbuy_me_a_coffee: # Replace with a single Buy Me a Coffee username\nthanks_dev: # Replace with a single thanks.dev username\ncustom: [\"https://profile.ikit.fun/sponsors/\"]\n"
},
{
"path": ".github/ISSUE_TEMPLATE/1-bug_report.yml",
"content": "name: \"🐞 Bug Report\"\ndescription: \"Create a report to help us improve. / 报告缺陷来帮助我们完善。\"\ntitle: \"[Bug] Describe the Bug briefly / 简要描述你发现的缺陷\"\ntype: bug\nlabels:\n - bug\nbody:\n - type: markdown\n attributes:\n value: |\n **Before you submit the issue, please make sure of the following checklist**:\n 1. Yes, I'm using the latest release and can reproduce the issue. Issues that are not in the latest version will be closed directly.\n 2. Yes, I've searched for [existing issues](https://github.com/certimate-go/certimate/issues) (including closed ones) on GitHub and didn't find any similar.\n 3. Yes, I've read the [documentation](https://docs.certimate.me/) and didn't find any similar.\n 4. Please describe the problem in detail according to the template specification, otherwise the issue will be closed directly.\n 5. Please limit one report per issue.\n\n **在提交 Issue 之前,请确认以下事项**:\n 1. 我**确认**已尝试过使用当前最新版本,并能复现问题。由于开发者精力有限,非当前最新版本的问题将被直接关闭,感谢理解。\n 2. 我**确认**已搜索过[已有的 Issues](https://github.com/certimate-go/certimate/issues)(包括已关闭的),没有类似的问题。\n 3. 我**确认**已阅读过[文档](https://docs.certimate.me/),没有类似的问题。\n 4. 请**务必**按照模板规范详细描述问题,否则 Issue 将会被直接关闭。\n 5. 请保持每个 Issue 只包含一个缺陷报告。如果有多个缺陷,请分别提交 Issue。\n\n - type: input\n attributes:\n label: Release Version / 软件版本\n description: Please provide the specific version of Certimate. / 请提供 Certimate 的具体版本(请不要填写 `latest` 之类的无效版本号)。\n placeholder: (e.g. v1.0.0. `latest` is **NOT** a valid version!)\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Description / 缺陷描述\n description: Describe the bug you found in detail and clearly, and upload screenshots if possible. / 请详细清晰地描述你发现的缺陷或故障,如果可能请上传截图。\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Steps to reproduce / 复现步骤\n description: Please walk us through it step by step. / 请提供可复现的完整步骤。\n placeholder: |\n 1. ...\n 2. ...\n 3. ...\n ...\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Logs / 日志\n description: Add logs here if available. / 在此处添加日志信息(如果有的话)。\n value: |-\n \n\n ```console\n # Paste logs here / 请在此粘贴日志\n ```\n\n \n validations:\n required: false\n\n - type: textarea\n attributes:\n label: Miscellaneous / 其他\n description: Add any other context about the issue here. / 在此处添加关于该 Issue 的任何其他信息。\n validations:\n required: false\n\n - type: checkboxes\n attributes:\n label: Contribution / 贡献代码\n options:\n - label: I am interested in contributing a PR for this! / 我乐意为此提交代码并发起 PR!\n required: false\n"
},
{
"path": ".github/ISSUE_TEMPLATE/2-feature_request.yml",
"content": "name: \"💡 Feature Request\"\ndescription: \"Suggest an idea for this project. / 提出新功能请求或改进意见。\"\ntitle: \"[Feature] Describe the feature briefly / 简要描述你希望实现的功能\"\ntype: feature\nlabels:\n - enhancement\nbody:\n - type: markdown\n attributes:\n value: |\n **Before you submit the issue, please make sure of the following checklist**:\n 1. Yes, I'm using the latest release.\n 2. Yes, I've searched for [existing issues](https://github.com/certimate-go/certimate/issues) (including closed ones) on GitHub and didn't find any similar.\n 3. Yes, I've read the [documentation](https://docs.certimate.me/) and didn't find any similar.\n 4. Please describe the problem in detail according to the template specification, otherwise the issue will be closed directly.\n 5. Please limit one request per issue.\n\n **在提交 Issue 之前,请确认以下事项**:\n 1. 我**确认**是基于当前最新大版本而提出的新功能请求或改进意见。\n 2. 我**确认**已搜索过[已有的 Issues](https://github.com/certimate-go/certimate/issues)(包括已关闭的),没有类似的问题。\n 3. 我**确认**已阅读过[文档](https://docs.certimate.me/),没有类似的问题。\n 4. 请**务必**按照模板规范详细描述问题,否则 Issue 将会被直接关闭。\n 5. 请保持每个 Issue 只包含一个功能请求。如果有多个需求,请分别提交 Issue。\n\n - type: textarea\n attributes:\n label: Description / 功能描述\n description: Describe the feature you'd like to add in detail and clearly, and upload screenshots if possible. / 请详细清晰地描述你希望添加的功能,如果可能请上传截图。\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Motivation / 请求动机\n description: Why is this feature helpful to the project? / 为什么这个功能对项目有帮助?\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Miscellaneous / 其他\n description: Add any other context about the problem here. / 在此处添加关于该 Issue 的任何其他信息(新增提供商请求请补充 API 文档链接等资料)。\n validations:\n required: false\n\n - type: checkboxes\n attributes:\n label: Contribution / 贡献代码\n options:\n - label: I am interested in contributing a PR for this! / 我乐意为此提交代码并发起 PR!\n required: false\n"
},
{
"path": ".github/ISSUE_TEMPLATE/3-questions.yml",
"content": "name: \"❓ Questions\"\ndescription: \"Have problem in use and need help? / 遇到了困难需要求助?\"\ntitle: \"Describe the question briefly / 简要描述你遇到的问题\"\ntype: question\nbody:\n - type: markdown\n attributes:\n value: |\n **Before you submit the issue, please make sure of the following checklist**:\n 1. Yes, I'm using the latest release.\n 2. Yes, I've searched for [existing issues](https://github.com/certimate-go/certimate/issues) (including closed ones) on GitHub and didn't find any similar.\n 3. Yes, I've read the [documentation](https://docs.certimate.me/) and didn't find any similar.\n 4. Please describe the problem in detail according to the template specification, otherwise the issue will be closed directly.\n 5. Please limit one question per issue.\n\n **在提交 Issue 之前,请确认以下事项**:\n 1. 我**确认**正在使用的是当前最新版本。\n 2. 我**确认**已搜索过[已有的 Issues](https://github.com/certimate-go/certimate/issues)(包括已关闭的),没有类似的问题。\n 3. 我**确认**已阅读过[文档](https://docs.certimate.me/),没有类似的问题。\n 4. 请**务必**按照模板规范详细描述问题,否则 Issue 将会被直接关闭。\n 5. 请保持每个 Issue 只包含一个问题求助。如果有多个问题,请分别提交 Issue。\n\n - type: input\n attributes:\n label: Release Version / 软件版本\n description: Please provide the specific version of Certimate. / 请提供 Certimate 的具体版本(请不要填写 `latest` 之类的无效版本号)。\n placeholder: (e.g. v1.0.0)\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Description / 问题描述\n description: Describe the problem you encountered in detail and clearly, and upload screenshots if possible. / 请详细清晰地描述你遇到的问题,如果可能请上传截图。\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Miscellaneous / 其他\n description: Add any other context about the problem here. / 在此处添加关于该问题的任何其他信息。\n validations:\n required: false\n"
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"content": "blank_issues_enabled: false\ncontact_links:\n - name: \"🌐 Community / 社群讨论\"\n about: \"Join in our Telegram channel. / 加入到电报频道寻求更多帮助。\"\n url: \"https://t.me/+ZXphsppxUg41YmVl\"\n - name: \"📖 FAQ / 常见问题\"\n about: \"Please take a look to FAQs. / 请先阅读文档 FAQ,可能会有你需要的答案。\"\n url: \"https://docs.certimate.me/docs/reference/faq\"\n"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"content": "\n"
},
{
"path": ".github/workflows/push_image.yml",
"content": "name: Docker Image CI (stable versions)\n\non:\n push:\n tags:\n - \"v[0-9]*\"\n - \"!v*alpha*\"\n - \"!v*beta*\"\n - \"!v*rc*\"\n workflow_dispatch:\n inputs:\n tag:\n description: \"Tag version to be used for Docker image\"\n required: true\n default: \"latest\"\n\njobs:\n prepare-ui:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Set up Node.js\n uses: actions/setup-node@v6\n with:\n node-version: 24\n\n - name: Build UI\n run: |\n npm --prefix=./ui ci\n npm --prefix=./ui run build\n\n - name: Upload UI build artifacts\n uses: actions/upload-artifact@v5\n with:\n name: ui-build\n path: ./ui/dist\n retention-days: 1\n\n build-and-push:\n needs: prepare-ui\n runs-on: ubuntu-latest\n steps:\n - name: Checkout code\n uses: actions/checkout@v6\n\n - name: Free disk space\n uses: BRAINSia/free-disk-space@v2\n with:\n tool-cache: false\n\n - name: Set up QEMU\n uses: docker/setup-qemu-action@v3\n\n - name: Set up Docker Buildx\n uses: docker/setup-buildx-action@v3\n\n - name: Docker meta\n id: meta\n uses: docker/metadata-action@v5\n with:\n images: |\n certimate/certimate\n registry.cn-shanghai.aliyuncs.com/certimate/certimate\n tags: |\n type=ref,event=branch\n type=ref,event=pr\n type=semver,pattern=v{{version}}\n type=semver,pattern=v{{major}}.{{minor}}\n\n - name: Log in to DOCKERHUB\n uses: docker/login-action@v3\n with:\n username: ${{ secrets.DOCKERHUB_USERNAME }}\n password: ${{ secrets.DOCKERHUB_PASSWORD }}\n\n - name: Log in to ALIYUNCS\n uses: docker/login-action@v3\n with:\n registry: registry.cn-shanghai.aliyuncs.com\n username: ${{ secrets.DOCKER_USERNAME }}\n password: ${{ secrets.DOCKER_PASSWORD }}\n\n - name: Download UI build artifacts\n uses: actions/download-artifact@v6\n with:\n name: ui-build\n path: ./ui/dist\n\n - name: Build and push Docker image\n uses: docker/build-push-action@v6\n with:\n context: .\n # file: ./Dockerfile\n file: ./Dockerfile.gh\n platforms: linux/amd64,linux/arm64,linux/arm/v7\n push: true\n tags: ${{ steps.meta.outputs.tags }}\n"
},
{
"path": ".github/workflows/push_image_next.yml",
"content": "name: Docker Image CI (preview versions)\n\non:\n push:\n tags:\n - \"v[0-9]*-alpha*\"\n - \"v[0-9]*-beta*\"\n - \"v[0-9]*-rc*\"\n workflow_dispatch:\n inputs:\n tag:\n description: \"Tag version to be used for Docker image\"\n required: true\n default: \"next\"\n\njobs:\n prepare-ui:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Set up Node.js\n uses: actions/setup-node@v6\n with:\n node-version: 24\n\n - name: Build UI\n run: |\n npm --prefix=./ui ci\n npm --prefix=./ui run build\n\n - name: Upload UI build artifacts\n uses: actions/upload-artifact@v5\n with:\n name: ui-build\n path: ./ui/dist\n retention-days: 1\n\n build-and-push:\n needs: prepare-ui\n runs-on: ubuntu-latest\n steps:\n - name: Checkout code\n uses: actions/checkout@v6\n\n - name: Free disk space\n uses: BRAINSia/free-disk-space@v2\n with:\n tool-cache: false\n\n - name: Set up QEMU\n uses: docker/setup-qemu-action@v3\n\n - name: Set up Docker Buildx\n uses: docker/setup-buildx-action@v3\n\n - name: Docker meta\n id: meta\n uses: docker/metadata-action@v5\n with:\n images: |\n certimate/certimate\n registry.cn-shanghai.aliyuncs.com/certimate/certimate\n tags: |\n type=ref,event=tag,pattern={{version}}\n type=raw,value=next\n flavor: |\n latest=false\n\n - name: Log in to DOCKERHUB\n uses: docker/login-action@v3\n with:\n username: ${{ secrets.DOCKERHUB_USERNAME }}\n password: ${{ secrets.DOCKERHUB_PASSWORD }}\n\n - name: Log in to ALIYUNCS\n uses: docker/login-action@v3\n with:\n registry: registry.cn-shanghai.aliyuncs.com\n username: ${{ secrets.DOCKER_USERNAME }}\n password: ${{ secrets.DOCKER_PASSWORD }}\n\n - name: Download UI build artifacts\n uses: actions/download-artifact@v6\n with:\n name: ui-build\n path: ./ui/dist\n\n - name: Build and push Docker image\n uses: docker/build-push-action@v6\n with:\n context: .\n # file: ./Dockerfile\n file: ./Dockerfile.gh\n platforms: linux/amd64,linux/arm64,linux/arm/v7\n push: true\n tags: ${{ steps.meta.outputs.tags }}\n"
},
{
"path": ".github/workflows/release.yml",
"content": "name: Release\n\non:\n push:\n tags:\n - \"v[0-9]*\"\n\njobs:\n prepare-ui:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Set up Node.js\n uses: actions/setup-node@v6\n with:\n node-version: 24\n\n - name: Build UI\n run: |\n npm --prefix=./ui ci\n npm --prefix=./ui run build\n\n - name: Upload UI build artifacts\n uses: actions/upload-artifact@v5\n with:\n name: ui-build\n path: ./ui/dist\n retention-days: 1\n\n build-linux:\n needs: prepare-ui\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Set up Go\n uses: actions/setup-go@v6\n with:\n go-version-file: \"go.mod\"\n\n - name: Download UI build artifacts\n uses: actions/download-artifact@v6\n with:\n name: ui-build\n path: ./ui/dist\n\n - name: Build Linux binaries\n env:\n CGO_ENABLED: 0\n GOOS: linux\n run: |\n mkdir -p dist/linux\n for ARCH in amd64 arm64 armv7; do\n if [ \"$ARCH\" == \"armv7\" ]; then\n go env -w GOARCH=arm\n go env -w GOARM=7\n else\n go env -w GOARCH=$ARCH\n go env -u GOARM\n fi\n go build -trimpath -ldflags=\"-s -w\" -o dist/linux/certimate_${GITHUB_REF#refs/tags/}_linux_$ARCH\n done\n\n - name: Upload Linux binaries\n uses: actions/upload-artifact@v5\n with:\n name: linux-binaries\n path: dist/linux/\n retention-days: 1\n\n build-macos:\n needs: prepare-ui\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Set up Go\n uses: actions/setup-go@v6\n with:\n go-version-file: \"go.mod\"\n\n - name: Download UI build artifacts\n uses: actions/download-artifact@v6\n with:\n name: ui-build\n path: ./ui/dist\n\n - name: Build macOS binaries\n env:\n CGO_ENABLED: 0\n GOOS: darwin\n run: |\n mkdir -p dist/darwin\n for ARCH in amd64 arm64; do\n go env -w GOARCH=$ARCH\n go build -trimpath -ldflags=\"-s -w\" -o dist/darwin/certimate_${GITHUB_REF#refs/tags/}_darwin_$ARCH\n done\n\n - name: Upload macOS binaries\n uses: actions/upload-artifact@v5\n with:\n name: macos-binaries\n path: dist/darwin/\n retention-days: 1\n\n build-windows:\n needs: prepare-ui\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Set up Go\n uses: actions/setup-go@v6\n with:\n go-version-file: \"go.mod\"\n\n - name: Download UI build artifacts\n uses: actions/download-artifact@v6\n with:\n name: ui-build\n path: ./ui/dist\n\n - name: Build Windows binaries\n env:\n CGO_ENABLED: 0\n GOOS: windows\n run: |\n mkdir -p dist/windows\n for ARCH in amd64 arm64 386; do\n go env -w GOARCH=$ARCH\n go build -trimpath -ldflags=\"-s -w\" -o dist/windows/certimate_${GITHUB_REF#refs/tags/}_windows_$ARCH.exe\n done\n\n - name: Upload Windows binaries\n uses: actions/upload-artifact@v5\n with:\n name: windows-binaries\n path: dist/windows/\n retention-days: 1\n\n create-release:\n needs: [build-linux, build-macos, build-windows]\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Download all binaries\n uses: actions/download-artifact@v6\n with:\n path: ./artifacts\n\n - name: Prepare release assets\n run: |\n mkdir -p dist\n cp -r artifacts/linux-binaries/* dist/\n cp -r artifacts/macos-binaries/* dist/\n cp -r artifacts/windows-binaries/* dist/\n\n find dist -type f -not -name \"*.exe\" -exec chmod +x {} \\;\n\n cd dist\n for bin in certimate_*; do\n if [[ \"$bin\" == *\".exe\" ]]; then\n entrypoint=\"certimate.exe\"\n else\n entrypoint=\"certimate\"\n fi\n\n tmpdir=$(mktemp -d)\n cp \"$bin\" \"${tmpdir}/${entrypoint}\"\n cp ../LICENSE \"$tmpdir/LICENSE\"\n cp ../README.md \"$tmpdir/README.md\"\n cp ../CHANGELOG.md \"$tmpdir/CHANGELOG.md\"\n\n if [[ \"$bin\" == *\".exe\" ]]; then\n zip -j \"${bin%.exe}.zip\" \"$tmpdir\"/*\n else\n zip -j -X \"${bin}.zip\" \"$tmpdir\"/*\n fi\n\n rm -rf \"$tmpdir\"\n done\n\n sha256sum *.zip > checksums.txt\n\n - name: Create Release\n uses: softprops/action-gh-release@v2\n with:\n files: |\n dist/*.zip\n dist/checksums.txt\n draft: true\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n"
},
{
"path": ".github/workflows/release_sync_gitee.py",
"content": "#!/usr/bin/env python3\nimport logging\nimport json\nimport mimetypes\nimport tempfile\nimport os\nimport random\nimport re\nimport shutil\nimport time\nfrom urllib import request\nfrom urllib.error import HTTPError\n\nGITHUB_REPO = \"certimate-go/certimate\"\nGITEE_REPO = \"certimate-go/certimate\"\nGITEE_TOKEN = os.getenv(\"GITEE_TOKEN\", \"\")\n\nSYNC_MARKER = \"SYNCING FROM GITHUB, PLEASE WAIT ...\"\nTEMP_DIR = tempfile.mkdtemp()\n\nlogging.basicConfig(level=logging.INFO)\n\n\ndef do_httpreq(url, method=\"GET\", headers=None, data=None):\n req = request.Request(url, data=data, method=method)\n headers = headers or {}\n for key, value in headers.items():\n req.add_header(key, value)\n\n try:\n with request.urlopen(req) as resp:\n resp_data = resp.read().decode(\"utf-8\")\n if resp_data:\n try:\n return json.loads(resp_data)\n except json.JSONDecodeError:\n pass\n return None\n except HTTPError as e:\n errmsg = \"\"\n if e.readable():\n try:\n errmsg = e.read().decode('utf-8')\n errmsg = errmsg.replace(\"\\r\", \"\\\\r\").replace(\"\\n\", \"\\\\n\")\n except:\n pass\n logging.error(f\"Error occurred when sending request: status={e.status}, response={errmsg}\")\n raise e\n except Exception as e:\n raise e\n\n\ndef get_github_stable_release():\n page = 1\n while True:\n releases = do_httpreq(\n url=f\"https://api.github.com/repos/{GITHUB_REPO}/releases?page={page}&per_page=100\",\n headers={\"Accept\": \"application/vnd.github+json\"},\n )\n if not releases or len(releases) == 0:\n break\n\n for release in releases:\n release_name = release.get(\"name\", \"\")\n if re.match(r\"^v[0-9]\", release_name):\n if any(\n x in release_name\n for x in [\"alpha\", \"beta\", \"rc\", \"preview\", \"test\", \"unstable\"]\n ):\n continue\n return release\n\n page += 1\n\n return None\n\n\ndef get_gitee_release_list():\n page = 1\n list = []\n while True:\n releases = do_httpreq(\n url=f\"https://gitee.com/api/v5/repos/{GITEE_REPO}/releases?access_token={GITEE_TOKEN}&page={page}&per_page=100\",\n )\n if not releases or len(releases) == 0:\n break\n\n list.extend(releases)\n page += 1\n\n return list\n\n\ndef get_gitee_release_by_tag(tag_name):\n releases = get_gitee_release_list()\n for release in releases:\n if release.get(\"tag_name\") == tag_name:\n return release\n\n return None\n\n\ndef delete_gitee_release(release_info):\n if not release_info:\n raise ValueError(\"Release info is invalid\")\n\n release_id = release_info.get(\"id\", \"\")\n release_name = release_info.get(\"tag_name\", \"\")\n if not release_id:\n raise ValueError(\"Release ID is missing\")\n\n attachpage = 1\n attachfiles = []\n while True:\n releases = do_httpreq(\n url=f\"https://gitee.com/api/v5/repos/{GITEE_REPO}/releases/{release_id}/attach_files?access_token={GITEE_TOKEN}&page={attachpage}&per_page=100\",\n )\n if not releases or len(releases) == 0:\n break\n\n attachfiles.extend(releases)\n attachpage += 1\n\n for attachfile in attachfiles:\n attachfile_id = attachfile.get(\"id\")\n attachfile_name = attachfile.get(\"name\")\n logging.info(\"Trying to delete Gitee attach file: %s/%s\", release_name, attachfile_name)\n do_httpreq(\n url=f\"https://gitee.com/api/v5/repos/{GITEE_REPO}/releases/{release_id}/attach_files/{attachfile_id}?access_token={GITEE_TOKEN}\",\n method=\"DELETE\",\n )\n\n logging.info(\"Trying to delete Gitee release: %s\", release_name)\n do_httpreq(\n url=f\"https://gitee.com/api/v5/repos/{GITEE_REPO}/releases/{release_id}?access_token={GITEE_TOKEN}\",\n method=\"DELETE\",\n )\n\n\ndef create_gitee_release(name, tag, body, prerelease, gh_assets):\n release_info = do_httpreq(\n f\"https://gitee.com/api/v5/repos/{GITEE_REPO}/releases?access_token={GITEE_TOKEN}\",\n method=\"POST\",\n headers={\"Content-Type\": \"application/json\"},\n data=json.dumps({\n \"tag_name\": tag,\n \"name\": name,\n \"body\": SYNC_MARKER,\n \"prerelease\": prerelease,\n \"target_commitish\": \"\",\n }).encode(\"utf-8\"),\n )\n\n if not release_info or \"id\" not in release_info:\n return None\n logging.info(\"Gitee release created\")\n\n release_id = release_info[\"id\"]\n\n assets_dir = os.path.join(TEMP_DIR, \"assets\")\n os.makedirs(assets_dir, exist_ok=True)\n\n gh_assets = gh_assets or []\n for asset in gh_assets:\n logging.info(\"Tring to download asset from GitHub: %s\", asset[\"name\"])\n\n opener = request.build_opener()\n request.install_opener(opener)\n download_ts = time.time()\n download_url = asset.get(\"browser_download_url\")\n download_path = os.path.join(assets_dir, asset[\"name\"])\n def _hook(blocknum, blocksize, totalsize):\n nonlocal download_ts\n TIMESPAN = 5 # print progress every 5sec\n ts = time.time()\n pct = min(round(100 * blocknum * blocksize / totalsize, 2), 100)\n if (ts - download_ts < TIMESPAN) and (pct < 100):\n return\n download_ts = ts\n logging.info(f\"Downloading {download_url} >>> {pct}%\")\n\n request.urlretrieve(download_url, download_path, _hook)\n\n for asset in gh_assets:\n logging.info(\"Tring to upload asset to Gitee: %s\", asset[\"name\"])\n\n boundary = '----boundary' + ''.join(random.choice('0123456789abcdef') for _ in range(16))\n print(f\"Using boundary: {boundary}\")\n with open(os.path.join(assets_dir, asset[\"name\"]), 'rb') as f:\n attachfile_mime = mimetypes.guess_type(asset[\"name\"])[0] or 'application/octet-stream'\n attachfile_req = []\n attachfile_req.append(f\"--{boundary}\")\n attachfile_req.append(f'Content-Disposition: form-data; name=\"file\"; filename=\"{asset[\"name\"]}\"')\n attachfile_req.append(f\"Content-Type: {attachfile_mime}\")\n attachfile_req.append(\"\")\n attachfile_req.append(f.read().decode('latin-1'))\n attachfile_req.append(f\"--{boundary}--\")\n attachfile_req.append(\"\")\n attachfile_req = \"\\r\\n\".join(attachfile_req).encode('latin-1')\n\n do_httpreq(\n f\"https://gitee.com/api/v5/repos/{GITEE_REPO}/releases/{release_id}/attach_files?access_token={GITEE_TOKEN}\",\n method=\"POST\",\n headers={'Content-Type': f'multipart/form-data; boundary={boundary}'},\n data=attachfile_req,\n )\n logging.info(\"Asset uploaded: %s\", asset[\"name\"])\n\n release_info = do_httpreq(\n f\"https://gitee.com/api/v5/repos/{GITEE_REPO}/releases/{release_id}?access_token={GITEE_TOKEN}\",\n method=\"PATCH\",\n headers={\"Content-Type\": \"application/json\"},\n data=json.dumps({\n \"tag_name\": tag,\n \"name\": name,\n \"body\": f\"**此发行版同步自 GitHub,完整变更日志请访问 https://github.com/{GITHUB_REPO}/releases/{tag} 查看。**\\n\\n**因 Gitee 存储空间容量有限,仅能保留最新一个发行版,如需其余版本请访问 GitHub 获取。**\\n\\n---\\n\\n\" + body,\n \"prerelease\": prerelease,\n }).encode(\"utf-8\"),\n )\n logging.info(\"Gitee release updated\")\n return release_info\n\n\ndef main():\n try:\n # 获取 GitHub 最新稳定发行版\n github_release = get_github_stable_release()\n if not github_release:\n logging.warning(\"GitHub stable release not found. Foget to release?\")\n return\n else:\n logging.info(\"GitHub stable release found: %s\", github_release.get('name'))\n\n # 提取稳定版的信息\n release_name = github_release.get(\"name\")\n release_tag = github_release.get(\"tag_name\")\n release_body = github_release.get(\"body\")\n release_prerelease = github_release.get(\"prerelease\", False)\n release_assets = github_release.get(\"assets\", [])\n\n # 检查 Gitee 是否已有同名发行版\n gitee_release = get_gitee_release_by_tag(release_tag)\n if gitee_release and gitee_release.get(\"body\") == SYNC_MARKER:\n logging.warning(\"Gitee syncing release found, cleaning up...\")\n delete_gitee_release(gitee_release)\n elif gitee_release:\n logging.info(\"Gitee release already exists, exit.\")\n return\n\n # 同步发行版\n gitee_release = create_gitee_release(release_name, release_tag, release_body, release_prerelease, release_assets)\n if not gitee_release:\n logging.warning(\"Failed to create Gitee release.\")\n return\n\n # 清除历史发行版\n gitee_release_list = get_gitee_release_list()\n for release in gitee_release_list:\n if release.get(\"tag_name\") == release_tag:\n continue\n else:\n delete_gitee_release(release)\n\n logging.info(\"Sync release completed.\")\n\n except Exception as e:\n logging.fatal(str(e))\n exit(1)\n\n finally:\n if os.path.exists(TEMP_DIR):\n shutil.rmtree(TEMP_DIR)\n\n\nif __name__ == \"__main__\":\n main()\n"
},
{
"path": ".github/workflows/release_sync_gitee.yml",
"content": "name: Release Sync to Gitee\n\non:\n # release:\n # types: [published, unpublished, deleted]\n workflow_dispatch:\n\njobs:\n sync-to-gitee:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Set up Python3\n uses: actions/setup-python@v6\n with:\n python-version: \"3.13\"\n\n - name: Run script\n env:\n GITEE_TOKEN: ${{ secrets.GITEE_TOKEN }}\n run: |\n cd .github/workflows\n python ./release_sync_gitee.py\n"
},
{
"path": ".gitignore",
"content": ".vscode/*\n!.vscode/extensions.json\n!.vscode/settings.json\n!.vscode/settings.tailwind.json\n.idea\n.DS_Store\n*.suo\n*.ntvs*\n*.njsproj\n*.sln\n*.sw?\n__debug_bin*\n\nvendor\npb_data\nbuild\nmain\n/dist\n/docker/data\n/certimate\n"
},
{
"path": ".goreleaser.yml",
"content": "project_name: certimate\n\ndist: .builds\n\nbefore:\n hooks:\n - go mod tidy\n\nbuilds:\n - id: build_noncgo\n main: ./\n binary: certimate\n env:\n - CGO_ENABLED=0\n flags:\n - -trimpath\n ldflags:\n - -s -w -X github.com/certimate-go/certimate.Version={{ .Version }}\n goos:\n - linux\n - windows\n - darwin\n goarch:\n - amd64\n - arm64\n - arm\n goarm:\n - 7\n ignore:\n - goos: windows\n goarch: arm\n - goos: darwin\n goarch: arm\n\n# upx:\n# - enabled: true\n\nrelease:\n draft: true\n\narchives:\n - id: archive_noncgo\n builds: [build_noncgo]\n format: \"zip\"\n files:\n - LICENSE\n - README.md\n - CHANGELOG.md\n\nchecksum:\n name_template: \"checksums.txt\"\n\nsnapshot:\n name_template: \"{{ incpatch .Version }}-next\"\n\nchangelog:\n sort: asc\n filters:\n exclude:\n - \"^ui:\"\n"
},
{
"path": ".vscode/extensions.json",
"content": "{\n \"recommendations\": [\n \"bradlc.vscode-tailwindcss\",\n \"dbaeumer.vscode-eslint\",\n \"esbenp.prettier-vscode\",\n ]\n}"
},
{
"path": ".vscode/settings.json",
"content": "{\n \"css.customData\": [\n \".vscode/settings.tailwind.json\"\n ],\n \"editor.codeActionsOnSave\": {\n \"source.fixAll.eslint\": \"explicit\"\n },\n \"editor.defaultFormatter\": \"dbaeumer.vscode-eslint\",\n \"editor.formatOnSave\": true,\n \"go.useLanguageServer\": true,\n \"gopls\": {\n \"formatting.gofumpt\": true,\n },\n \"typescript.tsdk\": \"ui/node_modules/typescript/lib\",\n \"[go]\": {\n \"editor.defaultFormatter\": \"golang.go\"\n },\n \"[typescript]\": {\n \"editor.defaultFormatter\": \"esbenp.prettier-vscode\"\n }\n}"
},
{
"path": ".vscode/settings.tailwind.json",
"content": "{\n \"version\": 1.1,\n \"atDirectives\": [\n {\n \"name\": \"@apply\",\n \"description\": \"Use the `@apply` directive to inline any existing utility classes into your own custom CSS.\",\n \"references\": [\n {\n \"name\": \"Tailwind Documentation\",\n \"url\": \"https://tailwindcss.com/docs/functions-and-directives#variant-directive\"\n }\n ]\n },\n {\n \"name\": \"@source\",\n \"description\": \"Use the `@source` directive to explicitly specify source files that aren't picked up by Tailwind's automatic content detection.\",\n \"references\": [\n {\n \"name\": \"Tailwind Documentation\",\n \"url\": \"https://tailwindcss.com/docs/functions-and-directives#source-directive\"\n }\n ]\n },\n {\n \"name\": \"@theme\",\n \"description\": \"Use the `@theme` directive to define your project's custom design tokens, like fonts, colors, and breakpoints.\",\n \"references\": [\n {\n \"name\": \"Tailwind Documentation\",\n \"url\": \"https://tailwindcss.com/docs/functions-and-directives#theme-directive\"\n }\n ]\n },\n {\n \"name\": \"@utility\",\n \"description\": \"Use the `@utility` directive to add custom utilities to your project that work with variants like `hover`, `focus` and `lg`.\",\n \"references\": [\n {\n \"name\": \"Tailwind Documentation\",\n \"url\": \"https://tailwindcss.com/docs/functions-and-directives#utility-directive\"\n }\n ]\n },\n {\n \"name\": \"@variant\",\n \"description\": \"Use the `@variant` directive to apply a Tailwind variant to styles in your CSS\",\n \"references\": [\n {\n \"name\": \"Tailwind Documentation\",\n \"url\": \"https://tailwindcss.com/docs/functions-and-directives#variant-directive\"\n }\n ]\n }\n ]\n}\n"
},
{
"path": "CHANGELOG.md",
"content": "A full changelog of past releases is available on [GitHub Releases](https://github.com/certimate-go/certimate/releases) page.\n"
},
{
"path": "CONTRIBUTING.md",
"content": "# Contribution Guide\n\n\n\nEnglish | [简体中文](CONTRIBUTING_zh.md)\n\n
\n\nThank you for taking the time to improve Certimate! Below is a guide for submitting a PR (Pull Request) to the Certimate repository.\n\nWe need to be nimble and ship fast given where we are, but we also want to make sure that contributors like you get as smooth an experience at contributing as possible. We've assembled this contribution guide for that purpose, aiming at getting you familiarized with the codebase & how we work with contributors, so you could quickly jump to the fun part.\n\nIndex:\n\n- [Development](#development)\n - [Prerequisites](#prerequisites)\n - [Backend Code](#backend-code)\n - [Frontend Code](#frontend-code)\n- [Submitting PR](#submitting-pr)\n - [Pull Request Process](#pull-request-process)\n- [Getting Help](#getting-help)\n\n---\n\n## Development\n\n### Prerequisites\n\n- Go 1.25+ (for backend code changes)\n- Node.js 22.12+ (for frontend code changes)\n\n### Backend Code\n\nThe backend code of Certimate is developed using Golang. It is a monolithic application based on [Pocketbase](https://github.com/pocketbase/pocketbase).\n\nOnce you have made changes to the backend code in Certimate, follow these steps to run the project:\n\n1. Navigate to the root directory.\n2. Install dependencies:\n ```bash\n go mod vendor\n ```\n3. Start the local development server:\n ```bash\n go run main.go serve\n ```\n\nThis will start a web server at `http://localhost:8090` using the prebuilt WebUI located in `/ui/dist`.\n\n> If you encounter an error `ui/embed.go: pattern all:dist: no matching files found`, please refer to _[Frontend Code](#frontend-code)_ and build WebUI first.\n\n**Before submitting a PR to the main repository, you should:**\n\n- Format your source code by using [gofumpt](https://github.com/mvdan/gofumpt). Recommended using VSCode and installing the gofumpt plugin to automatically format when saving.\n- Adding unit or integration tests for your changes (with go standard library `testing` package).\n\n### Frontend Code\n\nThe frontend code of Certimate is developed using TypeScript. It is a SPA based on [React](https://github.com/facebook/react) and [Vite](https://github.com/vitejs/vite).\n\nOnce you have made changes to the backend code in Certimate, follow these steps to run the project:\n\n1. Navigate to the `/ui` directory.\n2. Install dependencies:\n ```bash\n npm install\n ```\n3. Start the local development server:\n ```bash\n npm run dev\n ```\n\nThis will start a web server at `http://localhost:5173`. You can now access the WebUI in your browser.\n\nAfter completing your changes, build the WebUI so it can be embedded into the Go package:\n\n```bash\nnpm run build\n```\n\n**Before submitting a PR to the main repository, you should:**\n\n- Format your source code by using [ESLint](https://github.com/eslint/eslint). Recommended using VSCode and installing the ESLint plugin to automatically format when saving.\n\n## Submitting PR\n\nBefore opening a Pull Request, please open an issue to discuss the change and get feedback from the maintainers. This will helps us:\n\n- To understand the context of the change.\n- To ensure it fits into Certimate's roadmap.\n- To prevent us from duplicating work.\n- To prevent you from spending time on a change that we may not be able to accept.\n\n### Pull Request Process\n\n1. Fork the repository, and then checkout `main` branch.\n2. Before you draft a PR, please open an issue to discuss the changes you want to make.\n3. Create a new branch for your changes.\n4. Please add tests for your changes accordingly.\n5. Ensure your code passes the existing tests.\n6. Please link the issue in the PR description.\n7. Get merged!\n\n> [!IMPORTANT]\n>\n> It is recommended to create a new branch from `main` for each bug fix or feature. If you plan to submit multiple PRs, ensure the changes are in separate branches for easier review and eventual merge.\n>\n> Keep each PR focused on a single feature or fix.\n\n## Getting Help\n\nIf you ever get stuck or get a burning question while contributing, simply shoot your queries our way via the GitHub issues.\n"
},
{
"path": "CONTRIBUTING_zh.md",
"content": "# 贡献指南\n\n\n\n[English](CONTRIBUTING.md) | 简体中文\n\n
\n\n非常感谢你抽出时间来帮助改进 Certimate!以下是向 Certimate 提交 Pull Request 时的操作指南。\n\n我们需要保持敏捷和快速迭代,同时也希望确保贡献者能获得尽可能流畅的参与体验。这份贡献指南旨在帮助你熟悉代码库和我们的工作方式,让你可以尽快进入有趣的开发环节。\n\n索引:\n\n- [开发](#开发)\n - [要求](#要求)\n - [后端代码](#后端代码)\n - [前端代码](#前端代码)\n- [提交 PR](#提交-pr)\n - [提交流程](#提交流程)\n- [获取帮助](#获取帮助)\n\n---\n\n## 开发\n\n### 要求\n\n- Go 1.25+(用于修改后端代码)\n- Node.js 22.12+(用于修改前端代码)\n\n### 后端代码\n\nCertimate 的后端代码是使用 Golang 开发的,是一个基于 [Pocketbase](https://github.com/pocketbase/pocketbase) 构建的单体应用。\n\n假设你已经对 Certimate 的后端代码做出了一些修改,现在你想要运行它,请遵循以下步骤:\n\n1. 进入根目录;\n2. 安装依赖:\n ```bash\n go mod vendor\n ```\n3. 启动本地开发服务:\n ```bash\n go run main.go serve\n ```\n\n这将启动一个 Web 服务器,默认运行在 `http://localhost:8090`,并使用来自 `/ui/dist` 的预构建管理页面。\n\n> 如果你遇到报错 `ui/embed.go: pattern all:dist: no matching files found`,请参考“[前端代码](#前端代码)”这一小节构建 WebUI。\n\n**在向主仓库提交 PR 之前,你应该:**\n\n- 使用 [gofumpt](https://github.com/mvdan/gofumpt) 格式化你的代码。推荐使用 VSCode,并安装 gofumpt 插件,以便在保存时自动格式化。\n- 为你的改动添加单元测试或集成测试(使用 Go 标准库中的 `testing` 包)。\n\n### 前端代码\n\nCertimate 的前端代码是使用 TypeScript 开发的,是一个基于 [React](https://github.com/facebook/react) 和 [Vite](https://github.com/vitejs/vite) 构建的单页应用。\n\n假设你已经对 Certimate 的前端代码做出了一些修改,现在你想要运行它,请遵循以下步骤:\n\n1. 进入 `/ui` 目录;\n2. 安装依赖:\n ```bash\n npm install\n ```\n3. 启动 Vite 开发服务器:\n ```bash\n npm run dev\n ```\n\n这将启动一个 Web 服务器,默认运行在 `http://localhost:5173`,你可以通过浏览器访问来查看运行中的 WebUI。\n\n完成修改后,运行以下命令来构建 WebUI,以便它能被嵌入到 Go 包中:\n\n```bash\nnpm run build\n```\n\n**在向主仓库提交 PR 之前,你应该:**\n\n- 使用 [ESLint](https://github.com/eslint/eslint) 格式化你的代码。推荐使用 VSCode,并安装 ESLint 插件,以便在保存时自动格式化。\n\n## 提交 PR\n\n在提交 PR 之前,请先创建一个 Issue 来讨论你的修改方案,并等待来自项目维护者的反馈。这样做有助于:\n\n- 让我们充分理解你的修改内容;\n- 评估修改是否符合项目路线图;\n- 避免重复工作;\n- 防止你投入时间到可能无法被合并的修改中。\n\n### 提交流程\n\n1. Fork 本仓库并签出到 `main` 分支;\n2. 在提交 PR 之前,请先发起 Issue 讨论你想要做的修改;\n3. 为你的修改创建一个新的分支;\n4. 请为你的修改添加相应的测试;\n5. 确保你的代码能通过现有的测试;\n6. 请在 PR 描述中关联相关 Issue;\n7. 等待合并!\n\n> [!IMPORTANT]\n>\n> 建议为每个新功能或 Bug 修复创建一个从 `main` 分支派生的新分支。如果你计划提交多个 PR,请保持不同的改动在独立分支中,以便更容易进行代码审查并最终合并。\n>\n> 保持一个 PR 只实现一个功能或修复。\n\n## 获取帮助\n\n如果你在贡献过程中遇到困难或问题,可以通过 GitHub Issues 向我们提问。\n"
},
{
"path": "Dockerfile",
"content": "FROM node:24-alpine AS webui-builder\nWORKDIR /app\nCOPY . /app/\nRUN \\\n cd /app/ui && \\\n npm install && \\\n npm run build\n\n\n\nFROM golang:1.25-alpine AS server-builder\nWORKDIR /app\nCOPY ../. /app/\nRUN rm -rf /app/ui/dist\nCOPY --from=webui-builder /app/ui/dist /app/ui/dist\nENV CGO_ENABLED=0\nRUN go build -trimpath -ldflags=\"-s -w\" -o certimate\n\n\n\nFROM alpine:latest\nWORKDIR /app\nCOPY --from=server-builder /app/certimate .\nENTRYPOINT [\"./certimate\", \"serve\", \"--http\", \"0.0.0.0:8090\"]\n"
},
{
"path": "Dockerfile.gh",
"content": "# Build docker image on GitHub Actions runner is too slow,\n# and it doesn't support armv7 (see https://github.com/parcel-bundler/lightningcss/issues/988).\n# So we pre-build webui, and just use simple Dockerfile here.\n\nFROM golang:1.25-alpine AS server-builder\nWORKDIR /app\nCOPY ../. /app/\nENV CGO_ENABLED=0\nRUN go build -trimpath -ldflags=\"-s -w\" -o certimate\n\n\n\nFROM alpine:latest\nWORKDIR /app\nCOPY --from=server-builder /app/certimate .\nENTRYPOINT [\"./certimate\", \"serve\", \"--http\", \"0.0.0.0:8090\"]\n"
},
{
"path": "LICENSE",
"content": "MIT License\n\nCopyright (c) 2025 certimate-go\nCopyright (c) 2024 Yoan.Liu\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
},
{
"path": "Makefile",
"content": "# 定义变量\nBINARY_NAME=certimate\nBUILD_DIR=build\n\n# 支持的操作系统和架构列表\nOS_ARCH=\\\n linux/amd64 \\\n linux/arm64 \\\n darwin/amd64 \\\n darwin/arm64 \\\n windows/amd64 \\\n windows/arm64\n\n# 默认目标\nall: build\n\n# 构建所有平台的二进制文件\nbuild: $(OS_ARCH)\n$(OS_ARCH):\n\t@mkdir -p $(BUILD_DIR)\n\tGOOS=$(word 1,$(subst /, ,$@)) \\\n\tGOARCH=$(word 2,$(subst /, ,$@)) \\\n\tCGO_ENABLED=0 \\\n\tgo build -trimpath -ldflags=\"-s -w\" -o $(BUILD_DIR)/$(BINARY_NAME)_$(word 1,$(subst /, ,$@))_$(word 2,$(subst /, ,$@)) .\n\n# 清理构建文件\nclean:\n\trm -rf $(BUILD_DIR)\n\n# 帮助信息\nhelp:\n\t@echo \"Usage:\"\n\t@echo \" make - 编译所有平台的二进制文件\"\n\t@echo \" make clean - 清理构建文件\"\n\t@echo \" make help - 显示此帮助信息\"\n\n.PHONY: all build clean help\n\nlocal.run:\n\tgo mod vendor&& npm --prefix=./ui install && npm --prefix=./ui run build && go run main.go serve --http 127.0.0.1:8090\n"
},
{
"path": "README.md",
"content": "🔒 Certimate \n\n\n\n[](https://github.com/certimate-go/certimate)\n[](https://github.com/certimate-go/certimate)\n[](https://hub.docker.com/r/certimate/certimate)\n[](https://github.com/certimate-go/certimate/releases)\n[](https://mit-license.org/)\n[](https://deepwiki.com/certimate-go/certimate)\n\n
\n\n\n\nEnglish | [简体中文](README_zh.md)\n\n
\n\n---\n\n## 🚩 Introduction\n\nAn open-source and free self-hosted SSL certificates ACME tool, automates the full-cycle of issuance, deployment, renewal, and monitoring visually.\n\n- **Self-Hosted**: Private deployment. All data is stored locally, giving you full control to ensure data privacy and security.\n- **Zero Dependencies**: No need to install databases, runtimes, or any complex frameworks. Truly ready to use out of the box with a single click.\n- **Low Resource Usage**: Extremely lightweight, requiring only ~16 MB of memory. It's so efficient that it can even run on devices like home routers.\n- **Easy to Use**: The user-friendly GUI lets you automate certificate management for multiple platforms with a visual workflow — all with just a few simple configurations.\n\n## 💡 Features\n\n- Flexible workflow orchestration, fully automation from certificate application to deployment.\n- Supports requesting single/multiple/wildcard domain certificates, IP address certificates, with options for RSA or ECC key.\n- Supports DNS-01 challenge and HTTP-01 challenge both.\n- Supports various certificate formats such as PEM, PFX, JKS.\n- Supports more than 60+ domain registrars (e.g., AWS, Cloudflare, GoDaddy, Alibaba Cloud, Tencent Cloud, etc. [Check out full providers](https://docs.certimate.me/en-US/docs/reference/providers#supported-dns-providers)).\n- Supports more than 110+ deployment targets (e.g., Kubernetes, CDN, WAF, load balancers, etc. [Check out full providers](https://docs.certimate.me/en-US/docs/reference/providers#supported-hosting-providers)).\n- Supports multiple notification channels including email, Discord, Slack, Telegram, DingTalk, Feishu, WeCom, and more.\n- Supports multiple ACME CAs including Let's Encrypt, Actalis, Google Trust Services, SSL.com, ZeroSSL, and more.\n- More features waiting to be discovered.\n\n## 🚀 Quick Start\n\n**Run Certimate in 1 minute!**\n\n\n👉 Binary Installation: \n\nDownload the archived package of precompiled executable files directly from [GitHub Releases](https://github.com/certimate-go/certimate/releases), extract and then execute:\n\n```bash\n./certimate serve\n```\n\n \n\n\n👉 Docker Installation: \n\n```bash\ndocker run -d \\\n --name certimate \\\n --restart unless-stopped \\\n -p 8090:8090 \\\n -v /etc/localtime:/etc/localtime:ro \\\n -v /etc/timezone:/etc/timezone:ro \\\n -v $(pwd)/data:/app/pb_data \\\n certimate/certimate:latest\n```\n\n \n\nVisit `http://127.0.0.1:8090` in your browser.\n\nDefault administrator account:\n\n- Username: `admin@certimate.fun`\n- Password: `1234567890`\n\nWork with Certimate right now. Or read other content in the documentation to learn more.\n\n## 📄 Documentation\n\nFor full documentation, please visit [docs.certimate.me](https://docs.certimate.me/).\n\nRelated articles:\n\n> - [_Migrate to v0.4_](https://docs.certimate.me/en-US/docs/migrations/migrate-to-v0.4)\n> - [_使用 CNAME 完成 ACME DNS-01 质询_](https://docs.certimate.me/en-US/blog/cname)\n> - [_Why Certimate?_](https://docs.certimate.me/en-US/blog/why-certimate)\n\n## 🖥️ Screenshot\n\n[](https://www.youtube.com/watch?v=am_yzdfyNOE)\n\n## 🤝 Contributing\n\nCertimate is a free and open-source project, and your feedback and contributions are needed and always welcome. Contributions include but are not limited to: submitting code, reporting bugs, sharing ideas, or showcasing your use cases based on Certimate. We also encourage users to share Certimate on personal blogs or social media.\n\nFor those who'd like to contribute code, see our [Contribution Guide](./CONTRIBUTING_EN.md).\n\n[Issues](https://github.com/certimate-go/certimate/issues) and [Pull Requests](https://github.com/certimate-go/certimate/pulls) are opened at https://github.com/certimate-go/certimate.\n\n#### Contributors\n\n[](https://github.com/certimate-go/certimate/graphs/contributors)\n\n## ⛔ Disclaimer\n\nThis repository is available under the [MIT License](https://opensource.org/licenses/MIT), and distributed “as-is” without any warranty of any kind. The authors and contributors are not responsible for any damages or losses resulting from the use or inability to use this software, including but not limited to data loss, business interruption, or any other potential harm.\n\n**No Warranties**: This software comes without any express or implied warranties, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.\n\n**User Responsibilities**: By using this software, you agree to take full responsibility for any outcomes resulting from its use.\n\n## 🌐 Join the Community\n\n- [Telegram](https://t.me/+ZXphsppxUg41YmVl)\n- Wechat Group (contact to the author [@usual2970](https://github.com/usual2970) to getting invitation)\n\n 🔒 Certimate \n\n\n\n[](https://github.com/certimate-go/certimate)\n[](https://github.com/certimate-go/certimate)\n[](https://hub.docker.com/r/certimate/certimate)\n[](https://github.com/certimate-go/certimate/releases)\n[](https://mit-license.org/)\n[](https://deepwiki.com/certimate-go/certimate)\n\n
\n\n\n\n[English](README.md) | 简体中文\n\n
\n\n---\n\n## 🚩 项目简介\n\n完全开源免费的自托管 SSL 证书 ACME 工具,申请、部署、续期、监控全流程自动化可视化,支持各大主流云厂商。\n\n- **自托管**:私有化部署,所有数据本地化存储,掌控数据的隐私与安全。\n- **零依赖**:无需安装数据库、运行时或复杂框架,一键启动,开箱即用。\n- **低占用**:超轻量的资源开销,仅需 ~16 MB 内存,甚至可以运行在家用路由器。\n- **易操作**:图形化界面,通过简单配置即可完成证书申请、部署和续期的自动化工作。\n\n## 💡 功能特性\n\n- 灵活的工作流编排方式,证书从申请到部署完全自动化。\n- 支持申请单/多/泛域名证书、IP 地址证书,可选 RSA、ECC 私钥算法。\n- 支持 DNS-01(即基于域名解析验证)、HTTP-01(即基于文件验证)两种质询方式。\n- 支持 PEM、PFX、JKS 等多种格式输出证书。\n- 支持 60+ 域名托管商(如阿里云、腾讯云、AWS、Cloudflare、GoDaddy 等,[点此查看完整清单](https://docs.certimate.me/zh-CN/docs/reference/providers#supported-dns-providers))。\n- 支持 110+ 部署目标(如 Kubernetes、CDN、WAF、负载均衡等,[点此查看完整清单](https://docs.certimate.me/zh-CN/docs/reference/providers#supported-hosting-providers))。\n- 支持邮件、钉钉、飞书、企业微信、Discord、Slack、Telegram 等多种通知渠道。\n- 支持 Let's Encrypt、Actalis、Google Trust Services、SSL.com、ZeroSSL 等多种 ACME 证书颁发机构。\n- 更多特性等待探索。\n\n## 🚀 快速启动\n\n**1 分钟运行 Certimate!**\n\n\n👉 二进制安装: \n\n从 [GitHub Releases](https://github.com/certimate-go/certimate/releases) 页面下载预先编译好的可执行文件压缩包,解压缩后在终端中执行:\n\n```bash\n./certimate serve\n```\n\n \n\n\n👉 Docker 安装: \n\n```bash\ndocker run -d \\\n --name certimate \\\n --restart unless-stopped \\\n -p 8090:8090 \\\n -v /etc/localtime:/etc/localtime:ro \\\n -v /etc/timezone:/etc/timezone:ro \\\n -v $(pwd)/data:/app/pb_data \\\n certimate/certimate:latest\n```\n\n \n\n浏览器中访问 `http://127.0.0.1:8090`。\n\n初始的管理员账号及密码:\n\n- 账号:`admin@certimate.fun`\n- 密码:`1234567890`\n\n即刻使用 Certimate。或者阅读文档中的其他内容以了解更多。\n\n## 📄 使用手册\n\n请访问文档站 [docs.certimate.me](https://docs.certimate.me/) 以阅读使用手册。\n\n> (由于众所周知的原因,中国大陆用户可能需要 🪄 上网才能访问文档站。)\n\n相关文章:\n\n> - [《升级指南:迁移到 v0.4》](https://docs.certimate.me/zh-CN/docs/migrations/migrate-to-v0.4)\n> - [《使用 CNAME 完成 ACME DNS-01 质询》](https://docs.certimate.me/zh-CN/blog/cname)\n> - [《Why Certimate?》](https://docs.certimate.me/zh-CN/blog/why-certimate)\n\n## 🖥️ 运行界面\n\n[](https://www.bilibili.com/video/BV1xockeZEm2)\n\n## 🤝 参与贡献\n\nCertimate 是一个免费且开源的项目。我们欢迎任何人为 Certimate 做出贡献,以帮助改善 Certimate。包括但不限于:提交代码、反馈缺陷、交流想法,或分享你基于 Certimate 的使用案例。同时,我们也欢迎用户在个人博客或社交媒体上分享 Certimate。\n\n如果你想要贡献代码,请先阅读我们的[贡献指南](./CONTRIBUTING.md)。\n\n请在 https://github.com/certimate-go/certimate 提交 [Issues](https://github.com/certimate-go/certimate/issues) 和 [Pull Requests](https://github.com/certimate-go/certimate/pulls)。\n\n#### 感谢以下贡献者对 Certimate 做出的贡献:\n\n[](https://github.com/certimate-go/certimate/graphs/contributors)\n\n## ⛔ 免责声明\n\nCertimate 遵循 [MIT License](https://opensource.org/licenses/MIT) 开源协议,完全免费提供,旨在“按现状”供用户使用。作者及贡献者不对使用本软件所产生的任何直接或间接后果承担责任,包括但不限于性能下降、数据丢失、服务中断、或任何其他类型的损害。\n\n**无任何保证**:本软件不提供任何明示或暗示的保证,包括但不限于对特定用途的适用性、无侵权性、商用性及可靠性的保证。\n\n**用户责任**:使用本软件即表示您理解并同意承担由此产生的一切风险及责任。\n\n## 🌐 加入社群\n\n- [Telegram](https://t.me/+ZXphsppxUg41YmVl)\n- 微信群聊(因微信自身限制需群主邀请,可先加 [@usual2970](https://github.com/usual2970) 好友)\n\n 0 {\n\t\t\tapp.GetLogger().Info(fmt.Sprintf(\"cleanup %d expired certificates\", ret))\n\t\t}\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "internal/certificate/service_deps.go",
"content": "package certificate\n\nimport (\n\t\"context\"\n\n\t\"github.com/pocketbase/dbx\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype acmeAccountRepository interface {\n\tGetByAcctUrl(ctx context.Context, acctUrl string) (*domain.ACMEAccount, error)\n}\n\ntype certificateRepository interface {\n\tListExpiringSoon(ctx context.Context) ([]*domain.Certificate, error)\n\tGetById(ctx context.Context, id string) (*domain.Certificate, error)\n\tSave(ctx context.Context, certificate *domain.Certificate) (*domain.Certificate, error)\n\tDeleteWhere(ctx context.Context, exprs ...dbx.Expression) (int, error)\n}\n\ntype settingsRepository interface {\n\tGetByName(ctx context.Context, name string) (*domain.Settings, error)\n}\n"
},
{
"path": "internal/certmgmt/client.go",
"content": "package certmgmt\n\nimport (\n\t\"log/slog\"\n)\n\ntype Client struct {\n\tlogger *slog.Logger\n}\n\ntype ClientConfigure func(*Client)\n\nfunc NewClient(configures ...ClientConfigure) *Client {\n\tclient := &Client{}\n\tfor _, configure := range configures {\n\t\tconfigure(client)\n\t}\n\treturn client\n}\n\nfunc WithLogger(logger *slog.Logger) ClientConfigure {\n\treturn func(c *Client) {\n\t\tc.logger = logger\n\t}\n}\n"
},
{
"path": "internal/certmgmt/client_deploy.go",
"content": "package certmgmt\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/certmgmt/deployers\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype DeployCertificateRequest struct {\n\t// 提供商相关\n\tProvider string\n\tProviderAccessConfig map[string]any\n\tProviderExtendedConfig map[string]any\n\n\t// 证书相关\n\tCertificate string\n\tPrivateKey string\n}\n\ntype DeployCertificateResponse struct{}\n\nfunc (c *Client) DeployCertificate(ctx context.Context, request *DeployCertificateRequest) (*DeployCertificateResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"the request is nil\")\n\t}\n\n\tproviderFactory, err := deployers.Registries.Get(domain.DeploymentProviderType(request.Provider))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tprovider, err := providerFactory(&deployers.ProviderFactoryOptions{\n\t\tProviderAccessConfig: request.ProviderAccessConfig,\n\t\tProviderExtendedConfig: request.ProviderExtendedConfig,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to initialize deployment provider '%s': %w\", request.Provider, err)\n\t}\n\n\tprovider.SetLogger(c.logger)\n\tif _, err := provider.Deploy(ctx, request.Certificate, request.PrivateKey); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &DeployCertificateResponse{}, nil\n}\n"
},
{
"path": "internal/certmgmt/deployers/registry.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype ProviderFactoryFunc func(options *ProviderFactoryOptions) (deployer.Provider, error)\n\ntype ProviderFactoryOptions struct {\n\tProviderAccessConfig map[string]any\n\tProviderExtendedConfig map[string]any\n}\n\ntype Registry[T comparable] interface {\n\tRegister(T, ProviderFactoryFunc) error\n\tMustRegister(T, ProviderFactoryFunc)\n\tGet(T) (ProviderFactoryFunc, error)\n}\n\ntype registry[T comparable] struct {\n\tfactories map[T]ProviderFactoryFunc\n}\n\nfunc (r *registry[T]) Register(name T, factory ProviderFactoryFunc) error {\n\tif _, exists := r.factories[name]; exists {\n\t\treturn fmt.Errorf(\"provider '%v' already registered\", name)\n\t}\n\n\tr.factories[name] = factory\n\treturn nil\n}\n\nfunc (r *registry[T]) MustRegister(name T, factory ProviderFactoryFunc) {\n\tif err := r.Register(name, factory); err != nil {\n\t\tpanic(err)\n\t}\n}\n\nfunc (r *registry[T]) Get(name T) (ProviderFactoryFunc, error) {\n\tif factory, exists := r.factories[name]; exists {\n\t\treturn factory, nil\n\t}\n\n\treturn nil, fmt.Errorf(\"provider '%v' not registered\", name)\n}\n\nfunc newRegistry[T comparable]() Registry[T] {\n\treturn ®istry[T]{factories: make(map[T]ProviderFactoryFunc)}\n}\n\nvar Registries = newRegistry[domain.DeploymentProviderType]()\n"
},
{
"path": "internal/certmgmt/deployers/sp_1panel.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tonepanel \"github.com/certimate-go/certimate/pkg/core/deployer/providers/1panel\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderType1Panel, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigFor1Panel{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := onepanel.NewDeployer(&onepanel.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiVersion: credentials.ApiVersion,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tNodeName: xmaps.GetString(options.ProviderExtendedConfig, \"nodeName\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tWebsiteMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"websiteMatchPattern\"),\n\t\t\tWebsiteId: xmaps.GetInt64(options.ProviderExtendedConfig, \"websiteId\"),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_1panel_console.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\topconsole \"github.com/certimate-go/certimate/pkg/core/deployer/providers/1panel-console\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderType1PanelConsole, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigFor1Panel{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := opconsole.NewDeployer(&opconsole.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiVersion: credentials.ApiVersion,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tAutoRestart: xmaps.GetBool(options.ProviderExtendedConfig, \"autoRestart\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_alb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunalb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-alb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunALB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunalb.NewDeployer(&aliyunalb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_apigw.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunapigw \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-apigw\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunAPIGW, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunapigw.NewDeployer(&aliyunapigw.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tServiceType: xmaps.GetString(options.ProviderExtendedConfig, \"serviceType\"),\n\t\t\tGatewayId: xmaps.GetString(options.ProviderExtendedConfig, \"gatewayId\"),\n\t\t\tGroupId: xmaps.GetString(options.ProviderExtendedConfig, \"groupId\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_cas.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyuncas \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-cas\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunCAS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyuncas.NewDeployer(&aliyuncas.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_casdeploy.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyuncasdeploy \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-cas-deploy\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunCASDeploy, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyuncasdeploy.NewDeployer(&aliyuncasdeploy.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceIds: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"resourceIds\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t\tContactIds: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"contactIds\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyuncdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyuncdn.NewDeployer(&aliyuncdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_clb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunclb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-clb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunCLB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunclb.NewDeployer(&aliyunclb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerPort: xmaps.GetOrDefaultInt32(options.ProviderExtendedConfig, \"listenerPort\", 443),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_dcdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyundcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-dcdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunDCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyundcdn.NewDeployer(&aliyundcdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_ddospro.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunddospro \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-ddospro\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunDDoSPro, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunddospro.NewDeployer(&aliyunddospro.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_esa.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunesa \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-esa\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunESA, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunesa.NewDeployer(&aliyunesa.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tSiteId: xmaps.GetInt64(options.ProviderExtendedConfig, \"siteId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_esasaas.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunesasaas \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-esa-saas\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunESASaaS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunesasaas.NewDeployer(&aliyunesasaas.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tSiteId: xmaps.GetInt64(options.ProviderExtendedConfig, \"siteId\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_fc.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunfc \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-fc\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunFC, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunfc.NewDeployer(&aliyunfc.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tServiceVersion: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"serviceVersion\", \"3.0\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_ga.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunga \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-ga\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunGA, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunga.NewDeployer(&aliyunga.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tAcceleratorId: xmaps.GetString(options.ProviderExtendedConfig, \"acceleratorId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_live.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunlive \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-live\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunLive, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunlive.NewDeployer(&aliyunlive.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_nlb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunnlb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-nlb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunNLB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunnlb.NewDeployer(&aliyunnlb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_oss.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunoss \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-oss\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunOSS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunoss.NewDeployer(&aliyunoss.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_vod.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunvod \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-vod\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunVOD, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunvod.NewDeployer(&aliyunvod.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aliyun_waf.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\taliyunwaf \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-waf\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAliyunWAF, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAliyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := aliyunwaf.NewDeployer(&aliyunwaf.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tResourceGroupId: credentials.ResourceGroupId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tServiceVersion: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"serviceVersion\", \"3.0\"),\n\t\t\tServiceType: xmaps.GetString(options.ProviderExtendedConfig, \"serviceType\"),\n\t\t\tInstanceId: xmaps.GetString(options.ProviderExtendedConfig, \"instanceId\"),\n\t\t\tResourceProduct: xmaps.GetString(options.ProviderExtendedConfig, \"resourceProduct\"),\n\t\t\tResourceId: xmaps.GetString(options.ProviderExtendedConfig, \"resourceId\"),\n\t\t\tResourcePort: xmaps.GetOrDefaultInt32(options.ProviderExtendedConfig, \"resourcePort\", 443),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_apisix.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/apisix\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAPISIX, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAPISIX{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := apisix.NewDeployer(&apisix.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aws_acm.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tawsacm \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aws-acm\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAWSACM, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAWS{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := awsacm.NewDeployer(&awsacm.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tCertificateArn: xmaps.GetString(options.ProviderExtendedConfig, \"certificateArn\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aws_cloudfront.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tawscloudfront \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aws-cloudfront\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAWSCloudFront, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAWS{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := awscloudfront.NewDeployer(&awscloudfront.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDistributionId: xmaps.GetString(options.ProviderExtendedConfig, \"distributionId\"),\n\t\t\tCertificateSource: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"certificateSource\", \"ACM\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_aws_iam.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tawsiam \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aws-iam\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAWSIAM, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAWS{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := awsiam.NewDeployer(&awsiam.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tCertificatePath: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"certificatePath\", \"/\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_azure_keyvault.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tazurekeyvault \"github.com/certimate-go/certimate/pkg/core/deployer/providers/azure-keyvault\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeAzureKeyVault, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForAzure{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := azurekeyvault.NewDeployer(&azurekeyvault.DeployerConfig{\n\t\t\tTenantId: credentials.TenantId,\n\t\t\tClientId: credentials.ClientId,\n\t\t\tClientSecret: credentials.ClientSecret,\n\t\t\tCloudName: credentials.CloudName,\n\t\t\tKeyVaultName: xmaps.GetString(options.ProviderExtendedConfig, \"keyvaultName\"),\n\t\t\tCertificateName: xmaps.GetString(options.ProviderExtendedConfig, \"certificateName\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baiducloud_appblb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaiducloudappblb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baiducloud-appblb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaiduCloudAppBLB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaiduCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baiducloudappblb.NewDeployer(&baiducloudappblb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerPort: xmaps.GetInt32(options.ProviderExtendedConfig, \"listenerPort\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baiducloud_blb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaiducloudblb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baiducloud-blb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaiduCloudBLB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaiduCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baiducloudblb.NewDeployer(&baiducloudblb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerPort: xmaps.GetInt32(options.ProviderExtendedConfig, \"listenerPort\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baiducloud_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaiducloudcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baiducloud-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaiduCloudCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaiduCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baiducloudcdn.NewDeployer(&baiducloudcdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baiducloud_cert.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaiducloudcert \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baiducloud-cert\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaiduCloudCert, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaiduCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baiducloudcert.NewDeployer(&baiducloudcert.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baishan_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaishancdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baishan-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaishanCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaishan{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baishancdn.NewDeployer(&baishancdn.DeployerConfig{\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baotapanel.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaotapanel \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanel\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaotaPanel, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaotaPanel{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baotapanel.NewDeployer(&baotapanel.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tSiteType: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"siteType\", \"other\"),\n\t\t\tSiteNames: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"siteNames\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baotapanel_console.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaotapanelconsole \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanel-console\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaotaPanelConsole, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaotaPanel{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baotapanelconsole.NewDeployer(&baotapanelconsole.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tAutoRestart: xmaps.GetBool(options.ProviderExtendedConfig, \"autoRestart\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baotapanelgo.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaotapanelgo \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanelgo\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaotaPanelGo, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaotaPanelGo{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baotapanelgo.NewDeployer(&baotapanelgo.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tSiteType: xmaps.GetString(options.ProviderExtendedConfig, \"siteType\"),\n\t\t\tSiteNames: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"siteNames\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baotapanelgo_console.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaotapanelgoconsole \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanelgo-console\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaotaPanelGoConsole, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaotaPanelGo{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baotapanelgoconsole.NewDeployer(&baotapanelgoconsole.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baotawaf.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaotawaf \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotawaf\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaotaWAF, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaotaWAF{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baotawaf.NewDeployer(&baotawaf.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tSiteNames: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"siteNames\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t\tSitePort: xmaps.GetOrDefaultInt32(options.ProviderExtendedConfig, \"sitePort\", 443),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_baotawaf_console.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaotawafconsole \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotawaf-console\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBaotaWAFConsole, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBaotaWAF{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := baotawafconsole.NewDeployer(&baotawafconsole.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_bunny_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbunnycdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/bunny-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBunnyCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBunny{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := bunnycdn.NewDeployer(&bunnycdn.DeployerConfig{\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tPullZoneId: xmaps.GetString(options.ProviderExtendedConfig, \"pullZoneId\"),\n\t\t\tHostname: xmaps.GetString(options.ProviderExtendedConfig, \"hostname\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_byteplus_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbytepluscdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/byteplus-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeBytePlusCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForBytePlus{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := bytepluscdn.NewDeployer(&bytepluscdn.DeployerConfig{\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_cachefly.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/cachefly\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCacheFly, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCacheFly{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := cachefly.NewDeployer(&cachefly.DeployerConfig{\n\t\t\tApiToken: credentials.ApiToken,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_cdnfly.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/cdnfly\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCdnfly, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCdnfly{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tdeployer, err := cdnfly.NewDeployer(&cdnfly.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tApiSecret: credentials.ApiSecret,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tSiteId: xmaps.GetString(options.ProviderExtendedConfig, \"siteId\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn deployer, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_cpanel.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/cpanel\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCPanel, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCPanel{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := cpanel.NewDeployer(&cpanel.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tUsername: credentials.Username,\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ctcccloud_ao.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctcccloudao \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-ao\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCTCCCloudAO, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCTCCCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ctcccloudao.NewDeployer(&ctcccloudao.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ctcccloud_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctcccloudcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCTCCCloudCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCTCCCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ctcccloudcdn.NewDeployer(&ctcccloudcdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ctcccloud_cms.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctcccloudcms \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-cms\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCTCCCloudCMS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCTCCCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ctcccloudcms.NewDeployer(&ctcccloudcms.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ctcccloud_elb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctcccloudelb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-elb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCTCCCloudELB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCTCCCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ctcccloudelb.NewDeployer(&ctcccloudelb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegionId: xmaps.GetString(options.ProviderExtendedConfig, \"regionId\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ctcccloud_faas.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctcccloudfaas \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-faas\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCTCCCloudFaaS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCTCCCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ctcccloudfaas.NewDeployer(&ctcccloudfaas.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegionId: xmaps.GetString(options.ProviderExtendedConfig, \"regionId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ctcccloud_icdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctcccloudicdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-icdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCTCCCloudICDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCTCCCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ctcccloudicdn.NewDeployer(&ctcccloudicdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ctcccloud_lvdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctcccloudlvdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-lvdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeCTCCCloudLVDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForCTCCCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ctcccloudlvdn.NewDeployer(&ctcccloudlvdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_dogecloud_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tpDogeCDN \"github.com/certimate-go/certimate/pkg/core/deployer/providers/dogecloud-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeDogeCloudCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForDogeCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := pDogeCDN.NewDeployer(&pDogeCDN.DeployerConfig{\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_dokploy.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/dokploy\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeDokploy, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForDokploy{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := dokploy.NewDeployer(&dokploy.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_flexcdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/flexcdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeFlexCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForFlexCDN{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := flexcdn.NewDeployer(&flexcdn.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiRole: credentials.ApiRole,\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_flyio.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tflyio \"github.com/certimate-go/certimate/pkg/core/deployer/providers/flyio\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeFlyIO, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForFlyIO{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := flyio.NewDeployer(&flyio.DeployerConfig{\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tAppName: xmaps.GetString(options.ProviderExtendedConfig, \"appName\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_gcore_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tgcorecdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/gcore-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeGcoreCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForGcore{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := gcorecdn.NewDeployer(&gcorecdn.DeployerConfig{\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tResourceId: xmaps.GetInt64(options.ProviderExtendedConfig, \"resourceId\"),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_goedge.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/goedge\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeGoEdge, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForGoEdge{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := goedge.NewDeployer(&goedge.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiRole: credentials.ApiRole,\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_huaweicloud_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\thuaweicloudcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeHuaweiCloudCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForHuaweiCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := huaweicloudcdn.NewDeployer(&huaweicloudcdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tEnterpriseProjectId: credentials.EnterpriseProjectId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_huaweicloud_elb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\thuaweicloudelb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-elb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeHuaweiCloudELB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForHuaweiCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := huaweicloudelb.NewDeployer(&huaweicloudelb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tEnterpriseProjectId: credentials.EnterpriseProjectId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_huaweicloud_obs.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\thuaweicloudobs \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-obs\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeHuaweiCloudOBS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForHuaweiCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := huaweicloudobs.NewDeployer(&huaweicloudobs.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_huaweicloud_scm.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\thuaweicloudscm \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-scm\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeHuaweiCloudSCM, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForHuaweiCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := huaweicloudscm.NewDeployer(&huaweicloudscm.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tEnterpriseProjectId: credentials.EnterpriseProjectId,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_huaweicloud_waf.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\thuaweicloudwaf \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-waf\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeHuaweiCloudWAF, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForHuaweiCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := huaweicloudwaf.NewDeployer(&huaweicloudwaf.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tEnterpriseProjectId: credentials.EnterpriseProjectId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_jdcloud_alb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tjdcloudalb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-alb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeJDCloudALB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForJDCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := jdcloudalb.NewDeployer(&jdcloudalb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tRegionId: xmaps.GetString(options.ProviderExtendedConfig, \"regionId\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_jdcloud_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tjdcloudcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeJDCloudCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForJDCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := jdcloudcdn.NewDeployer(&jdcloudcdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_jdcloud_live.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tjdcloudlive \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-live\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeJDCloudLive, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForJDCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := jdcloudlive.NewDeployer(&jdcloudlive.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_jdcloud_vod.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tjdcloudvod \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-vod\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeJDCloudVOD, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForJDCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := jdcloudvod.NewDeployer(&jdcloudvod.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_kong.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/kong\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeKong, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForKong{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := kong.NewDeployer(&kong.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tWorkspace: xmaps.GetString(options.ProviderExtendedConfig, \"workspace\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ksyun_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tksyuncdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ksyun-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeKsyunCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForKsyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ksyuncdn.NewDeployer(&ksyuncdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tSecretAccessKey: credentials.SecretAccessKey,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_kubernetes_secret.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tk8ssecret \"github.com/certimate-go/certimate/pkg/core/deployer/providers/k8s-secret\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeKubernetesSecret, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForKubernetes{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tparseKeyValueMap := func(s string) (map[string]string, error) {\n\t\t\tresult := make(map[string]string)\n\n\t\t\tlines := strings.Split(s, \"\\n\")\n\t\t\tfor i, line := range lines {\n\t\t\t\tif strings.TrimSpace(line) == \"\" {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tpos := strings.Index(line, \":\")\n\t\t\t\tif pos == -1 {\n\t\t\t\t\treturn nil, fmt.Errorf(\"invalid line format at line %d\", i+1)\n\t\t\t\t}\n\n\t\t\t\tkey := strings.TrimSpace(line[:pos])\n\t\t\t\tvalue := strings.TrimSpace(line[pos+1:])\n\t\t\t\tif key == \"\" {\n\t\t\t\t\treturn nil, fmt.Errorf(\"invalid key at line %d\", i+1)\n\t\t\t\t}\n\n\t\t\t\tresult[key] = value\n\t\t\t}\n\n\t\t\treturn result, nil\n\t\t}\n\n\t\tsecretAnnotations := make(map[string]string)\n\t\tif secretAnnotationsString := xmaps.GetString(options.ProviderExtendedConfig, \"secretAnnotations\"); secretAnnotationsString != \"\" {\n\t\t\ttemp, err := parseKeyValueMap(secretAnnotationsString)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to parse kubernetes secret annotations: %w\", err)\n\t\t\t}\n\t\t\tsecretAnnotations = temp\n\t\t}\n\n\t\tsecretLabels := make(map[string]string)\n\t\tif secretLabelsString := xmaps.GetString(options.ProviderExtendedConfig, \"secretLabels\"); secretLabelsString != \"\" {\n\t\t\ttemp, err := parseKeyValueMap(secretLabelsString)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to parse kubernetes secret labels: %w\", err)\n\t\t\t}\n\t\t\tsecretLabels = temp\n\t\t}\n\n\t\tprovider, err := k8ssecret.NewDeployer(&k8ssecret.DeployerConfig{\n\t\t\tKubeConfig: credentials.KubeConfig,\n\t\t\tNamespace: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"namespace\", \"default\"),\n\t\t\tSecretName: xmaps.GetString(options.ProviderExtendedConfig, \"secretName\"),\n\t\t\tSecretType: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"secretType\", \"kubernetes.io/tls\"),\n\t\t\tSecretDataKeyForCrt: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"secretDataKeyForCrt\", \"tls.crt\"),\n\t\t\tSecretDataKeyForKey: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"secretDataKeyForKey\", \"tls.key\"),\n\t\t\tSecretAnnotations: secretAnnotations,\n\t\t\tSecretLabels: secretLabels,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_lecdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/lecdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeLeCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForLeCDN{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := lecdn.NewDeployer(&lecdn.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiVersion: credentials.ApiVersion,\n\t\t\tApiRole: credentials.ApiRole,\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t\tClientId: xmaps.GetInt64(options.ProviderExtendedConfig, \"clientId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_local.go",
"content": "package deployers\n\nimport (\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/local\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeLocal, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tprovider, err := local.NewDeployer(&local.DeployerConfig{\n\t\t\tShellEnv: xmaps.GetString(options.ProviderExtendedConfig, \"shellEnv\"),\n\t\t\tPreCommand: xmaps.GetString(options.ProviderExtendedConfig, \"preCommand\"),\n\t\t\tPostCommand: xmaps.GetString(options.ProviderExtendedConfig, \"postCommand\"),\n\t\t\tOutputFormat: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"format\", local.OUTPUT_FORMAT_PEM),\n\t\t\tOutputCertPath: xmaps.GetString(options.ProviderExtendedConfig, \"certPath\"),\n\t\t\tOutputServerCertPath: xmaps.GetString(options.ProviderExtendedConfig, \"certPathForServerOnly\"),\n\t\t\tOutputIntermediaCertPath: xmaps.GetString(options.ProviderExtendedConfig, \"certPathForIntermediaOnly\"),\n\t\t\tOutputKeyPath: xmaps.GetString(options.ProviderExtendedConfig, \"keyPath\"),\n\t\t\tPfxPassword: xmaps.GetString(options.ProviderExtendedConfig, \"pfxPassword\"),\n\t\t\tJksAlias: xmaps.GetString(options.ProviderExtendedConfig, \"jksAlias\"),\n\t\t\tJksKeypass: xmaps.GetString(options.ProviderExtendedConfig, \"jksKeypass\"),\n\t\t\tJksStorepass: xmaps.GetString(options.ProviderExtendedConfig, \"jksStorepass\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_mohua_mvh.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tmohuamvh \"github.com/certimate-go/certimate/pkg/core/deployer/providers/mohua-mvh\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeMohuaMVH, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForMohua{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := mohuamvh.NewDeployer(&mohuamvh.DeployerConfig{\n\t\t\tUsername: credentials.Username,\n\t\t\tApiPassword: credentials.ApiPassword,\n\t\t\tHostId: xmaps.GetString(options.ProviderExtendedConfig, \"hostId\"),\n\t\t\tDomainId: xmaps.GetString(options.ProviderExtendedConfig, \"domainId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_netlify.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tnetlify \"github.com/certimate-go/certimate/pkg/core/deployer/providers/netlify\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeNetlify, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForNetlify{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := netlify.NewDeployer(&netlify.DeployerConfig{\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tSiteId: xmaps.GetString(options.ProviderExtendedConfig, \"siteId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_nginxproxymanager.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tnginxproxymanager \"github.com/certimate-go/certimate/pkg/core/deployer/providers/nginxproxymanager\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeNginxProxyManager, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForNginxProxyManager{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := nginxproxymanager.NewDeployer(&nginxproxymanager.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tAuthMethod: credentials.AuthMethod,\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tHostType: xmaps.GetString(options.ProviderExtendedConfig, \"hostType\"),\n\t\t\tHostMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"hostMatchPattern\"),\n\t\t\tHostId: xmaps.GetInt64(options.ProviderExtendedConfig, \"hostId\"),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_proxmoxve.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/proxmoxve\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeProxmoxVE, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForProxmoxVE{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := proxmoxve.NewDeployer(&proxmoxve.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tApiTokenSecret: credentials.ApiTokenSecret,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tNodeName: xmaps.GetString(options.ProviderExtendedConfig, \"nodeName\"),\n\t\t\tAutoRestart: xmaps.GetBool(options.ProviderExtendedConfig, \"autoRestart\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_qiniu_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tqiniucdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/qiniu-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeQiniuCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForQiniu{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := qiniucdn.NewDeployer(&qiniucdn.DeployerConfig{\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_qiniu_kodo.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tqiniukodo \"github.com/certimate-go/certimate/pkg/core/deployer/providers/qiniu-kodo\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeQiniuKodo, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForQiniu{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := qiniukodo.NewDeployer(&qiniukodo.DeployerConfig{\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_qiniu_pili.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tqiniupili \"github.com/certimate-go/certimate/pkg/core/deployer/providers/qiniu-pili\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeQiniuPili, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForQiniu{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := qiniupili.NewDeployer(&qiniupili.DeployerConfig{\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tHub: xmaps.GetString(options.ProviderExtendedConfig, \"hub\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_rainyun_rcdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\trainyunrcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/rainyun-rcdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeRainYunRCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForRainYun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := rainyunrcdn.NewDeployer(&rainyunrcdn.DeployerConfig{\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tInstanceId: xmaps.GetInt64(options.ProviderExtendedConfig, \"instanceId\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_rainyun_sslcenter.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\trainyunsslcenter \"github.com/certimate-go/certimate/pkg/core/deployer/providers/rainyun-sslcenter\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeRainYunSSLCenter, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForRainYun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := rainyunsslcenter.NewDeployer(&rainyunsslcenter.DeployerConfig{\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ratpanel.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tratpanel \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ratpanel\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeRatPanel, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForRatPanel{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ratpanel.NewDeployer(&ratpanel.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tAccessTokenId: credentials.AccessTokenId,\n\t\t\tAccessToken: credentials.AccessToken,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tSiteNames: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"siteNames\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ratpanel_console.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tratpanelconsole \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ratpanel-console\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeRatPanelConsole, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForRatPanel{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ratpanelconsole.NewDeployer(&ratpanelconsole.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tAccessTokenId: credentials.AccessTokenId,\n\t\t\tAccessToken: credentials.AccessToken,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_s3.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/s3\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeS3, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForS3{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := s3.NewDeployer(&s3.DeployerConfig{\n\t\t\tEndpoint: credentials.Endpoint,\n\t\t\tAccessKey: credentials.AccessKey,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tSignatureVersion: credentials.SignatureVersion,\n\t\t\tUsePathStyle: credentials.UsePathStyle,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tOutputFormat: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"format\", s3.OUTPUT_FORMAT_PEM),\n\t\t\tOutputCertObjectKey: xmaps.GetString(options.ProviderExtendedConfig, \"certObjectKey\"),\n\t\t\tOutputServerCertObjectKey: xmaps.GetString(options.ProviderExtendedConfig, \"certObjectKeyForServerOnly\"),\n\t\t\tOutputIntermediaCertObjectKey: xmaps.GetString(options.ProviderExtendedConfig, \"certObjectKeyForIntermediaOnly\"),\n\t\t\tOutputKeyObjectKey: xmaps.GetString(options.ProviderExtendedConfig, \"keyObjectKey\"),\n\t\t\tPfxPassword: xmaps.GetString(options.ProviderExtendedConfig, \"pfxPassword\"),\n\t\t\tJksAlias: xmaps.GetString(options.ProviderExtendedConfig, \"jksAlias\"),\n\t\t\tJksKeypass: xmaps.GetString(options.ProviderExtendedConfig, \"jksKeypass\"),\n\t\t\tJksStorepass: xmaps.GetString(options.ProviderExtendedConfig, \"jksStorepass\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_safeline.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/safeline\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeSafeLine, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForSafeLine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := safeline.NewDeployer(&safeline.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tApiToken: credentials.ApiToken,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tCertificateId: xmaps.GetInt64(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ssh.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/ssh\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeSSH, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForSSH{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tjumpServers := make([]ssh.ServerConfig, len(credentials.JumpServers))\n\t\tfor i, jumpServer := range credentials.JumpServers {\n\t\t\tjumpServers[i] = ssh.ServerConfig{\n\t\t\t\tSshHost: jumpServer.Host,\n\t\t\t\tSshPort: jumpServer.Port,\n\t\t\t\tSshAuthMethod: jumpServer.AuthMethod,\n\t\t\t\tSshUsername: jumpServer.Username,\n\t\t\t\tSshPassword: jumpServer.Password,\n\t\t\t\tSshKey: jumpServer.Key,\n\t\t\t\tSshKeyPassphrase: jumpServer.KeyPassphrase,\n\t\t\t}\n\t\t}\n\n\t\tprovider, err := ssh.NewDeployer(&ssh.DeployerConfig{\n\t\t\tServerConfig: ssh.ServerConfig{\n\t\t\t\tSshHost: credentials.Host,\n\t\t\t\tSshPort: credentials.Port,\n\t\t\t\tSshAuthMethod: credentials.AuthMethod,\n\t\t\t\tSshUsername: credentials.Username,\n\t\t\t\tSshPassword: credentials.Password,\n\t\t\t\tSshKey: credentials.Key,\n\t\t\t\tSshKeyPassphrase: credentials.KeyPassphrase,\n\t\t\t},\n\t\t\tJumpServers: jumpServers,\n\t\t\tUseSCP: xmaps.GetBool(options.ProviderExtendedConfig, \"useSCP\"),\n\t\t\tPreCommand: xmaps.GetString(options.ProviderExtendedConfig, \"preCommand\"),\n\t\t\tPostCommand: xmaps.GetString(options.ProviderExtendedConfig, \"postCommand\"),\n\t\t\tOutputFormat: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"format\", ssh.OUTPUT_FORMAT_PEM),\n\t\t\tOutputKeyPath: xmaps.GetString(options.ProviderExtendedConfig, \"keyPath\"),\n\t\t\tOutputCertPath: xmaps.GetString(options.ProviderExtendedConfig, \"certPath\"),\n\t\t\tOutputServerCertPath: xmaps.GetString(options.ProviderExtendedConfig, \"certPathForServerOnly\"),\n\t\t\tOutputIntermediaCertPath: xmaps.GetString(options.ProviderExtendedConfig, \"certPathForIntermediaOnly\"),\n\t\t\tPfxPassword: xmaps.GetString(options.ProviderExtendedConfig, \"pfxPassword\"),\n\t\t\tJksAlias: xmaps.GetString(options.ProviderExtendedConfig, \"jksAlias\"),\n\t\t\tJksKeypass: xmaps.GetString(options.ProviderExtendedConfig, \"jksKeypass\"),\n\t\t\tJksStorepass: xmaps.GetString(options.ProviderExtendedConfig, \"jksStorepass\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_synologydsm.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/synologydsm\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeSynologyDSM, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForSynologyDSM{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := synologydsm.NewDeployer(&synologydsm.DeployerConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tTotpSecret: credentials.TotpSecret,\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t\tCertificateIdOrDescription: xmaps.GetString(options.ProviderExtendedConfig, \"certificateIdOrDesc\"),\n\t\t\tIsDefault: xmaps.GetBool(options.ProviderExtendedConfig, \"isDefault\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudcdn.NewDeployer(&tencentcloudcdn.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_clb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudclb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-clb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudCLB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudclb.NewDeployer(&tencentcloudclb.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_cos.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudcos \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-cos\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudCOS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudcos.NewDeployer(&tencentcloudcos.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_css.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudcss \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-css\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudCSS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudcss.NewDeployer(&tencentcloudcss.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_ecdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudecdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ecdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudECDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudecdn.NewDeployer(&tencentcloudecdn.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_eo.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudeo \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-eo\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudEO, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudeo.NewDeployer(&tencentcloudeo.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tZoneId: xmaps.GetString(options.ProviderExtendedConfig, \"zoneId\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomains: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"domains\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t\tEnableMultipleSSL: xmaps.GetBool(options.ProviderExtendedConfig, \"enableMultipleSSL\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_gaap.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudgaap \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-gaap\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudGAAP, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudgaap.NewDeployer(&tencentcloudgaap.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tProxyId: xmaps.GetString(options.ProviderExtendedConfig, \"proxyId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_scf.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudscf \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-scf\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudSCF, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudscf.NewDeployer(&tencentcloudscf.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_ssl.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudssl \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ssl\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudSSL, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudssl.NewDeployer(&tencentcloudssl.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_ssldeploy.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudssldeploy \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ssl-deploy\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudSSLDeploy, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudssldeploy.NewDeployer(&tencentcloudssldeploy.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceProduct: xmaps.GetString(options.ProviderExtendedConfig, \"resourceProduct\"),\n\t\t\tResourceIds: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"resourceIds\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_sslupdate.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudsslupdate \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ssl-update\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudSSLUpdate, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudsslupdate.NewDeployer(&tencentcloudsslupdate.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t\tIsReplaced: xmaps.GetBool(options.ProviderExtendedConfig, \"isReplaced\"),\n\t\t\tResourceProducts: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"resourceProducts\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t\tResourceRegions: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"resourceRegions\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_vod.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudvod \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-vod\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudVOD, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudvod.NewDeployer(&tencentcloudvod.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tSubAppId: xmaps.GetInt64(options.ProviderExtendedConfig, \"subAppId\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_tencentcloud_waf.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\ttencentcloudwaf \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-waf\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeTencentCloudWAF, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTencentCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := tencentcloudwaf.NewDeployer(&tencentcloudwaf.DeployerConfig{\n\t\t\tSecretId: credentials.SecretId,\n\t\t\tSecretKey: credentials.SecretKey,\n\t\t\tEndpoint: xmaps.GetString(options.ProviderExtendedConfig, \"endpoint\"),\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t\tDomainId: xmaps.GetString(options.ProviderExtendedConfig, \"domainId\"),\n\t\t\tInstanceId: xmaps.GetString(options.ProviderExtendedConfig, \"instanceId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ucloud_ualb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudualb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-ualb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUCloudUALB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ucloudualb.NewDeployer(&ucloudualb.DeployerConfig{\n\t\t\tPrivateKey: credentials.PrivateKey,\n\t\t\tPublicKey: credentials.PublicKey,\n\t\t\tProjectId: credentials.ProjectId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ucloud_ucdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tuclouducdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-ucdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUCloudUCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := uclouducdn.NewDeployer(&uclouducdn.DeployerConfig{\n\t\t\tPrivateKey: credentials.PrivateKey,\n\t\t\tPublicKey: credentials.PublicKey,\n\t\t\tProjectId: credentials.ProjectId,\n\t\t\tDomainId: xmaps.GetString(options.ProviderExtendedConfig, \"domainId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ucloud_uclb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tuclouduclb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-uclb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUCloudUCLB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := uclouduclb.NewDeployer(&uclouduclb.DeployerConfig{\n\t\t\tPrivateKey: credentials.PrivateKey,\n\t\t\tPublicKey: credentials.PublicKey,\n\t\t\tProjectId: credentials.ProjectId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tVServerId: xmaps.GetString(options.ProviderExtendedConfig, \"vserverId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ucloud_uewaf.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tuclouduewaf \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-uewaf\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUCloudUEWAF, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := uclouduewaf.NewDeployer(&uclouduewaf.DeployerConfig{\n\t\t\tPrivateKey: credentials.PrivateKey,\n\t\t\tPublicKey: credentials.PublicKey,\n\t\t\tProjectId: credentials.ProjectId,\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ucloud_upathx.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudupathx \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-upathx\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUCloudUPathX, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ucloudupathx.NewDeployer(&ucloudupathx.DeployerConfig{\n\t\t\tPrivateKey: credentials.PrivateKey,\n\t\t\tPublicKey: credentials.PublicKey,\n\t\t\tProjectId: credentials.ProjectId,\n\t\t\tAcceleratorId: xmaps.GetString(options.ProviderExtendedConfig, \"acceleratorId\"),\n\t\t\tListenerPort: xmaps.GetInt32(options.ProviderExtendedConfig, \"listenerPort\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_ucloud_us3.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudus3 \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-us3\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUCloudUS3, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := ucloudus3.NewDeployer(&ucloudus3.DeployerConfig{\n\t\t\tPrivateKey: credentials.PrivateKey,\n\t\t\tPublicKey: credentials.PublicKey,\n\t\t\tProjectId: credentials.ProjectId,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_unicloud_webhost.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tunicloudwebhost \"github.com/certimate-go/certimate/pkg/core/deployer/providers/unicloud-webhost\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUniCloudWebHost, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUniCloud{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := unicloudwebhost.NewDeployer(&unicloudwebhost.DeployerConfig{\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tSpaceProvider: xmaps.GetString(options.ProviderExtendedConfig, \"spaceProvider\"),\n\t\t\tSpaceId: xmaps.GetString(options.ProviderExtendedConfig, \"spaceId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_upyun_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tupyuncdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/upyun-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUpyunCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUpyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := upyuncdn.NewDeployer(&upyuncdn.DeployerConfig{\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_upyun_file.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tupyunfile \"github.com/certimate-go/certimate/pkg/core/deployer/providers/upyun-file\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeUpyunFile, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForUpyun{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := upyunfile.NewDeployer(&upyunfile.DeployerConfig{\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_alb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginealb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-alb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineALB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginealb.NewDeployer(&volcenginealb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginecdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginecdn.NewDeployer(&volcenginecdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_certcenter.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginecertcenter \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-certcenter\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineCertCenter, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginecertcenter.NewDeployer(&volcenginecertcenter.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_clb.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcengineclb \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-clb\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineCLB, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcengineclb.NewDeployer(&volcengineclb.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tResourceType: xmaps.GetString(options.ProviderExtendedConfig, \"resourceType\"),\n\t\t\tLoadbalancerId: xmaps.GetString(options.ProviderExtendedConfig, \"loadbalancerId\"),\n\t\t\tListenerId: xmaps.GetString(options.ProviderExtendedConfig, \"listenerId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_dcdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginedcdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-dcdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineDCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginedcdn.NewDeployer(&volcenginedcdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_imagex.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcengineimagex \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-imagex\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineImageX, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcengineimagex.NewDeployer(&volcengineimagex.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tServiceId: xmaps.GetString(options.ProviderExtendedConfig, \"serviceId\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_live.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginelive \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-live\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineLive, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginelive.NewDeployer(&volcenginelive.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_tos.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginetos \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-tos\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineTOS, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginetos.NewDeployer(&volcenginetos.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tBucket: xmaps.GetString(options.ProviderExtendedConfig, \"bucket\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_vod.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginevod \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-vod\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineVOD, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginevod.NewDeployer(&volcenginevod.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tSpaceName: xmaps.GetString(options.ProviderExtendedConfig, \"spaceName\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomainType: xmaps.GetString(options.ProviderExtendedConfig, \"domainType\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_volcengine_waf.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tvolcenginewaf \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-waf\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeVolcEngineWAF, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForVolcEngine{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := volcenginewaf.NewDeployer(&volcenginewaf.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.SecretAccessKey,\n\t\t\tRegion: xmaps.GetString(options.ProviderExtendedConfig, \"region\"),\n\t\t\tAccessMode: xmaps.GetString(options.ProviderExtendedConfig, \"accessMode\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_wangsu_cdn.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\twangsucdn \"github.com/certimate-go/certimate/pkg/core/deployer/providers/wangsu-cdn\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeWangsuCDN, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForWangsu{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := wangsucdn.NewDeployer(&wangsucdn.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomains: lo.Filter(strings.Split(xmaps.GetString(options.ProviderExtendedConfig, \"domains\"), \";\"), func(s string, _ int) bool { return s != \"\" }),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_wangsu_cdnpro.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\twangsucdnpro \"github.com/certimate-go/certimate/pkg/core/deployer/providers/wangsu-cdnpro\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeWangsuCDNPro, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForWangsu{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := wangsucdnpro.NewDeployer(&wangsucdnpro.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tApiKey: credentials.ApiKey,\n\t\t\tEnvironment: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"environment\", \"production\"),\n\t\t\tDomainMatchPattern: xmaps.GetString(options.ProviderExtendedConfig, \"domainMatchPattern\"),\n\t\t\tDomain: xmaps.GetString(options.ProviderExtendedConfig, \"domain\"),\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t\tWebhookId: xmaps.GetString(options.ProviderExtendedConfig, \"webhookId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_wangsu_certificate.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\twangsucertificate \"github.com/certimate-go/certimate/pkg/core/deployer/providers/wangsu-certificate\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeWangsuCertificate, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForWangsu{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := wangsucertificate.NewDeployer(&wangsucertificate.DeployerConfig{\n\t\t\tAccessKeyId: credentials.AccessKeyId,\n\t\t\tAccessKeySecret: credentials.AccessKeySecret,\n\t\t\tCertificateId: xmaps.GetString(options.ProviderExtendedConfig, \"certificateId\"),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/certmgmt/deployers/sp_webhook.go",
"content": "package deployers\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\twebhook \"github.com/certimate-go/certimate/pkg/core/deployer/providers/webhook\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.DeploymentProviderTypeWebhook, func(options *ProviderFactoryOptions) (deployer.Provider, error) {\n\t\tcredentials := domain.AccessConfigForWebhook{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tmergedHeaders := make(map[string]string)\n\t\tif defaultHeadersString := credentials.HeadersString; defaultHeadersString != \"\" {\n\t\t\th, err := xhttp.ParseHeaders(defaultHeadersString)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to parse webhook headers: %w\", err)\n\t\t\t}\n\t\t\tfor key := range h {\n\t\t\t\tmergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)\n\t\t\t}\n\t\t}\n\t\tif extendedHeadersString := xmaps.GetString(options.ProviderExtendedConfig, \"headers\"); extendedHeadersString != \"\" {\n\t\t\th, err := xhttp.ParseHeaders(extendedHeadersString)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to parse webhook headers: %w\", err)\n\t\t\t}\n\t\t\tfor key := range h {\n\t\t\t\tmergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)\n\t\t\t}\n\t\t}\n\n\t\tprovider, err := webhook.NewDeployer(&webhook.DeployerConfig{\n\t\t\tWebhookUrl: credentials.Url,\n\t\t\tWebhookData: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"webhookData\", credentials.DataString),\n\t\t\tMethod: credentials.Method,\n\t\t\tHeaders: mergedHeaders,\n\t\t\tTimeout: xmaps.GetInt(options.ProviderExtendedConfig, \"timeout\"),\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/domain/access.go",
"content": "package domain\n\nimport \"time\"\n\nconst CollectionNameAccess = \"access\"\n\ntype Access struct {\n\tMeta\n\tName string `db:\"name\" json:\"name\"`\n\tProvider string `db:\"provider\" json:\"provider\"`\n\tConfig map[string]any `db:\"config\" json:\"config\"`\n\tReserve string `db:\"reserve\" json:\"reserve,omitempty\"`\n\tDeletedAt *time.Time `db:\"deleted\" json:\"deleted\"`\n}\n\ntype AccessConfigFor1Panel struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiVersion string `json:\"apiVersion\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigFor35cn struct {\n\tUsername string `json:\"username\"`\n\tApiPassword string `json:\"apiPassword\"`\n}\n\ntype AccessConfigFor51DNScom struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n}\n\ntype AccessConfigForACMEExternalAccountBinding struct {\n\tEabKid string `json:\"eabKid,omitempty\"`\n\tEabHmacKey string `json:\"eabHmacKey,omitempty\"`\n}\n\ntype AccessConfigForACMECA struct {\n\tAccessConfigForACMEExternalAccountBinding\n\tEndpoint string `json:\"endpoint\"`\n}\n\ntype AccessConfigForACMEDNS struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tCredentials string `json:\"credentials\"`\n}\n\ntype AccessConfigForACMEHttpReq struct {\n\tEndpoint string `json:\"endpoint\"`\n\tMode string `json:\"mode,omitempty\"`\n\tUsername string `json:\"username,omitempty\"`\n\tPassword string `json:\"password,omitempty\"`\n}\n\ntype AccessConfigForActalisSSL struct {\n\tAccessConfigForACMEExternalAccountBinding\n}\n\ntype AccessConfigForAkamai struct {\n\tHost string `json:\"host\"`\n\tClientToken string `json:\"clientToken\"`\n\tClientSecret string `json:\"clientSecret\"`\n\tAccessToken string `json:\"accessToken\"`\n}\n\ntype AccessConfigForAliyun struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n}\n\ntype AccessConfigForAPISIX struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForArvanCloud struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForAWS struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype AccessConfigForAzure struct {\n\tTenantId string `json:\"tenantId\"`\n\tClientId string `json:\"clientId\"`\n\tClientSecret string `json:\"clientSecret\"`\n\tSubscriptionId string `json:\"subscriptionId,omitempty\"`\n\tResourceGroupName string `json:\"resourceGroupName,omitempty\"`\n\tCloudName string `json:\"cloudName,omitempty\"`\n}\n\ntype AccessConfigForBaiduCloud struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype AccessConfigForBaishan struct {\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForBaotaPanel struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForBaotaPanelGo struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForBaotaWAF struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForBookMyName struct {\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n}\n\ntype AccessConfigForBunny struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForBytePlus struct {\n\tAccessKey string `json:\"accessKey\"`\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype AccessConfigForCacheFly struct {\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForCdnfly struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForCloudflare struct {\n\tDnsApiToken string `json:\"dnsApiToken\"`\n\tZoneApiToken string `json:\"zoneApiToken,omitempty\"`\n}\n\ntype AccessConfigForClouDNS struct {\n\tAuthId string `json:\"authId\"`\n\tAuthPassword string `json:\"authPassword\"`\n}\n\ntype AccessConfigForCMCCCloud struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n}\n\ntype AccessConfigForConstellix struct {\n\tApiKey string `json:\"apiKey\"`\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype AccessConfigForCPanel struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tUsername string `json:\"username\"`\n\tApiToken string `json:\"apiToken\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForCTCCCloud struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype AccessConfigForDeSEC struct {\n\tToken string `json:\"token\"`\n}\n\ntype AccessConfigForDigitalOcean struct {\n\tAccessToken string `json:\"accessToken\"`\n}\n\ntype AccessConfigForDingTalkBot struct {\n\tWebhookUrl string `json:\"webhookUrl\"`\n\tSecret string `json:\"secret,omitempty\"`\n\tCustomPayload string `json:\"customPayload,omitempty\"`\n}\n\ntype AccessConfigForDiscordBot struct {\n\tBotToken string `json:\"botToken\"`\n\tChannelId string `json:\"channelId,omitempty\"`\n}\n\ntype AccessConfigForDNSExit struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForDNSLA struct {\n\tApiId string `json:\"apiId\"`\n\tApiSecret string `json:\"apiSecret\"`\n}\n\ntype AccessConfigForDNSMadeEasy struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n}\n\ntype AccessConfigForDogeCloud struct {\n\tAccessKey string `json:\"accessKey\"`\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype AccessConfigForDokploy struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForDuckDNS struct {\n\tToken string `json:\"token\"`\n}\n\ntype AccessConfigForDynu struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForDynv6 struct {\n\tHttpToken string `json:\"httpToken\"`\n}\n\ntype AccessConfigForEmail struct {\n\tSmtpHost string `json:\"smtpHost\"`\n\tSmtpPort int32 `json:\"smtpPort\"`\n\tSmtpTls bool `json:\"smtpTls\"`\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n\tSenderAddress string `json:\"senderAddress\"`\n\tSenderName string `json:\"senderName\"`\n\tReceiverAddress string `json:\"receiverAddress,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForFlexCDN struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiRole string `json:\"apiRole\"`\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKey string `json:\"accessKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForFlyIO struct {\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForGandinet struct {\n\tPersonalAccessToken string `json:\"personalAccessToken\"`\n}\n\ntype AccessConfigForGcore struct {\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForGlobalSectigo struct {\n\tAccessConfigForACMEExternalAccountBinding\n\tValidationType string `json:\"validationType\"`\n}\n\ntype AccessConfigForGlobalSignAtlas struct {\n\tAccessConfigForACMEExternalAccountBinding\n}\n\ntype AccessConfigForGname struct {\n\tAppId string `json:\"appId\"`\n\tAppKey string `json:\"appKey\"`\n}\n\ntype AccessConfigForGoDaddy struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n}\n\ntype AccessConfigForGoEdge struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiRole string `json:\"apiRole\"`\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKey string `json:\"accessKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForGoogleTrustServices struct {\n\tAccessConfigForACMEExternalAccountBinding\n}\n\ntype AccessConfigForHetzner struct {\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForHostingde struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForHostinger struct {\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForHuaweiCloud struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n}\n\ntype AccessConfigForInfomaniak struct {\n\tAccessToken string `json:\"accessToken\"`\n}\n\ntype AccessConfigForIONOS struct {\n\tApiKeyPublicPrefix string `json:\"apiKeyPublicPrefix\"`\n\tApiKeySecret string `json:\"apiKeySecret\"`\n}\n\ntype AccessConfigForJDCloud struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n}\n\ntype AccessConfigForKong struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiToken string `json:\"apiToken,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForKubernetes struct {\n\tKubeConfig string `json:\"kubeConfig,omitempty\"`\n}\n\ntype AccessConfigForKsyun struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype AccessConfigForLarkBot struct {\n\tWebhookUrl string `json:\"webhookUrl\"`\n\tSecret string `json:\"secret,omitempty\"`\n\tCustomPayload string `json:\"customPayload,omitempty\"`\n}\n\ntype AccessConfigForLeCDN struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiVersion string `json:\"apiVersion\"`\n\tApiRole string `json:\"apiRole\"`\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForLinode struct {\n\tAccessToken string `json:\"accessToken\"`\n}\n\ntype AccessConfigForLiteSSL struct {\n\tAccessConfigForACMEExternalAccountBinding\n}\n\ntype AccessConfigForMattermost struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n\tChannelId string `json:\"channelId,omitempty\"`\n}\n\ntype AccessConfigForMohua struct {\n\tUsername string `json:\"username\"`\n\tApiPassword string `json:\"apiPassword\"`\n}\n\ntype AccessConfigForNamecheap struct {\n\tUsername string `json:\"username\"`\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForNameDotCom struct {\n\tUsername string `json:\"username\"`\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForNameSilo struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForNetcup struct {\n\tCustomerNumber string `json:\"customerNumber\"`\n\tApiKey string `json:\"apiKey\"`\n\tApiPassword string `json:\"apiPassword\"`\n}\n\ntype AccessConfigForNetlify struct {\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype AccessConfigForNginxProxyManager struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tAuthMethod string `json:\"authMethod\"`\n\tUsername string `json:\"username,omitempty\"`\n\tPassword string `json:\"password,omitempty\"`\n\tApiToken string `json:\"apiToken,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForNS1 struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForOVHcloud struct {\n\tEndpoint string `json:\"endpoint\"`\n\tAuthMethod string `json:\"authMethod\"`\n\tApplicationKey string `json:\"applicationKey,omitempty\"`\n\tApplicationSecret string `json:\"applicationSecret,omitempty\"`\n\tConsumerKey string `json:\"consumerKey,omitempty\"`\n\tClientId string `json:\"clientId,omitempty\"`\n\tClientSecret string `json:\"clientSecret,omitempty\"`\n}\n\ntype AccessConfigForPorkbun struct {\n\tApiKey string `json:\"apiKey\"`\n\tSecretApiKey string `json:\"secretApiKey\"`\n}\n\ntype AccessConfigForPowerDNS struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForProxmoxVE struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiToken string `json:\"apiToken\"`\n\tApiTokenSecret string `json:\"apiTokenSecret,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForQingCloud struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype AccessConfigForQiniu struct {\n\tAccessKey string `json:\"accessKey\"`\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype AccessConfigForRainYun struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForRatPanel struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tAccessTokenId int64 `json:\"accessTokenId\"`\n\tAccessToken string `json:\"accessToken\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForRFC2136 struct {\n\tHost string `json:\"host\"`\n\tPort int32 `json:\"port\"`\n\tTsigAlgorithm string `json:\"tsigAlgorithm,omitempty\"`\n\tTsigKey string `json:\"tsigKey,omitempty\"`\n\tTsigSecret string `json:\"tsigSecret,omitempty\"`\n}\n\ntype AccessConfigForS3 struct {\n\tEndpoint string `json:\"endpoint\"`\n\tAccessKey string `json:\"accessKey\"`\n\tSecretKey string `json:\"secretKey\"`\n\tSignatureVersion string `json:\"signatureVersion,omitempty\"`\n\tUsePathStyle bool `json:\"usePathStyle,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForSafeLine struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiToken string `json:\"apiToken\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForSlackBot struct {\n\tBotToken string `json:\"botToken\"`\n\tChannelId string `json:\"channelId,omitempty\"`\n}\n\ntype AccessConfigForSpaceship struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n}\n\ntype AccessConfigForSSH struct {\n\tHost string `json:\"host\"`\n\tPort int32 `json:\"port\"`\n\tAuthMethod string `json:\"authMethod\"`\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password,omitempty\"`\n\tKey string `json:\"key,omitempty\"`\n\tKeyPassphrase string `json:\"keyPassphrase,omitempty\"`\n\tJumpServers []struct {\n\t\tHost string `json:\"host\"`\n\t\tPort int32 `json:\"port\"`\n\t\tAuthMethod string `json:\"authMethod\"`\n\t\tUsername string `json:\"username\"`\n\t\tPassword string `json:\"password,omitempty\"`\n\t\tKey string `json:\"key,omitempty\"`\n\t\tKeyPassphrase string `json:\"keyPassphrase,omitempty\"`\n\t} `json:\"jumpServers,omitempty\"`\n}\n\ntype AccessConfigForSSLCom struct {\n\tAccessConfigForACMEExternalAccountBinding\n}\n\ntype AccessConfigForSynologyDSM struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n\tTotpSecret string `json:\"totpSecret,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForTechnitiumDNS struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiToken string `json:\"apiToken\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForTelegramBot struct {\n\tBotToken string `json:\"botToken\"`\n\tChatId string `json:\"chatId,omitempty\"`\n}\n\ntype AccessConfigForTodayNIC struct {\n\tUserId string `json:\"userId\"`\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForTencentCloud struct {\n\tSecretId string `json:\"secretId\"`\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype AccessConfigForUCloud struct {\n\tPrivateKey string `json:\"privateKey\"`\n\tPublicKey string `json:\"publicKey\"`\n\tProjectId string `json:\"projectId,omitempty\"`\n}\n\ntype AccessConfigForUniCloud struct {\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n}\n\ntype AccessConfigForUpyun struct {\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n}\n\ntype AccessConfigForVercel struct {\n\tApiAccessToken string `json:\"apiAccessToken\"`\n\tTeamId string `json:\"teamId,omitempty\"`\n}\n\ntype AccessConfigForVolcEngine struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype AccessConfigForVultr struct {\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForWangsu struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\tApiKey string `json:\"apiKey\"`\n}\n\ntype AccessConfigForWebhook struct {\n\tUrl string `json:\"url\"`\n\tMethod string `json:\"method,omitempty\"`\n\tHeadersString string `json:\"headers,omitempty\"`\n\tDataString string `json:\"data,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype AccessConfigForWeComBot struct {\n\tWebhookUrl string `json:\"webhookUrl\"`\n\tCustomPayload string `json:\"customPayload,omitempty\"`\n}\n\ntype AccessConfigForWestcn struct {\n\tUsername string `json:\"username\"`\n\tApiPassword string `json:\"apiPassword\"`\n}\n\ntype AccessConfigForXinnet struct {\n\tAgentId string `json:\"agentId\"`\n\tApiPassword string `json:\"apiPassword\"`\n}\n\ntype AccessConfigForZeroSSL struct {\n\tAccessConfigForACMEExternalAccountBinding\n}\n"
},
{
"path": "internal/domain/acme_account.go",
"content": "package domain\n\nimport (\n\t\"crypto\"\n\n\t\"github.com/go-acme/lego/v4/acme\"\n\t\"github.com/go-acme/lego/v4/registration\"\n\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\nconst CollectionNameACMEAccount = \"acme_accounts\"\n\ntype ACMEAccount struct {\n\tMeta\n\tCA string `db:\"ca\" json:\"ca\"`\n\tEmail string `db:\"email\" json:\"email\"`\n\tPrivateKey string `db:\"privateKey\" json:\"privateKey\"`\n\tACMEAccount *acme.Account `db:\"acmeAccount\" json:\"acmeAccount\"`\n\tACMEAcctUrl string `db:\"acmeAcctUrl\" json:\"acmeAcctUrl\"`\n\tACMEDirUrl string `db:\"acmeDirUrl\" json:\"acmeDirUrl\"`\n}\n\nfunc (a *ACMEAccount) GetEmail() string {\n\treturn a.Email\n}\n\nfunc (a *ACMEAccount) GetRegistration() *registration.Resource {\n\tif a.ACMEAccount == nil {\n\t\treturn nil\n\t}\n\n\treturn ®istration.Resource{\n\t\tBody: *a.ACMEAccount,\n\t\tURI: a.ACMEAcctUrl,\n\t}\n}\n\nfunc (a *ACMEAccount) GetPrivateKey() crypto.PrivateKey {\n\tif a.PrivateKey == \"\" {\n\t\treturn nil\n\t}\n\n\trs, _ := xcert.ParsePrivateKeyFromPEM(a.PrivateKey)\n\treturn rs\n}\n"
},
{
"path": "internal/domain/certificate.go",
"content": "package domain\n\nimport (\n\t\"crypto/x509\"\n\t\"fmt\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/certcrypto\"\n\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcertkey \"github.com/certimate-go/certimate/pkg/utils/cert/key\"\n\txcertx509 \"github.com/certimate-go/certimate/pkg/utils/cert/x509\"\n)\n\nconst CollectionNameCertificate = \"certificate\"\n\ntype Certificate struct {\n\tMeta\n\tSource CertificateSourceType `db:\"source\" json:\"source\"`\n\tSubjectAltNames string `db:\"subjectAltNames\" json:\"subjectAltNames\"`\n\tSerialNumber string `db:\"serialNumber\" json:\"serialNumber\"`\n\tCertificate string `db:\"certificate\" json:\"certificate\"`\n\tPrivateKey string `db:\"privateKey\" json:\"privateKey\"`\n\tIssuerOrg string `db:\"issuerOrg\" json:\"issuerOrg\"`\n\tIssuerCertificate string `db:\"issuerCertificate\" json:\"issuerCertificate\"`\n\tKeyAlgorithm CertificateKeyAlgorithmType `db:\"keyAlgorithm\" json:\"keyAlgorithm\"`\n\tValidityNotBefore time.Time `db:\"validityNotBefore\" json:\"validityNotBefore\"`\n\tValidityNotAfter time.Time `db:\"validityNotAfter\" json:\"validityNotAfter\"`\n\tValidityInterval int32 `db:\"validityInterval\" json:\"validityInterval\"`\n\tACMEAcctUrl string `db:\"acmeAcctUrl\" json:\"acmeAcctUrl\"`\n\tACMECertUrl string `db:\"acmeCertUrl\" json:\"acmeCertUrl\"`\n\tIsRenewed bool `db:\"isRenewed\" json:\"isRenewed\"`\n\tIsRevoked bool `db:\"isRevoked\" json:\"isRevoked\"`\n\tWorkflowId string `db:\"workflowRef\" json:\"workflowId\"`\n\tWorkflowRunId string `db:\"workflowRunRef\" json:\"workflowRunId\"`\n\tWorkflowNodeId string `db:\"workflowNodeId\" json:\"workflowNodeId\"`\n\tDeletedAt *time.Time `db:\"deleted\" json:\"deleted\"`\n}\n\nfunc (c *Certificate) PopulateFromX509(certX509 *x509.Certificate) *Certificate {\n\tc.SubjectAltNames = strings.Join(xcertx509.GetSubjectAltNames(certX509), \";\")\n\tc.SerialNumber = strings.ToUpper(certX509.SerialNumber.Text(16))\n\tc.IssuerOrg = strings.Join(certX509.Issuer.Organization, \";\")\n\tc.ValidityNotBefore = certX509.NotBefore\n\tc.ValidityNotAfter = certX509.NotAfter\n\tc.ValidityInterval = int32(certX509.NotAfter.Sub(certX509.NotBefore).Seconds())\n\n\tkeyAlgorithm, keySize, _ := xcertkey.GetPublicKeyAlgorithm(certX509.PublicKey)\n\tswitch keyAlgorithm {\n\tcase x509.RSA:\n\t\tc.KeyAlgorithm = CertificateKeyAlgorithmType(fmt.Sprintf(\"RSA%d\", keySize))\n\tcase x509.ECDSA:\n\t\tc.KeyAlgorithm = CertificateKeyAlgorithmType(fmt.Sprintf(\"EC%d\", keySize))\n\tcase x509.Ed25519:\n\t\tc.KeyAlgorithm = CertificateKeyAlgorithmType(\"Ed25519\")\n\tdefault:\n\t\tc.KeyAlgorithm = CertificateKeyAlgorithmType(\"\")\n\t}\n\n\treturn c\n}\n\nfunc (c *Certificate) PopulateFromPEM(certPEM, privkeyPEM string) *Certificate {\n\tc.Certificate = certPEM\n\tc.PrivateKey = privkeyPEM\n\n\t_, issuerCertPEM, _ := xcert.ExtractCertificatesFromPEM(certPEM)\n\tc.IssuerCertificate = issuerCertPEM\n\n\tcertX509, _ := xcert.ParseCertificateFromPEM(certPEM)\n\tif certX509 != nil {\n\t\treturn c.PopulateFromX509(certX509)\n\t}\n\n\treturn c\n}\n\ntype CertificateSourceType string\n\nconst (\n\tCertificateSourceTypeRequest = CertificateSourceType(\"request\")\n\tCertificateSourceTypeUpload = CertificateSourceType(\"upload\")\n)\n\ntype CertificateKeyAlgorithmType string\n\nconst (\n\tCertificateKeyAlgorithmTypeRSA2048 = CertificateKeyAlgorithmType(\"RSA2048\")\n\tCertificateKeyAlgorithmTypeRSA3072 = CertificateKeyAlgorithmType(\"RSA3072\")\n\tCertificateKeyAlgorithmTypeRSA4096 = CertificateKeyAlgorithmType(\"RSA4096\")\n\tCertificateKeyAlgorithmTypeRSA8192 = CertificateKeyAlgorithmType(\"RSA8192\")\n\tCertificateKeyAlgorithmTypeEC256 = CertificateKeyAlgorithmType(\"EC256\")\n\tCertificateKeyAlgorithmTypeEC384 = CertificateKeyAlgorithmType(\"EC384\")\n\tCertificateKeyAlgorithmTypeEC512 = CertificateKeyAlgorithmType(\"EC512\")\n)\n\nfunc (t CertificateKeyAlgorithmType) KeyType() (certcrypto.KeyType, error) {\n\tkeyTypeMap := map[CertificateKeyAlgorithmType]certcrypto.KeyType{\n\t\tCertificateKeyAlgorithmTypeRSA2048: certcrypto.RSA2048,\n\t\tCertificateKeyAlgorithmTypeRSA3072: certcrypto.RSA3072,\n\t\tCertificateKeyAlgorithmTypeRSA4096: certcrypto.RSA4096,\n\t\tCertificateKeyAlgorithmTypeRSA8192: certcrypto.RSA8192,\n\t\tCertificateKeyAlgorithmTypeEC256: certcrypto.EC256,\n\t\tCertificateKeyAlgorithmTypeEC384: certcrypto.EC384,\n\t}\n\n\tif keyType, ok := keyTypeMap[t]; ok {\n\t\treturn keyType, nil\n\t}\n\n\treturn certcrypto.RSA2048, fmt.Errorf(\"unsupported key algorithm type: '%s'\", t)\n}\n\ntype CertificateFormatType string\n\nconst (\n\tCertificateFormatTypePEM CertificateFormatType = \"PEM\"\n\tCertificateFormatTypePFX CertificateFormatType = \"PFX\"\n\tCertificateFormatTypeJKS CertificateFormatType = \"JKS\"\n)\n"
},
{
"path": "internal/domain/dtos/certificate.go",
"content": "package dtos\n\ntype CertificateDownloadReq struct {\n\tCertificateId string `json:\"-\"`\n\tCertificateFormat string `json:\"format\"`\n}\n\ntype CertificateDownloadResp struct {\n\tFileBytes []byte `json:\"fileBytes\"`\n\tFileFormat string `json:\"fileFormat\"`\n}\n\ntype CertificateRevokeReq struct {\n\tCertificateId string `json:\"-\"`\n}\n\ntype CertificateRevokeResp struct{}\n"
},
{
"path": "internal/domain/dtos/notify.go",
"content": "package dtos\n\ntype NotifyTestPushReq struct {\n\tProvider string `json:\"provider\"`\n\tAccessId string `json:\"accessId\"`\n}\n\ntype NotifyTestPushResp struct{}\n"
},
{
"path": "internal/domain/dtos/workflow.go",
"content": "package dtos\n\nimport \"github.com/certimate-go/certimate/internal/domain\"\n\ntype WorkflowStartRunReq struct {\n\tWorkflowId string `json:\"-\"`\n\tRunTrigger domain.WorkflowTriggerType `json:\"trigger\"`\n}\n\ntype WorkflowStartRunResp struct {\n\tRunId string `json:\"runId\"`\n}\n\ntype WorkflowCancelRunReq struct {\n\tWorkflowId string `json:\"-\"`\n\tRunId string `json:\"-\"`\n}\n\ntype WorkflowCancelRunResp struct{}\n\ntype WorkflowStatisticsResp struct {\n\tConcurrency int `json:\"concurrency\"`\n\tPendingRunIds []string `json:\"pendingRunIds\"`\n\tProcessingRunIds []string `json:\"processingRunIds\"`\n}\n"
},
{
"path": "internal/domain/error.go",
"content": "package domain\n\nvar (\n\tErrInvalidParams = NewError(400, \"invalid params\")\n\tErrRecordNotFound = NewError(404, \"record not found\")\n)\n\ntype Error struct {\n\tCode int `json:\"code\"`\n\tMsg string `json:\"msg\"`\n}\n\nfunc NewError(code int, msg string) *Error {\n\tif code == 0 {\n\t\tcode = -1\n\t}\n\n\treturn &Error{code, msg}\n}\n\nfunc (e *Error) Error() string {\n\treturn e.Msg\n}\n\nfunc IsRecordNotFoundError(err error) bool {\n\tif e, ok := err.(*Error); ok {\n\t\treturn e.Code == ErrRecordNotFound.Code\n\t}\n\treturn false\n}\n"
},
{
"path": "internal/domain/expr/expr.go",
"content": "package expr\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"strconv\"\n)\n\ntype (\n\tExprType string\n\tExprComparisonOperator string\n\tExprLogicalOperator string\n\tExprValueType string\n)\n\nconst (\n\tGreaterThan ExprComparisonOperator = \"gt\"\n\tGreaterOrEqual ExprComparisonOperator = \"gte\"\n\tLessThan ExprComparisonOperator = \"lt\"\n\tLessOrEqual ExprComparisonOperator = \"lte\"\n\tEqual ExprComparisonOperator = \"eq\"\n\tNotEqual ExprComparisonOperator = \"neq\"\n\n\tAnd ExprLogicalOperator = \"and\"\n\tOr ExprLogicalOperator = \"or\"\n\tNot ExprLogicalOperator = \"not\"\n\n\tNumber ExprValueType = \"number\"\n\tString ExprValueType = \"string\"\n\tBoolean ExprValueType = \"boolean\"\n\n\tConstantExprType ExprType = \"const\"\n\tVariantExprType ExprType = \"var\"\n\tComparisonExprType ExprType = \"comparison\"\n\tLogicalExprType ExprType = \"logical\"\n\tNotExprType ExprType = \"not\"\n)\n\ntype EvalResult struct {\n\tType ExprValueType\n\tValue any\n}\n\nfunc (e *EvalResult) GetFloat64() (float64, error) {\n\tif e.Type != Number {\n\t\treturn 0, fmt.Errorf(\"type mismatch: %s\", e.Type)\n\t}\n\n\tstringValue, ok := e.Value.(string)\n\tif !ok {\n\t\treturn 0, fmt.Errorf(\"value is not a string: %v\", e.Value)\n\t}\n\n\tfloatValue, err := strconv.ParseFloat(stringValue, 64)\n\tif err != nil {\n\t\treturn 0, fmt.Errorf(\"failed to parse float64: %w\", err)\n\t}\n\treturn floatValue, nil\n}\n\nfunc (e *EvalResult) GetBool() (bool, error) {\n\tif e.Type != Boolean {\n\t\treturn false, fmt.Errorf(\"type mismatch: %s\", e.Type)\n\t}\n\n\tstrValue, ok := e.Value.(string)\n\tif ok {\n\t\tif strValue == \"true\" {\n\t\t\treturn true, nil\n\t\t} else if strValue == \"false\" {\n\t\t\treturn false, nil\n\t\t}\n\t\treturn false, fmt.Errorf(\"value is not a boolean: %v\", e.Value)\n\t}\n\n\tboolValue, ok := e.Value.(bool)\n\tif !ok {\n\t\treturn false, fmt.Errorf(\"value is not a boolean: %v\", e.Value)\n\t}\n\n\treturn boolValue, nil\n}\n\nfunc (e *EvalResult) GreaterThan(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase String:\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: e.Value.(string) > other.Value.(string),\n\t\t}, nil\n\n\tcase Number:\n\t\tleft, err := e.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left > right,\n\t\t}, nil\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) GreaterOrEqual(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase String:\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: e.Value.(string) >= other.Value.(string),\n\t\t}, nil\n\n\tcase Number:\n\t\tleft, err := e.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left >= right,\n\t\t}, nil\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) LessThan(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase String:\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: e.Value.(string) < other.Value.(string),\n\t\t}, nil\n\n\tcase Number:\n\t\tleft, err := e.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left < right,\n\t\t}, nil\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) LessOrEqual(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase String:\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: e.Value.(string) <= other.Value.(string),\n\t\t}, nil\n\n\tcase Number:\n\t\tleft, err := e.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left <= right,\n\t\t}, nil\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) Equal(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase String:\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: e.Value.(string) == other.Value.(string),\n\t\t}, nil\n\n\tcase Number:\n\t\tleft, err := e.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left == right,\n\t\t}, nil\n\n\tcase Boolean:\n\t\tleft, err := e.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left == right,\n\t\t}, nil\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) NotEqual(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase String:\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: e.Value.(string) != other.Value.(string),\n\t\t}, nil\n\n\tcase Number:\n\t\tleft, err := e.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetFloat64()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left != right,\n\t\t}, nil\n\n\tcase Boolean:\n\t\tleft, err := e.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left != right,\n\t\t}, nil\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) And(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase Boolean:\n\t\tleft, err := e.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left && right,\n\t\t}, nil\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) Or(other *EvalResult) (*EvalResult, error) {\n\tif e.Type != other.Type {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s vs %s\", e.Type, other.Type)\n\t}\n\n\tswitch e.Type {\n\tcase Boolean:\n\t\tleft, err := e.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tright, err := other.GetBool()\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\treturn &EvalResult{\n\t\t\tType: Boolean,\n\t\t\tValue: left || right,\n\t\t}, nil\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported value type: %s\", e.Type)\n\t}\n}\n\nfunc (e *EvalResult) Not() (*EvalResult, error) {\n\tif e.Type != Boolean {\n\t\treturn nil, fmt.Errorf(\"type mismatch: %s\", e.Type)\n\t}\n\n\tboolValue, err := e.GetBool()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &EvalResult{\n\t\tType: Boolean,\n\t\tValue: !boolValue,\n\t}, nil\n}\n\ntype Expr interface {\n\tGetType() ExprType\n\tEval(variables map[string]map[string]any) (*EvalResult, error)\n}\n\ntype ExprValueSelector struct {\n\tId string `json:\"id\"`\n\tName string `json:\"name\"`\n\tType ExprValueType `json:\"type\"`\n}\n\ntype ConstantExpr struct {\n\tType ExprType `json:\"type\"`\n\tValue string `json:\"value\"`\n\tValueType ExprValueType `json:\"valueType\"`\n}\n\nfunc (c ConstantExpr) GetType() ExprType { return c.Type }\n\nfunc (c ConstantExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {\n\treturn &EvalResult{\n\t\tType: c.ValueType,\n\t\tValue: c.Value,\n\t}, nil\n}\n\ntype VariantExpr struct {\n\tType ExprType `json:\"type\"`\n\tSelector ExprValueSelector `json:\"selector\"`\n}\n\nfunc (v VariantExpr) GetType() ExprType { return v.Type }\n\nfunc (v VariantExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {\n\tif v.Selector.Id == \"\" {\n\t\treturn nil, fmt.Errorf(\"node id is empty\")\n\t}\n\tif v.Selector.Name == \"\" {\n\t\treturn nil, fmt.Errorf(\"name is empty\")\n\t}\n\n\tif _, ok := variables[v.Selector.Id]; !ok {\n\t\treturn nil, fmt.Errorf(\"node %s not found\", v.Selector.Id)\n\t}\n\n\tif _, ok := variables[v.Selector.Id][v.Selector.Name]; !ok {\n\t\treturn nil, fmt.Errorf(\"variable %s not found in node %s\", v.Selector.Name, v.Selector.Id)\n\t}\n\treturn &EvalResult{\n\t\tType: v.Selector.Type,\n\t\tValue: variables[v.Selector.Id][v.Selector.Name],\n\t}, nil\n}\n\ntype ComparisonExpr struct {\n\tType ExprType `json:\"type\"` // compare\n\tOperator ExprComparisonOperator `json:\"operator\"`\n\tLeft Expr `json:\"left\"`\n\tRight Expr `json:\"right\"`\n}\n\nfunc (c ComparisonExpr) GetType() ExprType { return c.Type }\n\nfunc (c ComparisonExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {\n\tleft, err := c.Left.Eval(variables)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tright, err := c.Right.Eval(variables)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tswitch c.Operator {\n\tcase GreaterThan:\n\t\treturn left.GreaterThan(right)\n\tcase LessThan:\n\t\treturn left.LessThan(right)\n\tcase GreaterOrEqual:\n\t\treturn left.GreaterOrEqual(right)\n\tcase LessOrEqual:\n\t\treturn left.LessOrEqual(right)\n\tcase Equal:\n\t\treturn left.Equal(right)\n\tcase NotEqual:\n\t\treturn left.NotEqual(right)\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unknown expression operator: %s\", c.Operator)\n\t}\n}\n\ntype LogicalExpr struct {\n\tType ExprType `json:\"type\"` // logical\n\tOperator ExprLogicalOperator `json:\"operator\"`\n\tLeft Expr `json:\"left\"`\n\tRight Expr `json:\"right\"`\n}\n\nfunc (l LogicalExpr) GetType() ExprType { return l.Type }\n\nfunc (l LogicalExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {\n\tleft, err := l.Left.Eval(variables)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tright, err := l.Right.Eval(variables)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tswitch l.Operator {\n\tcase And:\n\t\treturn left.And(right)\n\tcase Or:\n\t\treturn left.Or(right)\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unknown expression operator: %s\", l.Operator)\n\t}\n}\n\ntype NotExpr struct {\n\tType ExprType `json:\"type\"` // not\n\tExpr Expr `json:\"expr\"`\n}\n\nfunc (n NotExpr) GetType() ExprType { return n.Type }\n\nfunc (n NotExpr) Eval(variables map[string]map[string]any) (*EvalResult, error) {\n\tinner, err := n.Expr.Eval(variables)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\treturn inner.Not()\n}\n\ntype rawExpr struct {\n\tType ExprType `json:\"type\"`\n}\n\nfunc MarshalExpr(e Expr) ([]byte, error) {\n\treturn json.Marshal(e)\n}\n\nfunc UnmarshalExpr(data []byte) (Expr, error) {\n\tvar typ rawExpr\n\tif err := json.Unmarshal(data, &typ); err != nil {\n\t\treturn nil, err\n\t}\n\n\tswitch typ.Type {\n\tcase ConstantExprType:\n\t\tvar e ConstantExpr\n\t\tif err := json.Unmarshal(data, &e); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn e, nil\n\tcase VariantExprType:\n\t\tvar e VariantExpr\n\t\tif err := json.Unmarshal(data, &e); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn e, nil\n\tcase ComparisonExprType:\n\t\tvar e ComparisonExprRaw\n\t\tif err := json.Unmarshal(data, &e); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn e.ToComparisonExpr()\n\tcase LogicalExprType:\n\t\tvar e LogicalExprRaw\n\t\tif err := json.Unmarshal(data, &e); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn e.ToLogicalExpr()\n\tcase NotExprType:\n\t\tvar e NotExprRaw\n\t\tif err := json.Unmarshal(data, &e); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\treturn e.ToNotExpr()\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unknown expression type: %s\", typ.Type)\n\t}\n}\n\ntype ComparisonExprRaw struct {\n\tType ExprType `json:\"type\"`\n\tOperator ExprComparisonOperator `json:\"operator\"`\n\tLeft json.RawMessage `json:\"left\"`\n\tRight json.RawMessage `json:\"right\"`\n}\n\nfunc (r ComparisonExprRaw) ToComparisonExpr() (ComparisonExpr, error) {\n\tleftExpr, err := UnmarshalExpr(r.Left)\n\tif err != nil {\n\t\treturn ComparisonExpr{}, err\n\t}\n\trightExpr, err := UnmarshalExpr(r.Right)\n\tif err != nil {\n\t\treturn ComparisonExpr{}, err\n\t}\n\treturn ComparisonExpr{\n\t\tType: r.Type,\n\t\tOperator: r.Operator,\n\t\tLeft: leftExpr,\n\t\tRight: rightExpr,\n\t}, nil\n}\n\ntype LogicalExprRaw struct {\n\tType ExprType `json:\"type\"`\n\tOperator ExprLogicalOperator `json:\"operator\"`\n\tLeft json.RawMessage `json:\"left\"`\n\tRight json.RawMessage `json:\"right\"`\n}\n\nfunc (r LogicalExprRaw) ToLogicalExpr() (LogicalExpr, error) {\n\tleft, err := UnmarshalExpr(r.Left)\n\tif err != nil {\n\t\treturn LogicalExpr{}, err\n\t}\n\tright, err := UnmarshalExpr(r.Right)\n\tif err != nil {\n\t\treturn LogicalExpr{}, err\n\t}\n\treturn LogicalExpr{\n\t\tType: r.Type,\n\t\tOperator: r.Operator,\n\t\tLeft: left,\n\t\tRight: right,\n\t}, nil\n}\n\ntype NotExprRaw struct {\n\tType ExprType `json:\"type\"`\n\tExpr json.RawMessage `json:\"expr\"`\n}\n\nfunc (r NotExprRaw) ToNotExpr() (NotExpr, error) {\n\tinner, err := UnmarshalExpr(r.Expr)\n\tif err != nil {\n\t\treturn NotExpr{}, err\n\t}\n\treturn NotExpr{\n\t\tType: r.Type,\n\t\tExpr: inner,\n\t}, nil\n}\n"
},
{
"path": "internal/domain/expr/expr_test.go",
"content": "package expr\n\nimport (\n\t\"testing\"\n)\n\nfunc TestLogicalEval(t *testing.T) {\n\t// 测试逻辑表达式 and\n\tlogicalExpr := LogicalExpr{\n\t\tLeft: ConstantExpr{\n\t\t\tType: \"const\",\n\t\t\tValue: \"true\",\n\t\t\tValueType: \"boolean\",\n\t\t},\n\t\tOperator: And,\n\t\tRight: ConstantExpr{\n\t\t\tType: \"const\",\n\t\t\tValue: \"true\",\n\t\t\tValueType: \"boolean\",\n\t\t},\n\t}\n\tresult, err := logicalExpr.Eval(nil)\n\tif err != nil {\n\t\tt.Errorf(\"failed to evaluate logical expression: %v\", err)\n\t}\n\tif result.Value != true {\n\t\tt.Errorf(\"expected true, got %v\", result)\n\t}\n\n\t// 测试逻辑表达式 or\n\torExpr := LogicalExpr{\n\t\tLeft: ConstantExpr{\n\t\t\tType: \"const\",\n\t\t\tValue: \"true\",\n\t\t\tValueType: \"boolean\",\n\t\t},\n\t\tOperator: Or,\n\t\tRight: ConstantExpr{\n\t\t\tType: \"const\",\n\t\t\tValue: \"true\",\n\t\t\tValueType: \"boolean\",\n\t\t},\n\t}\n\tresult, err = orExpr.Eval(nil)\n\tif err != nil {\n\t\tt.Errorf(\"failed to evaluate logical expression: %v\", err)\n\t}\n\tif result.Value != true {\n\t\tt.Errorf(\"expected true, got %v\", result)\n\t}\n}\n\nfunc TestUnmarshalExpr(t *testing.T) {\n\ttype args struct {\n\t\tdata []byte\n\t}\n\ttests := []struct {\n\t\tname string\n\t\targs args\n\t\twant Expr\n\t\twantErr bool\n\t}{\n\t\t{\n\t\t\tname: \"test1\",\n\t\t\targs: args{\n\t\t\t\tdata: []byte(`{\"left\":{\"left\":{\"selector\":{\"id\":\"ODnYSOXB6HQP2_vz6JcZE\",\"name\":\"certificate.validity\",\"type\":\"boolean\"},\"type\":\"var\"},\"operator\":\"is\",\"right\":{\"type\":\"const\",\"value\":true,\"valueType\":\"boolean\"},\"type\":\"comparison\"},\"operator\":\"and\",\"right\":{\"left\":{\"selector\":{\"id\":\"ODnYSOXB6HQP2_vz6JcZE\",\"name\":\"certificate.daysLeft\",\"type\":\"number\"},\"type\":\"var\"},\"operator\":\"eq\",\"right\":{\"type\":\"const\",\"value\":2,\"valueType\":\"number\"},\"type\":\"comparison\"},\"type\":\"logical\"}`),\n\t\t\t},\n\t\t},\n\t}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tgot, err := UnmarshalExpr(tt.args.data)\n\t\t\tif (err != nil) != tt.wantErr {\n\t\t\t\tt.Errorf(\"UnmarshalExpr() error = %v, wantErr %v\", err, tt.wantErr)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tif got == nil {\n\t\t\t\tt.Errorf(\"UnmarshalExpr() got = nil, want %v\", tt.want)\n\t\t\t\treturn\n\t\t\t}\n\t\t})\n\t}\n}\n\nfunc TestExpr_Eval(t *testing.T) {\n\ttype args struct {\n\t\tvariables map[string]map[string]any\n\t\tdata []byte\n\t}\n\ttests := []struct {\n\t\tname string\n\t\targs args\n\t\twant *EvalResult\n\t\twantErr bool\n\t}{\n\t\t{\n\t\t\tname: \"test1\",\n\t\t\targs: args{\n\t\t\t\tvariables: map[string]map[string]any{\n\t\t\t\t\t\"ODnYSOXB6HQP2_vz6JcZE\": {\n\t\t\t\t\t\t\"certificate.validity\": true,\n\t\t\t\t\t\t\"certificate.daysLeft\": 2,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tdata: []byte(`{\"left\":{\"left\":{\"selector\":{\"id\":\"ODnYSOXB6HQP2_vz6JcZE\",\"name\":\"certificate.validity\",\"type\":\"boolean\"},\"type\":\"var\"},\"operator\":\"is\",\"right\":{\"type\":\"const\",\"value\":true,\"valueType\":\"boolean\"},\"type\":\"comparison\"},\"operator\":\"and\",\"right\":{\"left\":{\"selector\":{\"id\":\"ODnYSOXB6HQP2_vz6JcZE\",\"name\":\"certificate.daysLeft\",\"type\":\"number\"},\"type\":\"var\"},\"operator\":\"eq\",\"right\":{\"type\":\"const\",\"value\":2,\"valueType\":\"number\"},\"type\":\"comparison\"},\"type\":\"logical\"}`),\n\t\t\t},\n\t\t},\n\t}\n\tfor _, tt := range tests {\n\t\tt.Run(tt.name, func(t *testing.T) {\n\t\t\tc, err := UnmarshalExpr(tt.args.data)\n\t\t\tif err != nil {\n\t\t\t\tt.Errorf(\"UnmarshalExpr() error = %v\", err)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tgot, err := c.Eval(tt.args.variables)\n\t\t\tt.Log(\"got:\", got)\n\t\t\tif (err != nil) != tt.wantErr {\n\t\t\t\tt.Errorf(\"ConstExpr.Eval() error = %v, wantErr %v\", err, tt.wantErr)\n\t\t\t\treturn\n\t\t\t}\n\t\t\tif got.Value != true {\n\t\t\t\tt.Errorf(\"ConstExpr.Eval() got = %v, want %v\", got.Value, true)\n\t\t\t}\n\t\t})\n\t}\n}\n"
},
{
"path": "internal/domain/meta.go",
"content": "package domain\n\nimport \"time\"\n\ntype Meta struct {\n\tId string `db:\"id\" json:\"id\"`\n\tCreatedAt time.Time `db:\"created\" json:\"created\"`\n\tUpdatedAt time.Time `db:\"updated\" json:\"updated\"`\n}\n"
},
{
"path": "internal/domain/provider.go",
"content": "package domain\n\ntype AccessProviderType string\n\n/*\n授权提供商类型常量值。\n\n注意:如果追加新的常量值,请保持以 ASCII 排序。\nNOTICE: If you add new constant, please keep ASCII order.\n*/\nconst (\n\tAccessProviderType1Panel = AccessProviderType(\"1panel\")\n\tAccessProviderType35cn = AccessProviderType(\"35cn\")\n\tAccessProviderType51DNScom = AccessProviderType(\"51dnscom\")\n\tAccessProviderTypeACMECA = AccessProviderType(\"acmeca\")\n\tAccessProviderTypeACMEDNS = AccessProviderType(\"acmedns\")\n\tAccessProviderTypeACMEHttpReq = AccessProviderType(\"acmehttpreq\")\n\tAccessProviderTypeActalisSSL = AccessProviderType(\"actalisssl\")\n\tAccessProviderTypeAkamai = AccessProviderType(\"akamai\")\n\tAccessProviderTypeAliyun = AccessProviderType(\"aliyun\")\n\tAccessProviderTypeAPISIX = AccessProviderType(\"apisix\")\n\tAccessProviderTypeArvanCloud = AccessProviderType(\"arvancloud\")\n\tAccessProviderTypeAWS = AccessProviderType(\"aws\")\n\tAccessProviderTypeAzure = AccessProviderType(\"azure\")\n\tAccessProviderTypeBaiduCloud = AccessProviderType(\"baiducloud\")\n\tAccessProviderTypeBaishan = AccessProviderType(\"baishan\")\n\tAccessProviderTypeBaotaPanel = AccessProviderType(\"baotapanel\")\n\tAccessProviderTypeBaotaPanelGo = AccessProviderType(\"baotapanelgo\")\n\tAccessProviderTypeBaotaWAF = AccessProviderType(\"baotawaf\")\n\tAccessProviderTypeBookMyName = AccessProviderType(\"bookmyname\")\n\tAccessProviderTypeBunny = AccessProviderType(\"bunny\")\n\tAccessProviderTypeBytePlus = AccessProviderType(\"byteplus\")\n\tAccessProviderTypeCacheFly = AccessProviderType(\"cachefly\")\n\tAccessProviderTypeCdnfly = AccessProviderType(\"cdnfly\")\n\tAccessProviderTypeCloudflare = AccessProviderType(\"cloudflare\")\n\tAccessProviderTypeClouDNS = AccessProviderType(\"cloudns\")\n\tAccessProviderTypeCMCCCloud = AccessProviderType(\"cmcccloud\")\n\tAccessProviderTypeConstellix = AccessProviderType(\"constellix\")\n\tAccessProviderTypeCPanel = AccessProviderType(\"cpanel\")\n\tAccessProviderTypeCTCCCloud = AccessProviderType(\"ctcccloud\")\n\tAccessProviderTypeCUCCCloud = AccessProviderType(\"cucccloud\") // 联通云(预留)\n\tAccessProviderTypeDeSEC = AccessProviderType(\"desec\")\n\tAccessProviderTypeDigiCert = AccessProviderType(\"digicert\")\n\tAccessProviderTypeDigitalOcean = AccessProviderType(\"digitalocean\")\n\tAccessProviderTypeDingTalkBot = AccessProviderType(\"dingtalkbot\")\n\tAccessProviderTypeDiscordBot = AccessProviderType(\"discordbot\")\n\tAccessProviderTypeDNSExit = AccessProviderType(\"dnsexit\")\n\tAccessProviderTypeDNSLA = AccessProviderType(\"dnsla\")\n\tAccessProviderTypeDNSMadeEasy = AccessProviderType(\"dnsmadeeasy\")\n\tAccessProviderTypeDogeCloud = AccessProviderType(\"dogecloud\")\n\tAccessProviderTypeDokploy = AccessProviderType(\"dokploy\")\n\tAccessProviderTypeDuckDNS = AccessProviderType(\"duckdns\")\n\tAccessProviderTypeDynu = AccessProviderType(\"dynu\")\n\tAccessProviderTypeDynv6 = AccessProviderType(\"dynv6\")\n\tAccessProviderTypeEmail = AccessProviderType(\"email\")\n\tAccessProviderTypeFastly = AccessProviderType(\"fastly\") // Fastly(预留)\n\tAccessProviderTypeFlexCDN = AccessProviderType(\"flexcdn\")\n\tAccessProviderTypeFlyIO = AccessProviderType(\"flyio\")\n\tAccessProviderTypeGandinet = AccessProviderType(\"gandinet\")\n\tAccessProviderTypeGcore = AccessProviderType(\"gcore\")\n\tAccessProviderTypeGlobalSignAtlas = AccessProviderType(\"globalsignatlas\")\n\tAccessProviderTypeGname = AccessProviderType(\"gname\")\n\tAccessProviderTypeGoDaddy = AccessProviderType(\"godaddy\")\n\tAccessProviderTypeGoEdge = AccessProviderType(\"goedge\")\n\tAccessProviderTypeGoogleTrustServices = AccessProviderType(\"googletrustservices\")\n\tAccessProviderTypeHetzner = AccessProviderType(\"hetzner\")\n\tAccessProviderTypeHostingde = AccessProviderType(\"hostingde\")\n\tAccessProviderTypeHostinger = AccessProviderType(\"hostinger\")\n\tAccessProviderTypeHuaweiCloud = AccessProviderType(\"huaweicloud\")\n\tAccessProviderTypeInfomaniak = AccessProviderType(\"infomaniak\")\n\tAccessProviderTypeIONOS = AccessProviderType(\"ionos\")\n\tAccessProviderTypeJDCloud = AccessProviderType(\"jdcloud\")\n\tAccessProviderTypeKong = AccessProviderType(\"kong\")\n\tAccessProviderTypeKsyun = AccessProviderType(\"ksyun\")\n\tAccessProviderTypeKubernetes = AccessProviderType(\"k8s\")\n\tAccessProviderTypeLarkBot = AccessProviderType(\"larkbot\")\n\tAccessProviderTypeLeCDN = AccessProviderType(\"lecdn\")\n\tAccessProviderTypeLetsEncrypt = AccessProviderType(\"letsencrypt\")\n\tAccessProviderTypeLetsEncryptStaging = AccessProviderType(\"letsencryptstaging\")\n\tAccessProviderTypeLinode = AccessProviderType(\"linode\")\n\tAccessProviderTypeLiteSSL = AccessProviderType(\"litessl\")\n\tAccessProviderTypeLocal = AccessProviderType(\"local\")\n\tAccessProviderTypeMattermost = AccessProviderType(\"mattermost\")\n\tAccessProviderTypeMohua = AccessProviderType(\"mohua\")\n\tAccessProviderTypeNamecheap = AccessProviderType(\"namecheap\")\n\tAccessProviderTypeNameDotCom = AccessProviderType(\"namedotcom\")\n\tAccessProviderTypeNameSilo = AccessProviderType(\"namesilo\")\n\tAccessProviderTypeNetcup = AccessProviderType(\"netcup\")\n\tAccessProviderTypeNetlify = AccessProviderType(\"netlify\")\n\tAccessProviderTypeNginxProxyManager = AccessProviderType(\"nginxproxymanager\")\n\tAccessProviderTypeNS1 = AccessProviderType(\"ns1\")\n\tAccessProviderTypeOVHcloud = AccessProviderType(\"ovhcloud\")\n\tAccessProviderTypePorkbun = AccessProviderType(\"porkbun\")\n\tAccessProviderTypePowerDNS = AccessProviderType(\"powerdns\")\n\tAccessProviderTypeProxmoxVE = AccessProviderType(\"proxmoxve\")\n\tAccessProviderTypeQiniu = AccessProviderType(\"qiniu\")\n\tAccessProviderTypeQingCloud = AccessProviderType(\"qingcloud\")\n\tAccessProviderTypeRainYun = AccessProviderType(\"rainyun\")\n\tAccessProviderTypeRatPanel = AccessProviderType(\"ratpanel\")\n\tAccessProviderTypeRFC2136 = AccessProviderType(\"rfc2136\")\n\tAccessProviderTypeS3 = AccessProviderType(\"s3\")\n\tAccessProviderTypeSafeLine = AccessProviderType(\"safeline\")\n\tAccessProviderTypeSectigo = AccessProviderType(\"sectigo\")\n\tAccessProviderTypeSlackBot = AccessProviderType(\"slackbot\")\n\tAccessProviderTypeSpaceship = AccessProviderType(\"spaceship\")\n\tAccessProviderTypeSSH = AccessProviderType(\"ssh\")\n\tAccessProviderTypeSSLCOM = AccessProviderType(\"sslcom\")\n\tAccessProviderTypeSynologyDSM = AccessProviderType(\"synologydsm\")\n\tAccessProviderTypeTechnitiumDNS = AccessProviderType(\"technitiumdns\")\n\tAccessProviderTypeTelegramBot = AccessProviderType(\"telegrambot\")\n\tAccessProviderTypeTencentCloud = AccessProviderType(\"tencentcloud\")\n\tAccessProviderTypeTodayNIC = AccessProviderType(\"todaynic\")\n\tAccessProviderTypeUCloud = AccessProviderType(\"ucloud\")\n\tAccessProviderTypeUniCloud = AccessProviderType(\"unicloud\")\n\tAccessProviderTypeUpyun = AccessProviderType(\"upyun\")\n\tAccessProviderTypeVercel = AccessProviderType(\"vercel\")\n\tAccessProviderTypeVolcEngine = AccessProviderType(\"volcengine\")\n\tAccessProviderTypeVultr = AccessProviderType(\"vultr\")\n\tAccessProviderTypeWangsu = AccessProviderType(\"wangsu\")\n\tAccessProviderTypeWebhook = AccessProviderType(\"webhook\")\n\tAccessProviderTypeWeComBot = AccessProviderType(\"wecombot\")\n\tAccessProviderTypeWestcn = AccessProviderType(\"westcn\")\n\tAccessProviderTypeXinnet = AccessProviderType(\"xinnet\")\n\tAccessProviderTypeZeroSSL = AccessProviderType(\"zerossl\")\n)\n\ntype CAProviderType string\n\n/*\n证书颁发机构提供商常量值。\n短横线前的部分始终等于授权提供商类型。\n\n注意:如果追加新的常量值,请保持以 ASCII 排序。\nNOTICE: If you add new constant, please keep ASCII order.\n*/\nconst (\n\tCAProviderTypeACMECA = CAProviderType(AccessProviderTypeACMECA)\n\tCAProviderTypeActalisSSL = CAProviderType(AccessProviderTypeActalisSSL)\n\tCAProviderTypeDigiCert = CAProviderType(AccessProviderTypeDigiCert)\n\tCAProviderTypeGlobalSignAtlas = CAProviderType(AccessProviderTypeGlobalSignAtlas)\n\tCAProviderTypeGoogleTrustServices = CAProviderType(AccessProviderTypeGoogleTrustServices)\n\tCAProviderTypeLetsEncrypt = CAProviderType(AccessProviderTypeLetsEncrypt)\n\tCAProviderTypeLetsEncryptStaging = CAProviderType(AccessProviderTypeLetsEncryptStaging)\n\tCAProviderTypeLiteSSL = CAProviderType(AccessProviderTypeLiteSSL)\n\tCAProviderTypeSectigo = CAProviderType(AccessProviderTypeSectigo)\n\tCAProviderTypeSSLCom = CAProviderType(AccessProviderTypeSSLCOM)\n\tCAProviderTypeZeroSSL = CAProviderType(AccessProviderTypeZeroSSL)\n)\n\ntype ACMEDns01ProviderType string\n\n/*\nACME DNS-01 提供商常量值。\n短横线前的部分始终等于授权提供商类型。\n\n注意:如果追加新的常量值,请保持以 ASCII 排序。\nNOTICE: If you add new constant, please keep ASCII order.\n*/\nconst (\n\tACMEDns01ProviderType35cn = ACMEDns01ProviderType(AccessProviderType35cn)\n\tACMEDns01ProviderType51DNScom = ACMEDns01ProviderType(AccessProviderType51DNScom)\n\tACMEDns01ProviderTypeACMEDNS = ACMEDns01ProviderType(AccessProviderTypeACMEDNS)\n\tACMEDns01ProviderTypeACMEHttpReq = ACMEDns01ProviderType(AccessProviderTypeACMEHttpReq)\n\tACMEDns01ProviderTypeAkamai = ACMEDns01ProviderType(AccessProviderTypeAkamai) // 兼容旧值,等同于 [ACMEDns01ProviderTypeAkamaiEdgeDNS]\n\tACMEDns01ProviderTypeAkamaiEdgeDNS = ACMEDns01ProviderType(AccessProviderTypeAkamai + \"-edgedns\")\n\tACMEDns01ProviderTypeAliyun = ACMEDns01ProviderType(AccessProviderTypeAliyun) // 兼容旧值,等同于 [ACMEDns01ProviderTypeAliyunDNS]\n\tACMEDns01ProviderTypeAliyunDNS = ACMEDns01ProviderType(AccessProviderTypeAliyun + \"-dns\")\n\tACMEDns01ProviderTypeAliyunESA = ACMEDns01ProviderType(AccessProviderTypeAliyun + \"-esa\")\n\tACMEDns01ProviderTypeArvanCloud = ACMEDns01ProviderType(AccessProviderTypeArvanCloud)\n\tACMEDns01ProviderTypeAWS = ACMEDns01ProviderType(AccessProviderTypeAWS) // 兼容旧值,等同于 [ACMEDns01ProviderTypeAWSRoute53]\n\tACMEDns01ProviderTypeAWSRoute53 = ACMEDns01ProviderType(AccessProviderTypeAWS + \"-route53\")\n\tACMEDns01ProviderTypeAzure = ACMEDns01ProviderType(AccessProviderTypeAzure) // 兼容旧值,等同于 [ACMEDns01ProviderTypeAzure]\n\tACMEDns01ProviderTypeAzureDNS = ACMEDns01ProviderType(AccessProviderTypeAzure + \"-dns\")\n\tACMEDns01ProviderTypeBaiduCloud = ACMEDns01ProviderType(AccessProviderTypeBaiduCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeBaiduCloudDNS]\n\tACMEDns01ProviderTypeBaiduCloudDNS = ACMEDns01ProviderType(AccessProviderTypeBaiduCloud + \"-dns\")\n\tACMEDns01ProviderTypeBookMyName = ACMEDns01ProviderType(AccessProviderTypeBookMyName)\n\tACMEDns01ProviderTypeBunny = ACMEDns01ProviderType(AccessProviderTypeBunny)\n\tACMEDns01ProviderTypeCloudflare = ACMEDns01ProviderType(AccessProviderTypeCloudflare)\n\tACMEDns01ProviderTypeClouDNS = ACMEDns01ProviderType(AccessProviderTypeClouDNS)\n\tACMEDns01ProviderTypeCMCCCloud = ACMEDns01ProviderType(AccessProviderTypeCMCCCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeCMCCCloudDNS]\n\tACMEDns01ProviderTypeCMCCCloudDNS = ACMEDns01ProviderType(AccessProviderTypeCMCCCloud + \"-dns\")\n\tACMEDns01ProviderTypeConstellix = ACMEDns01ProviderType(AccessProviderTypeConstellix)\n\tACMEDns01ProviderTypeCPanel = ACMEDns01ProviderType(AccessProviderTypeCPanel)\n\tACMEDns01ProviderTypeCTCCCloud = ACMEDns01ProviderType(AccessProviderTypeCTCCCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeCTCCCloudSmartDNS]\n\tACMEDns01ProviderTypeCTCCCloudSmartDNS = ACMEDns01ProviderType(AccessProviderTypeCTCCCloud + \"-smartdns\")\n\tACMEDns01ProviderTypeDeSEC = ACMEDns01ProviderType(AccessProviderTypeDeSEC)\n\tACMEDns01ProviderTypeDigitalOcean = ACMEDns01ProviderType(AccessProviderTypeDigitalOcean)\n\tACMEDns01ProviderTypeDNSExit = ACMEDns01ProviderType(AccessProviderTypeDNSExit)\n\tACMEDns01ProviderTypeDNSLA = ACMEDns01ProviderType(AccessProviderTypeDNSLA)\n\tACMEDns01ProviderTypeDNSMadeEasy = ACMEDns01ProviderType(AccessProviderTypeDNSMadeEasy)\n\tACMEDns01ProviderTypeDuckDNS = ACMEDns01ProviderType(AccessProviderTypeDuckDNS)\n\tACMEDns01ProviderTypeDynu = ACMEDns01ProviderType(AccessProviderTypeDynu)\n\tACMEDns01ProviderTypeDynv6 = ACMEDns01ProviderType(AccessProviderTypeDynv6)\n\tACMEDns01ProviderTypeGandinet = ACMEDns01ProviderType(AccessProviderTypeGandinet)\n\tACMEDns01ProviderTypeGcore = ACMEDns01ProviderType(AccessProviderTypeGcore)\n\tACMEDns01ProviderTypeGname = ACMEDns01ProviderType(AccessProviderTypeGname)\n\tACMEDns01ProviderTypeGoDaddy = ACMEDns01ProviderType(AccessProviderTypeGoDaddy)\n\tACMEDns01ProviderTypeHetzner = ACMEDns01ProviderType(AccessProviderTypeHetzner)\n\tACMEDns01ProviderTypeHostingde = ACMEDns01ProviderType(AccessProviderTypeHostingde)\n\tACMEDns01ProviderTypeHostinger = ACMEDns01ProviderType(AccessProviderTypeHostinger)\n\tACMEDns01ProviderTypeHuaweiCloud = ACMEDns01ProviderType(AccessProviderTypeHuaweiCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeHuaweiCloudDNS]\n\tACMEDns01ProviderTypeHuaweiCloudDNS = ACMEDns01ProviderType(AccessProviderTypeHuaweiCloud + \"-dns\")\n\tACMEDns01ProviderTypeInfomaniak = ACMEDns01ProviderType(AccessProviderTypeInfomaniak)\n\tACMEDns01ProviderTypeIONOS = ACMEDns01ProviderType(AccessProviderTypeIONOS)\n\tACMEDns01ProviderTypeJDCloud = ACMEDns01ProviderType(AccessProviderTypeJDCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeJDCloudDNS]\n\tACMEDns01ProviderTypeJDCloudDNS = ACMEDns01ProviderType(AccessProviderTypeJDCloud + \"-dns\")\n\tACMEDns01ProviderTypeLinode = ACMEDns01ProviderType(AccessProviderTypeLinode)\n\tACMEDns01ProviderTypeNamecheap = ACMEDns01ProviderType(AccessProviderTypeNamecheap)\n\tACMEDns01ProviderTypeNameDotCom = ACMEDns01ProviderType(AccessProviderTypeNameDotCom)\n\tACMEDns01ProviderTypeNameSilo = ACMEDns01ProviderType(AccessProviderTypeNameSilo)\n\tACMEDns01ProviderTypeNetcup = ACMEDns01ProviderType(AccessProviderTypeNetcup)\n\tACMEDns01ProviderTypeNetlify = ACMEDns01ProviderType(AccessProviderTypeNetlify)\n\tACMEDns01ProviderTypeNS1 = ACMEDns01ProviderType(AccessProviderTypeNS1)\n\tACMEDns01ProviderTypeOVHcloud = ACMEDns01ProviderType(AccessProviderTypeOVHcloud)\n\tACMEDns01ProviderTypePorkbun = ACMEDns01ProviderType(AccessProviderTypePorkbun)\n\tACMEDns01ProviderTypePowerDNS = ACMEDns01ProviderType(AccessProviderTypePowerDNS)\n\tACMEDns01ProviderTypeQingCloud = ACMEDns01ProviderType(AccessProviderTypeQingCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeQingCloudDNS]\n\tACMEDns01ProviderTypeQingCloudDNS = ACMEDns01ProviderType(AccessProviderTypeQingCloud + \"-dns\")\n\tACMEDns01ProviderTypeRainYun = ACMEDns01ProviderType(AccessProviderTypeRainYun)\n\tACMEDns01ProviderTypeRFC2136 = ACMEDns01ProviderType(AccessProviderTypeRFC2136)\n\tACMEDns01ProviderTypeSpaceship = ACMEDns01ProviderType(AccessProviderTypeSpaceship)\n\tACMEDns01ProviderTypeTechnitiumDNS = ACMEDns01ProviderType(AccessProviderTypeTechnitiumDNS)\n\tACMEDns01ProviderTypeTencentCloud = ACMEDns01ProviderType(AccessProviderTypeTencentCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeTencentCloudDNS]\n\tACMEDns01ProviderTypeTencentCloudDNS = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + \"-dns\")\n\tACMEDns01ProviderTypeTencentCloudEO = ACMEDns01ProviderType(AccessProviderTypeTencentCloud + \"-eo\")\n\tACMEDns01ProviderTypeTodayNIC = ACMEDns01ProviderType(AccessProviderTypeTodayNIC)\n\tACMEDns01ProviderTypeUCloud = ACMEDns01ProviderType(AccessProviderTypeUCloud) // 兼容旧值,等同于 [ACMEDns01ProviderTypeUCloudUDNR]\n\tACMEDns01ProviderTypeUCloudUDNR = ACMEDns01ProviderType(AccessProviderTypeUCloud + \"-udnr\")\n\tACMEDns01ProviderTypeVercel = ACMEDns01ProviderType(AccessProviderTypeVercel)\n\tACMEDns01ProviderTypeVolcEngine = ACMEDns01ProviderType(AccessProviderTypeVolcEngine) // 兼容旧值,等同于 [ACMEDns01ProviderTypeVolcEngineDNS]\n\tACMEDns01ProviderTypeVolcEngineDNS = ACMEDns01ProviderType(AccessProviderTypeVolcEngine + \"-dns\")\n\tACMEDns01ProviderTypeVultr = ACMEDns01ProviderType(AccessProviderTypeVultr)\n\tACMEDns01ProviderTypeWestcn = ACMEDns01ProviderType(AccessProviderTypeWestcn)\n\tACMEDns01ProviderTypeXinnet = ACMEDns01ProviderType(AccessProviderTypeXinnet)\n)\n\ntype ACMEHttp01ProviderType string\n\n/*\nACME HTTP-01 提供商常量值。\n短横线前的部分始终等于授权提供商类型。\n\n注意:如果追加新的常量值,请保持以 ASCII 排序。\nNOTICE: If you add new constant, please keep ASCII order.\n*/\nconst (\n\tACMEHttp01ProviderTypeLocal = ACMEHttp01ProviderType(AccessProviderTypeLocal)\n\tACMEHttp01ProviderTypeS3 = ACMEHttp01ProviderType(AccessProviderTypeS3)\n\tACMEHttp01ProviderTypeSSH = ACMEHttp01ProviderType(AccessProviderTypeSSH)\n)\n\ntype DeploymentProviderType string\n\n/*\n部署证书主机提供商常量值。\n短横线前的部分始终等于授权提供商类型。\n\n注意:如果追加新的常量值,请保持以 ASCII 排序。\nNOTICE: If you add new constant, please keep ASCII order.\n*/\nconst (\n\tDeploymentProviderType1Panel = DeploymentProviderType(AccessProviderType1Panel)\n\tDeploymentProviderType1PanelConsole = DeploymentProviderType(AccessProviderType1Panel + \"-console\")\n\tDeploymentProviderTypeAliyunALB = DeploymentProviderType(AccessProviderTypeAliyun + \"-alb\")\n\tDeploymentProviderTypeAliyunAPIGW = DeploymentProviderType(AccessProviderTypeAliyun + \"-apigw\")\n\tDeploymentProviderTypeAliyunCAS = DeploymentProviderType(AccessProviderTypeAliyun + \"-cas\")\n\tDeploymentProviderTypeAliyunCASDeploy = DeploymentProviderType(AccessProviderTypeAliyun + \"-casdeploy\")\n\tDeploymentProviderTypeAliyunCDN = DeploymentProviderType(AccessProviderTypeAliyun + \"-cdn\")\n\tDeploymentProviderTypeAliyunCLB = DeploymentProviderType(AccessProviderTypeAliyun + \"-clb\")\n\tDeploymentProviderTypeAliyunDCDN = DeploymentProviderType(AccessProviderTypeAliyun + \"-dcdn\")\n\tDeploymentProviderTypeAliyunDDoSPro = DeploymentProviderType(AccessProviderTypeAliyun + \"-ddospro\")\n\tDeploymentProviderTypeAliyunESA = DeploymentProviderType(AccessProviderTypeAliyun + \"-esa\")\n\tDeploymentProviderTypeAliyunESASaaS = DeploymentProviderType(AccessProviderTypeAliyun + \"-esasaas\")\n\tDeploymentProviderTypeAliyunFC = DeploymentProviderType(AccessProviderTypeAliyun + \"-fc\")\n\tDeploymentProviderTypeAliyunGA = DeploymentProviderType(AccessProviderTypeAliyun + \"-ga\")\n\tDeploymentProviderTypeAliyunLive = DeploymentProviderType(AccessProviderTypeAliyun + \"-live\")\n\tDeploymentProviderTypeAliyunNLB = DeploymentProviderType(AccessProviderTypeAliyun + \"-nlb\")\n\tDeploymentProviderTypeAliyunOSS = DeploymentProviderType(AccessProviderTypeAliyun + \"-oss\")\n\tDeploymentProviderTypeAliyunVOD = DeploymentProviderType(AccessProviderTypeAliyun + \"-vod\")\n\tDeploymentProviderTypeAliyunWAF = DeploymentProviderType(AccessProviderTypeAliyun + \"-waf\")\n\tDeploymentProviderTypeAPISIX = DeploymentProviderType(AccessProviderTypeAPISIX)\n\tDeploymentProviderTypeAWSACM = DeploymentProviderType(AccessProviderTypeAWS + \"-acm\")\n\tDeploymentProviderTypeAWSCloudFront = DeploymentProviderType(AccessProviderTypeAWS + \"-cloudfront\")\n\tDeploymentProviderTypeAWSIAM = DeploymentProviderType(AccessProviderTypeAWS + \"-iam\")\n\tDeploymentProviderTypeAzureKeyVault = DeploymentProviderType(AccessProviderTypeAzure + \"-keyvault\")\n\tDeploymentProviderTypeBaiduCloudAppBLB = DeploymentProviderType(AccessProviderTypeBaiduCloud + \"-appblb\")\n\tDeploymentProviderTypeBaiduCloudBLB = DeploymentProviderType(AccessProviderTypeBaiduCloud + \"-blb\")\n\tDeploymentProviderTypeBaiduCloudCDN = DeploymentProviderType(AccessProviderTypeBaiduCloud + \"-cdn\")\n\tDeploymentProviderTypeBaiduCloudCert = DeploymentProviderType(AccessProviderTypeBaiduCloud + \"-cert\")\n\tDeploymentProviderTypeBaishanCDN = DeploymentProviderType(AccessProviderTypeBaishan + \"-cdn\")\n\tDeploymentProviderTypeBaotaPanel = DeploymentProviderType(AccessProviderTypeBaotaPanel)\n\tDeploymentProviderTypeBaotaPanelConsole = DeploymentProviderType(AccessProviderTypeBaotaPanel + \"-console\")\n\tDeploymentProviderTypeBaotaPanelGo = DeploymentProviderType(AccessProviderTypeBaotaPanelGo)\n\tDeploymentProviderTypeBaotaPanelGoConsole = DeploymentProviderType(AccessProviderTypeBaotaPanelGo + \"-console\")\n\tDeploymentProviderTypeBaotaWAF = DeploymentProviderType(AccessProviderTypeBaotaWAF)\n\tDeploymentProviderTypeBaotaWAFConsole = DeploymentProviderType(AccessProviderTypeBaotaWAF + \"-console\")\n\tDeploymentProviderTypeBunnyCDN = DeploymentProviderType(AccessProviderTypeBunny + \"-cdn\")\n\tDeploymentProviderTypeBytePlusCDN = DeploymentProviderType(AccessProviderTypeBytePlus + \"-cdn\")\n\tDeploymentProviderTypeCacheFly = DeploymentProviderType(AccessProviderTypeCacheFly)\n\tDeploymentProviderTypeCdnfly = DeploymentProviderType(AccessProviderTypeCdnfly)\n\tDeploymentProviderTypeCPanel = DeploymentProviderType(AccessProviderTypeCPanel)\n\tDeploymentProviderTypeCTCCCloudAO = DeploymentProviderType(AccessProviderTypeCTCCCloud + \"-ao\")\n\tDeploymentProviderTypeCTCCCloudCDN = DeploymentProviderType(AccessProviderTypeCTCCCloud + \"-cdn\")\n\tDeploymentProviderTypeCTCCCloudCMS = DeploymentProviderType(AccessProviderTypeCTCCCloud + \"-cms\")\n\tDeploymentProviderTypeCTCCCloudELB = DeploymentProviderType(AccessProviderTypeCTCCCloud + \"-elb\")\n\tDeploymentProviderTypeCTCCCloudFaaS = DeploymentProviderType(AccessProviderTypeCTCCCloud + \"-faas\")\n\tDeploymentProviderTypeCTCCCloudICDN = DeploymentProviderType(AccessProviderTypeCTCCCloud + \"-icdn\")\n\tDeploymentProviderTypeCTCCCloudLVDN = DeploymentProviderType(AccessProviderTypeCTCCCloud + \"-ldvn\")\n\tDeploymentProviderTypeDogeCloudCDN = DeploymentProviderType(AccessProviderTypeDogeCloud + \"-cdn\")\n\tDeploymentProviderTypeDokploy = DeploymentProviderType(AccessProviderTypeDokploy)\n\tDeploymentProviderTypeFlexCDN = DeploymentProviderType(AccessProviderTypeFlexCDN)\n\tDeploymentProviderTypeFlyIO = DeploymentProviderType(AccessProviderTypeFlyIO)\n\tDeploymentProviderTypeGcoreCDN = DeploymentProviderType(AccessProviderTypeGcore + \"-cdn\")\n\tDeploymentProviderTypeGoEdge = DeploymentProviderType(AccessProviderTypeGoEdge)\n\tDeploymentProviderTypeHuaweiCloudCDN = DeploymentProviderType(AccessProviderTypeHuaweiCloud + \"-cdn\")\n\tDeploymentProviderTypeHuaweiCloudELB = DeploymentProviderType(AccessProviderTypeHuaweiCloud + \"-elb\")\n\tDeploymentProviderTypeHuaweiCloudSCM = DeploymentProviderType(AccessProviderTypeHuaweiCloud + \"-scm\")\n\tDeploymentProviderTypeHuaweiCloudOBS = DeploymentProviderType(AccessProviderTypeHuaweiCloud + \"-obs\")\n\tDeploymentProviderTypeHuaweiCloudWAF = DeploymentProviderType(AccessProviderTypeHuaweiCloud + \"-waf\")\n\tDeploymentProviderTypeJDCloudALB = DeploymentProviderType(AccessProviderTypeJDCloud + \"-alb\")\n\tDeploymentProviderTypeJDCloudCDN = DeploymentProviderType(AccessProviderTypeJDCloud + \"-cdn\")\n\tDeploymentProviderTypeJDCloudLive = DeploymentProviderType(AccessProviderTypeJDCloud + \"-live\")\n\tDeploymentProviderTypeJDCloudVOD = DeploymentProviderType(AccessProviderTypeJDCloud + \"-vod\")\n\tDeploymentProviderTypeKong = DeploymentProviderType(AccessProviderTypeKong)\n\tDeploymentProviderTypeKubernetesSecret = DeploymentProviderType(AccessProviderTypeKubernetes + \"-secret\")\n\tDeploymentProviderTypeKsyunCDN = DeploymentProviderType(AccessProviderTypeKsyun + \"-cdn\")\n\tDeploymentProviderTypeLeCDN = DeploymentProviderType(AccessProviderTypeLeCDN)\n\tDeploymentProviderTypeLocal = DeploymentProviderType(AccessProviderTypeLocal)\n\tDeploymentProviderTypeMohuaMVH = DeploymentProviderType(AccessProviderTypeMohua + \"-mvh\")\n\tDeploymentProviderTypeNetlify = DeploymentProviderType(AccessProviderTypeNetlify)\n\tDeploymentProviderTypeNginxProxyManager = DeploymentProviderType(AccessProviderTypeNginxProxyManager)\n\tDeploymentProviderTypeProxmoxVE = DeploymentProviderType(AccessProviderTypeProxmoxVE)\n\tDeploymentProviderTypeQiniuCDN = DeploymentProviderType(AccessProviderTypeQiniu + \"-cdn\")\n\tDeploymentProviderTypeQiniuKodo = DeploymentProviderType(AccessProviderTypeQiniu + \"-kodo\")\n\tDeploymentProviderTypeQiniuPili = DeploymentProviderType(AccessProviderTypeQiniu + \"-pili\")\n\tDeploymentProviderTypeRainYunRCDN = DeploymentProviderType(AccessProviderTypeRainYun + \"-rcdn\")\n\tDeploymentProviderTypeRainYunSSLCenter = DeploymentProviderType(AccessProviderTypeRainYun + \"-sslcenter\")\n\tDeploymentProviderTypeRatPanel = DeploymentProviderType(AccessProviderTypeRatPanel)\n\tDeploymentProviderTypeRatPanelConsole = DeploymentProviderType(AccessProviderTypeRatPanel + \"-console\")\n\tDeploymentProviderTypeS3 = DeploymentProviderType(AccessProviderTypeS3)\n\tDeploymentProviderTypeSafeLine = DeploymentProviderType(AccessProviderTypeSafeLine)\n\tDeploymentProviderTypeSSH = DeploymentProviderType(AccessProviderTypeSSH)\n\tDeploymentProviderTypeSynologyDSM = DeploymentProviderType(AccessProviderTypeSynologyDSM)\n\tDeploymentProviderTypeTencentCloudCDN = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-cdn\")\n\tDeploymentProviderTypeTencentCloudCLB = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-clb\")\n\tDeploymentProviderTypeTencentCloudCOS = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-cos\")\n\tDeploymentProviderTypeTencentCloudCSS = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-css\")\n\tDeploymentProviderTypeTencentCloudECDN = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-ecdn\")\n\tDeploymentProviderTypeTencentCloudEO = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-eo\")\n\tDeploymentProviderTypeTencentCloudGAAP = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-gaap\")\n\tDeploymentProviderTypeTencentCloudSCF = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-scf\")\n\tDeploymentProviderTypeTencentCloudSSL = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-ssl\")\n\tDeploymentProviderTypeTencentCloudSSLDeploy = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-ssldeploy\")\n\tDeploymentProviderTypeTencentCloudSSLUpdate = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-sslupdate\")\n\tDeploymentProviderTypeTencentCloudVOD = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-vod\")\n\tDeploymentProviderTypeTencentCloudWAF = DeploymentProviderType(AccessProviderTypeTencentCloud + \"-waf\")\n\tDeploymentProviderTypeUCloudUALB = DeploymentProviderType(AccessProviderTypeUCloud + \"-ualb\")\n\tDeploymentProviderTypeUCloudUCDN = DeploymentProviderType(AccessProviderTypeUCloud + \"-ucdn\")\n\tDeploymentProviderTypeUCloudUCLB = DeploymentProviderType(AccessProviderTypeUCloud + \"-uclb\")\n\tDeploymentProviderTypeUCloudUEWAF = DeploymentProviderType(AccessProviderTypeUCloud + \"-uewaf\")\n\tDeploymentProviderTypeUCloudUPathX = DeploymentProviderType(AccessProviderTypeUCloud + \"-pathx\")\n\tDeploymentProviderTypeUCloudUS3 = DeploymentProviderType(AccessProviderTypeUCloud + \"-us3\")\n\tDeploymentProviderTypeUniCloudWebHost = DeploymentProviderType(AccessProviderTypeUniCloud + \"-webhost\")\n\tDeploymentProviderTypeUpyunCDN = DeploymentProviderType(AccessProviderTypeUpyun + \"-cdn\")\n\tDeploymentProviderTypeUpyunFile = DeploymentProviderType(AccessProviderTypeUpyun + \"-file\")\n\tDeploymentProviderTypeVolcEngineALB = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-alb\")\n\tDeploymentProviderTypeVolcEngineCDN = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-cdn\")\n\tDeploymentProviderTypeVolcEngineCertCenter = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-certcenter\")\n\tDeploymentProviderTypeVolcEngineCLB = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-clb\")\n\tDeploymentProviderTypeVolcEngineDCDN = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-dcdn\")\n\tDeploymentProviderTypeVolcEngineImageX = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-imagex\")\n\tDeploymentProviderTypeVolcEngineLive = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-live\")\n\tDeploymentProviderTypeVolcEngineTOS = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-tos\")\n\tDeploymentProviderTypeVolcEngineVOD = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-vod\")\n\tDeploymentProviderTypeVolcEngineWAF = DeploymentProviderType(AccessProviderTypeVolcEngine + \"-waf\")\n\tDeploymentProviderTypeWangsuCDN = DeploymentProviderType(AccessProviderTypeWangsu + \"-cdn\")\n\tDeploymentProviderTypeWangsuCDNPro = DeploymentProviderType(AccessProviderTypeWangsu + \"-cdnpro\")\n\tDeploymentProviderTypeWangsuCertificate = DeploymentProviderType(AccessProviderTypeWangsu + \"-certificate\")\n\tDeploymentProviderTypeWebhook = DeploymentProviderType(AccessProviderTypeWebhook)\n)\n\ntype NotificationProviderType string\n\n/*\n消息通知提供商常量值。\n短横线前的部分始终等于授权提供商类型。\n\n注意:如果追加新的常量值,请保持以 ASCII 排序。\nNOTICE: If you add new constant, please keep ASCII order.\n*/\nconst (\n\tNotificationProviderTypeDingTalkBot = NotificationProviderType(AccessProviderTypeDingTalkBot)\n\tNotificationProviderTypeDiscordBot = NotificationProviderType(AccessProviderTypeDiscordBot)\n\tNotificationProviderTypeEmail = NotificationProviderType(AccessProviderTypeEmail)\n\tNotificationProviderTypeLarkBot = NotificationProviderType(AccessProviderTypeLarkBot)\n\tNotificationProviderTypeMattermost = NotificationProviderType(AccessProviderTypeMattermost)\n\tNotificationProviderTypeSlackBot = NotificationProviderType(AccessProviderTypeSlackBot)\n\tNotificationProviderTypeTelegramBot = NotificationProviderType(AccessProviderTypeTelegramBot)\n\tNotificationProviderTypeWebhook = NotificationProviderType(AccessProviderTypeWebhook)\n\tNotificationProviderTypeWeComBot = NotificationProviderType(AccessProviderTypeWeComBot)\n)\n"
},
{
"path": "internal/domain/settings.go",
"content": "package domain\n\nimport (\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nconst CollectionNameSettings = \"settings\"\n\ntype Settings struct {\n\tMeta\n\tName string `db:\"name\" json:\"name\"`\n\tContent SettingsContent `db:\"content\" json:\"content\"`\n}\n\nconst (\n\tSettingsNameEmails = \"emails\"\n\tSettingsNameNotificationTemplate = \"notifyTemplate\"\n\tSettingsNameScriptTemplate = \"scriptTemplate\"\n\tSettingsNameSSLProvider = \"sslProvider\"\n\tSettingsNamePersistence = \"persistence\"\n)\n\ntype SettingsContent map[string]any\n\ntype SettingsContentForSSLProvider struct {\n\tProvider CAProviderType `json:\"provider\"`\n\tConfigs map[CAProviderType]map[string]any `json:\"configs\"`\n\tTimeout int `json:\"timeout\"`\n}\n\ntype SettingsContentForPersistence struct {\n\tCertificatesWarningDaysBeforeExpire int `json:\"certificatesWarningDaysBeforeExpire\"`\n\tCertificatesRetentionMaxDays int `json:\"certificatesRetentionMaxDays\"`\n\tWorkflowRunsRetentionMaxDays int `json:\"workflowRunsRetentionMaxDays\"`\n}\n\nfunc (c SettingsContent) AsSSLProvider() *SettingsContentForSSLProvider {\n\tcontent := &SettingsContentForSSLProvider{}\n\txmaps.Populate(c, content)\n\n\tif content.Provider == \"\" {\n\t\tcontent.Provider = CAProviderTypeLetsEncrypt\n\t}\n\n\tif content.Timeout < 0 {\n\t\tcontent.Timeout = 0\n\t}\n\n\treturn content\n}\n\nfunc (c SettingsContent) AsPersistence() *SettingsContentForPersistence {\n\tcontent := &SettingsContentForPersistence{}\n\txmaps.Populate(c, content)\n\n\tif content.CertificatesWarningDaysBeforeExpire <= 0 {\n\t\tcontent.CertificatesWarningDaysBeforeExpire = 21\n\t}\n\n\tif content.CertificatesRetentionMaxDays < 0 {\n\t\tcontent.CertificatesRetentionMaxDays = 0\n\t}\n\n\tif content.WorkflowRunsRetentionMaxDays < 0 {\n\t\tcontent.WorkflowRunsRetentionMaxDays = 0\n\t}\n\n\treturn content\n}\n"
},
{
"path": "internal/domain/statistics.go",
"content": "package domain\n\ntype Statistics struct {\n\tCertificateTotal int `json:\"certificateTotal\"`\n\tCertificateExpiringSoon int `json:\"certificateExpiringSoon\"`\n\tCertificateExpired int `json:\"certificateExpired\"`\n\n\tWorkflowTotal int `json:\"workflowTotal\"`\n\tWorkflowEnabled int `json:\"workflowEnabled\"`\n\tWorkflowDisabled int `json:\"workflowDisabled\"`\n}\n"
},
{
"path": "internal/domain/workflow.go",
"content": "package domain\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/domain/expr\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nconst CollectionNameWorkflow = \"workflow\"\n\ntype Workflow struct {\n\tMeta\n\tName string `db:\"name\" json:\"name\"`\n\tDescription string `db:\"description\" json:\"description\"`\n\tTrigger WorkflowTriggerType `db:\"trigger\" json:\"trigger\"`\n\tTriggerCron string `db:\"triggerCron\" json:\"triggerCron\"`\n\tEnabled bool `db:\"enabled\" json:\"enabled\"`\n\tGraphDraft *WorkflowGraph `db:\"graphDraft\" json:\"graphDraft\"`\n\tGraphContent *WorkflowGraph `db:\"graphContent\" json:\"graphContent\"`\n\tHasDraft bool `db:\"hasDraft\" json:\"hasDraft\"`\n\tHasContent bool `db:\"hasContent\" json:\"hasContent\"`\n\tLastRunId string `db:\"lastRunRef\" json:\"lastRunId\"`\n\tLastRunStatus WorkflowRunStatusType `db:\"lastRunStatus\" json:\"lastRunStatus\"`\n\tLastRunTime time.Time `db:\"lastRunTime\" json:\"lastRunTime\"`\n}\n\ntype WorkflowGraph struct {\n\tNodes []*WorkflowNode `json:\"nodes\"`\n}\n\nfunc (g *WorkflowGraph) GetNodeById(nodeId string) (*WorkflowNode, bool) {\n\treturn g.getNodeInBlocksById(g.Nodes, nodeId)\n}\n\nfunc (g *WorkflowGraph) getNodeInBlocksById(blocks []*WorkflowNode, nodeId string) (*WorkflowNode, bool) {\n\tfor _, node := range blocks {\n\t\tif node.Id == nodeId {\n\t\t\treturn node, true\n\t\t}\n\n\t\tif len(node.Blocks) > 0 {\n\t\t\tif found, ok := g.getNodeInBlocksById(node.Blocks, nodeId); ok {\n\t\t\t\treturn found, true\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil, false\n}\n\nfunc (g *WorkflowGraph) Verify() error {\n\tif len(g.Nodes) < 2 {\n\t\treturn fmt.Errorf(\"invalid nodes length of graph\")\n\t} else if g.Nodes[0].Type != WorkflowNodeTypeStart {\n\t\treturn fmt.Errorf(\"the first node is not a start node\")\n\t} else if g.Nodes[len(g.Nodes)-1].Type != WorkflowNodeTypeEnd {\n\t\treturn fmt.Errorf(\"the last node is not an end node\")\n\t}\n\n\treturn nil\n}\n\nfunc (g *WorkflowGraph) Clone() *WorkflowGraph {\n\treturn &WorkflowGraph{\n\t\tNodes: g.Nodes,\n\t}\n}\n\ntype WorkflowTriggerType string\n\nconst (\n\tWorkflowTriggerTypeScheduled = WorkflowTriggerType(\"scheduled\")\n\tWorkflowTriggerTypeManual = WorkflowTriggerType(\"manual\")\n)\n\ntype WorkflowNode struct {\n\tId string `json:\"id\"` // 节点 ID 只在该工作流中唯一,在全局中不保证唯一性\n\tType WorkflowNodeType `json:\"type\"`\n\tData WorkflowNodeData `json:\"data\"`\n\tBlocks []*WorkflowNode `json:\"blocks,omitempty\"`\n}\n\ntype WorkflowNodeType string\n\nconst (\n\tWorkflowNodeTypeStart = WorkflowNodeType(\"start\")\n\tWorkflowNodeTypeEnd = WorkflowNodeType(\"end\")\n\tWorkflowNodeTypeCondition = WorkflowNodeType(\"condition\")\n\tWorkflowNodeTypeBranchBlock = WorkflowNodeType(\"branchBlock\")\n\tWorkflowNodeTypeTryCatch = WorkflowNodeType(\"tryCatch\")\n\tWorkflowNodeTypeTryBlock = WorkflowNodeType(\"tryBlock\")\n\tWorkflowNodeTypeCatchBlock = WorkflowNodeType(\"catchBlock\")\n\tWorkflowNodeTypeDelay = WorkflowNodeType(\"delay\")\n\tWorkflowNodeTypeBizApply = WorkflowNodeType(\"bizApply\")\n\tWorkflowNodeTypeBizUpload = WorkflowNodeType(\"bizUpload\")\n\tWorkflowNodeTypeBizMonitor = WorkflowNodeType(\"bizMonitor\")\n\tWorkflowNodeTypeBizDeploy = WorkflowNodeType(\"bizDeploy\")\n\tWorkflowNodeTypeBizNotify = WorkflowNodeType(\"bizNotify\")\n)\n\ntype WorkflowNodeData struct {\n\tName string `json:\"name\"`\n\tDisabled bool `json:\"disabled,omitempty,omitzero\"`\n\tConfig WorkflowNodeConfig `json:\"config,omitempty,omitzero\"`\n}\n\ntype WorkflowNodeConfig map[string]any\n\nfunc (c WorkflowNodeConfig) AsDelay() WorkflowNodeConfigForDelay {\n\treturn WorkflowNodeConfigForDelay{\n\t\tWait: xmaps.GetInt(c, \"wait\"),\n\t}\n}\n\nfunc (c WorkflowNodeConfig) AsBranchBlock() WorkflowNodeConfigForBranchBlock {\n\texpression := c[\"expression\"]\n\tif expression == nil {\n\t\treturn WorkflowNodeConfigForBranchBlock{}\n\t}\n\n\texprRaw, _ := json.Marshal(expression)\n\texpr, err := expr.UnmarshalExpr([]byte(exprRaw))\n\tif err != nil {\n\t\treturn WorkflowNodeConfigForBranchBlock{}\n\t}\n\n\treturn WorkflowNodeConfigForBranchBlock{\n\t\tExpression: expr,\n\t}\n}\n\nfunc (c WorkflowNodeConfig) AsBizApply() WorkflowNodeConfigForBizApply {\n\tdomains := lo.Filter(strings.Split(xmaps.GetString(c, \"domains\"), \";\"), func(s string, _ int) bool { return s != \"\" })\n\tipaddrs := lo.Filter(strings.Split(xmaps.GetString(c, \"ipaddrs\"), \";\"), func(s string, _ int) bool { return s != \"\" })\n\tnameservers := lo.Filter(strings.Split(xmaps.GetString(c, \"nameservers\"), \";\"), func(s string, _ int) bool { return s != \"\" })\n\n\treturn WorkflowNodeConfigForBizApply{\n\t\tDomains: domains,\n\t\tIPAddrs: ipaddrs,\n\t\tContactEmail: xmaps.GetString(c, \"contactEmail\"),\n\t\tChallengeType: xmaps.GetString(c, \"challengeType\"),\n\t\tProvider: xmaps.GetString(c, \"provider\"),\n\t\tProviderAccessId: xmaps.GetString(c, \"providerAccessId\"),\n\t\tProviderConfig: xmaps.GetKVMapAny(c, \"providerConfig\"),\n\t\tKeySource: xmaps.GetOrDefaultString(c, \"keySource\", \"auto\"),\n\t\tKeyAlgorithm: xmaps.GetOrDefaultString(c, \"keyAlgorithm\", string(CertificateKeyAlgorithmTypeRSA2048)),\n\t\tKeyContent: xmaps.GetString(c, \"keyContent\"),\n\t\tCAProvider: xmaps.GetString(c, \"caProvider\"),\n\t\tCAProviderAccessId: xmaps.GetString(c, \"caProviderAccessId\"),\n\t\tCAProviderConfig: xmaps.GetKVMapAny(c, \"caProviderConfig\"),\n\t\tValidityLifetime: xmaps.GetString(c, \"validityLifetime\"),\n\t\tPreferredChain: xmaps.GetString(c, \"preferredChain\"),\n\t\tACMEProfile: xmaps.GetString(c, \"acmeProfile\"),\n\t\tNameservers: nameservers,\n\t\tDnsPropagationWait: xmaps.GetInt(c, \"dnsPropagationWait\"),\n\t\tDnsPropagationTimeout: xmaps.GetInt(c, \"dnsPropagationTimeout\"),\n\t\tDnsTTL: xmaps.GetInt(c, \"dnsTTL\"),\n\t\tHttpDelayWait: xmaps.GetInt(c, \"httpDelayWait\"),\n\t\tDisableCommonName: xmaps.GetBool(c, \"disableCommonName\"),\n\t\tDisableFollowCNAME: xmaps.GetBool(c, \"disableFollowCNAME\"),\n\t\tDisableARI: xmaps.GetBool(c, \"disableARI\"),\n\t\tSkipBeforeExpiryDays: xmaps.GetInt(c, \"skipBeforeExpiryDays\"),\n\t}\n}\n\nfunc (c WorkflowNodeConfig) AsBizUpload() WorkflowNodeConfigForBizUpload {\n\treturn WorkflowNodeConfigForBizUpload{\n\t\tSource: xmaps.GetOrDefaultString(c, \"source\", \"form\"),\n\t\tCertificate: xmaps.GetString(c, \"certificate\"),\n\t\tPrivateKey: xmaps.GetString(c, \"privateKey\"),\n\t}\n}\n\nfunc (c WorkflowNodeConfig) AsBizMonitor() WorkflowNodeConfigForBizMonitor {\n\thost := xmaps.GetString(c, \"host\")\n\treturn WorkflowNodeConfigForBizMonitor{\n\t\tHost: host,\n\t\tPort: xmaps.GetOrDefaultInt32(c, \"port\", 443),\n\t\tDomain: xmaps.GetOrDefaultString(c, \"domain\", host),\n\t\tRequestPath: xmaps.GetString(c, \"path\"),\n\t}\n}\n\nfunc (c WorkflowNodeConfig) AsBizDeploy() WorkflowNodeConfigForBizDeploy {\n\treturn WorkflowNodeConfigForBizDeploy{\n\t\tCertificateOutputNodeId: xmaps.GetString(c, \"certificateOutputNodeId\"),\n\t\tProvider: xmaps.GetString(c, \"provider\"),\n\t\tProviderAccessId: xmaps.GetString(c, \"providerAccessId\"),\n\t\tProviderConfig: xmaps.GetKVMapAny(c, \"providerConfig\"),\n\t\tSkipOnLastSucceeded: xmaps.GetBool(c, \"skipOnLastSucceeded\"),\n\t}\n}\n\nfunc (c WorkflowNodeConfig) AsBizNotify() WorkflowNodeConfigForBizNotify {\n\treturn WorkflowNodeConfigForBizNotify{\n\t\tProvider: xmaps.GetString(c, \"provider\"),\n\t\tProviderAccessId: xmaps.GetString(c, \"providerAccessId\"),\n\t\tProviderConfig: xmaps.GetKVMapAny(c, \"providerConfig\"),\n\t\tSubject: xmaps.GetString(c, \"subject\"),\n\t\tMessage: xmaps.GetString(c, \"message\"),\n\t\tSkipOnAllPrevSkipped: xmaps.GetBool(c, \"skipOnAllPrevSkipped\"),\n\t}\n}\n\ntype WorkflowNodeConfigForDelay struct {\n\tWait int `json:\"wait\"` // 等待时间\n}\n\ntype WorkflowNodeConfigForBranchBlock struct {\n\tExpression expr.Expr `json:\"expression\"` // 条件表达式\n}\n\ntype WorkflowNodeConfigForBizApply struct {\n\tDomains []string `json:\"domains\"` // 域名列表,以半角分号分隔\n\tIPAddrs []string `json:\"ipaddrs\"` // IP 地址列表,以半角分号分隔\n\tContactEmail string `json:\"contactEmail\"` // 联系邮箱\n\tChallengeType string `json:\"challengeType\"` // 质询方式\n\tProvider string `json:\"provider\"` // 质询提供商\n\tProviderAccessId string `json:\"providerAccessId\"` // 质询提供商授权记录 ID\n\tProviderConfig map[string]any `json:\"providerConfig,omitempty\"` // 质询提供商额外配置\n\tCAProvider string `json:\"caProvider,omitempty\"` // CA 提供商(零值时使用全局配置)\n\tCAProviderAccessId string `json:\"caProviderAccessId,omitempty\"` // CA 提供商授权记录 ID\n\tCAProviderConfig map[string]any `json:\"caProviderConfig,omitempty\"` // CA 提供商额外配置\n\tKeySource string `json:\"keySource\"` // 私钥来源,可取值 \"auto\"、\"reuse\"、\"custom\"(零值时默认值 \"auto\")\n\tKeyAlgorithm string `json:\"keyAlgorithm,omitempty\"` // 私钥算法\n\tKeyContent string `json:\"keyContent,omitempty\"` // 私钥内容\n\tValidityLifetime string `json:\"validityLifetime,omitempty\"` // 有效期,形如 \"30d\"、\"6h\"\n\tPreferredChain string `json:\"preferredChain,omitempty\"` // 首选证书链\n\tACMEProfile string `json:\"acmeProfile,omitempty\"` // ACME Profiles Extension\n\tNameservers []string `json:\"nameservers,omitempty\"` // DNS 服务器列表,以半角分号分隔。等同于 lego 的 `--dns.resolvers` 参数\n\tDnsPropagationWait int `json:\"dnsPropagationWait,omitempty\"` // DNS 传播等待时间。等同于 lego 的 `--dns.propagation-wait` 参数\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"` // DNS 传播检查超时时间。等同于 lego 的 `--dns-timeout` 参数\n\tDnsTTL int `json:\"dnsTTL,omitempty\"` // DNS 解析记录 TTL\n\tHttpDelayWait int `json:\"httpDelayWait,omitempty\"` // HTTP 等待时间。等同于 lego 的 `--http.delay` 参数\n\tDisableCommonName bool `json:\"disableCommonName,omitempty\"` // 是否不包含 CommonName。等同于 lego 的 `--disable-cn` 参数\n\tDisableFollowCNAME bool `json:\"disableFollowCNAME,omitempty\"` // 是否关闭 CNAME 跟随\n\tDisableARI bool `json:\"disableARI,omitempty\"` // 是否关闭 ARI\n\tSkipBeforeExpiryDays int `json:\"skipBeforeExpiryDays,omitempty\"` // 证书到期前多少天前跳过续期\n}\n\ntype WorkflowNodeConfigForBizUpload struct {\n\tSource string `json:\"source\"` // 证书来源,可取值 \"form\"、\"local\"、\"url\"(零值时默认值 \"form\")\n\tCertificate string `json:\"certificate\"` // 证书,根据证书来源决定是 PEM 内容 / 文件路径 / URL\n\tPrivateKey string `json:\"privateKey\"` // 私钥,根据证书来源决定是 PEM 内容 / 文件路径 / URL\n}\n\ntype WorkflowNodeConfigForBizMonitor struct {\n\tHost string `json:\"host\"` // 主机地址\n\tPort int32 `json:\"port,omitempty\"` // 端口(零值时默认值 443)\n\tDomain string `json:\"domain,omitempty\"` // 域名(零值时默认值 [Host])\n\tRequestPath string `json:\"requestPath,omitempty\"` // 请求路径\n}\n\ntype WorkflowNodeConfigForBizDeploy struct {\n\tCertificateOutputNodeId string `json:\"certificateOutputNodeId\"` // 前序证书输出节点 ID\n\tProvider string `json:\"provider\"` // 主机提供商\n\tProviderAccessId string `json:\"providerAccessId,omitempty\"` // 主机提供商授权记录 ID\n\tProviderConfig map[string]any `json:\"providerConfig,omitempty\"` // 主机提供商额外配置\n\tSkipOnLastSucceeded bool `json:\"skipOnLastSucceeded\"` // 上次部署成功时是否跳过\n}\n\ntype WorkflowNodeConfigForBizNotify struct {\n\tProvider string `json:\"provider\"` // 通知提供商\n\tProviderAccessId string `json:\"providerAccessId\"` // 通知提供商授权记录 ID\n\tProviderConfig map[string]any `json:\"providerConfig,omitempty\"` // 通知提供商额外配置\n\tSubject string `json:\"subject\"` // 通知主题\n\tMessage string `json:\"message\"` // 通知内容\n\tSkipOnAllPrevSkipped bool `json:\"skipOnAllPrevSkipped\"` // 前序节点均已跳过时是否跳过\n}\n"
},
{
"path": "internal/domain/workflow_log.go",
"content": "package domain\n\nimport (\n\t\"log/slog\"\n\t\"strings\"\n)\n\nconst CollectionNameWorkflowLog = \"workflow_logs\"\n\ntype WorkflowLog struct {\n\tMeta\n\tWorkflowId string `db:\"workflowRef\" json:\"workflowId\"`\n\tRunId string `db:\"runRef\" json:\"runId\"`\n\tNodeId string `db:\"nodeId\" json:\"nodeId\"`\n\tNodeName string `db:\"nodeName\" json:\"nodeName\"`\n\tTimestampMilli int64 `db:\"timestamp\" json:\"timestamp\"`\n\tLevel int32 `db:\"level\" json:\"level\"`\n\tMessage string `db:\"message\" json:\"message\"`\n\tData map[string]any `db:\"data\" json:\"data\"`\n}\n\ntype WorkflowLogs []WorkflowLog\n\nfunc (r WorkflowLogs) ErrorString() string {\n\tvar builder strings.Builder\n\tfor _, log := range r {\n\t\tif log.Level >= int32(slog.LevelError) {\n\t\t\tbuilder.WriteString(log.Message)\n\t\t\tbuilder.WriteString(\"\\n\")\n\t\t}\n\t}\n\treturn strings.TrimSpace(builder.String())\n}\n"
},
{
"path": "internal/domain/workflow_output.go",
"content": "package domain\n\nconst CollectionNameWorkflowOutput = \"workflow_output\"\n\ntype WorkflowOutput struct {\n\tMeta\n\tWorkflowId string `db:\"workflowRef\" json:\"workflowId\"`\n\tRunId string `db:\"runRef\" json:\"runId\"`\n\tNodeId string `db:\"nodeId\" json:\"nodeId\"`\n\tNodeConfig WorkflowNodeConfig `db:\"nodeConfig\" json:\"nodeConfig\"`\n\tOutputs []*WorkflowOutputEntry `db:\"outputs\" json:\"outputs\"`\n\tSucceeded bool `db:\"succeeded\" json:\"succeeded\"`\n}\n\ntype WorkflowOutputEntry struct {\n\tType string `json:\"type\"`\n\tName string `json:\"name\"`\n\tValue string `json:\"value\"`\n\tValueType string `json:\"valueType\"`\n}\n"
},
{
"path": "internal/domain/workflow_run.go",
"content": "package domain\n\nimport (\n\t\"time\"\n)\n\nconst CollectionNameWorkflowRun = \"workflow_run\"\n\ntype WorkflowRun struct {\n\tMeta\n\tWorkflowId string `db:\"workflowRef\" json:\"workflowId\"`\n\tStatus WorkflowRunStatusType `db:\"status\" json:\"status\"`\n\tTrigger WorkflowTriggerType `db:\"trigger\" json:\"trigger\"`\n\tStartedAt time.Time `db:\"startedAt\" json:\"startedAt\"`\n\tEndedAt time.Time `db:\"endedAt\" json:\"endedAt\"`\n\tGraph *WorkflowGraph `db:\"graph\" json:\"graph\"`\n\tError string `db:\"error\" json:\"error\"`\n}\n\ntype WorkflowRunStatusType string\n\nconst (\n\tWorkflowRunStatusTypePending WorkflowRunStatusType = \"pending\"\n\tWorkflowRunStatusTypeProcessing WorkflowRunStatusType = \"processing\"\n\tWorkflowRunStatusTypeSucceeded WorkflowRunStatusType = \"succeeded\"\n\tWorkflowRunStatusTypeFailed WorkflowRunStatusType = \"failed\"\n\tWorkflowRunStatusTypeCanceled WorkflowRunStatusType = \"canceled\"\n)\n"
},
{
"path": "internal/notify/client.go",
"content": "package notify\n\nimport (\n\t\"log/slog\"\n)\n\ntype Client struct {\n\tlogger *slog.Logger\n}\n\ntype ClientConfigure func(*Client)\n\nfunc NewClient(configures ...ClientConfigure) *Client {\n\tclient := &Client{}\n\tfor _, configure := range configures {\n\t\tconfigure(client)\n\t}\n\treturn client\n}\n\nfunc WithLogger(logger *slog.Logger) ClientConfigure {\n\treturn func(c *Client) {\n\t\tc.logger = logger\n\t}\n}\n"
},
{
"path": "internal/notify/client_notifier.go",
"content": "package notify\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/notify/notifiers\"\n)\n\ntype SendNotificationRequest struct {\n\t// 提供商相关\n\tProvider string\n\tProviderAccessConfig map[string]any\n\tProviderExtendedConfig map[string]any\n\n\t// 通知相关\n\tSubject string\n\tMessage string\n}\n\ntype SendNotificationResponse struct{}\n\nfunc (c *Client) SendNotification(ctx context.Context, request *SendNotificationRequest) (*SendNotificationResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"the request is nil\")\n\t}\n\n\tproviderFactory, err := notifiers.Registries.Get(domain.NotificationProviderType(request.Provider))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tprovider, err := providerFactory(¬ifiers.ProviderFactoryOptions{\n\t\tProviderAccessConfig: request.ProviderAccessConfig,\n\t\tProviderExtendedConfig: request.ProviderExtendedConfig,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to initialize notification provider '%s': %w\", request.Provider, err)\n\t}\n\n\tprovider.SetLogger(c.logger)\n\tif _, err := provider.Notify(ctx, request.Subject, request.Message); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &SendNotificationResponse{}, nil\n}\n"
},
{
"path": "internal/notify/notifiers/registry.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype ProviderFactoryFunc func(options *ProviderFactoryOptions) (notifier.Provider, error)\n\ntype ProviderFactoryOptions struct {\n\tProviderAccessConfig map[string]any\n\tProviderExtendedConfig map[string]any\n}\n\ntype Registry[T comparable] interface {\n\tRegister(T, ProviderFactoryFunc) error\n\tMustRegister(T, ProviderFactoryFunc)\n\tGet(T) (ProviderFactoryFunc, error)\n}\n\ntype registry[T comparable] struct {\n\tfactories map[T]ProviderFactoryFunc\n}\n\nfunc (r *registry[T]) Register(name T, factory ProviderFactoryFunc) error {\n\tif _, exists := r.factories[name]; exists {\n\t\treturn fmt.Errorf(\"provider '%v' already registered\", name)\n\t}\n\n\tr.factories[name] = factory\n\treturn nil\n}\n\nfunc (r *registry[T]) MustRegister(name T, factory ProviderFactoryFunc) {\n\tif err := r.Register(name, factory); err != nil {\n\t\tpanic(err)\n\t}\n}\n\nfunc (r *registry[T]) Get(name T) (ProviderFactoryFunc, error) {\n\tif factory, exists := r.factories[name]; exists {\n\t\treturn factory, nil\n\t}\n\n\treturn nil, fmt.Errorf(\"provider '%v' not registered\", name)\n}\n\nfunc newRegistry[T comparable]() Registry[T] {\n\treturn ®istry[T]{factories: make(map[T]ProviderFactoryFunc)}\n}\n\nvar Registries = newRegistry[domain.NotificationProviderType]()\n"
},
{
"path": "internal/notify/notifiers/sp_dingtalkbot.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/dingtalkbot\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeDingTalkBot, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForDingTalkBot{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := dingtalkbot.NewNotifier(&dingtalkbot.NotifierConfig{\n\t\t\tWebhookUrl: credentials.WebhookUrl,\n\t\t\tSecret: credentials.Secret,\n\t\t\tCustomPayload: credentials.CustomPayload,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_discordbot.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/discordbot\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeDiscordBot, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForDiscordBot{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := discordbot.NewNotifier(&discordbot.NotifierConfig{\n\t\t\tBotToken: credentials.BotToken,\n\t\t\tChannelId: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"channelId\", credentials.ChannelId),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_email.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/email\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeEmail, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForEmail{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := email.NewNotifier(&email.NotifierConfig{\n\t\t\tSmtpHost: credentials.SmtpHost,\n\t\t\tSmtpPort: credentials.SmtpPort,\n\t\t\tSmtpTls: credentials.SmtpTls,\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tSenderAddress: credentials.SenderAddress,\n\t\t\tSenderName: credentials.SenderName,\n\t\t\tReceiverAddress: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"receiverAddress\", credentials.ReceiverAddress),\n\t\t\tMessageFormat: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"format\", email.MESSAGE_FORMAT_PLAIN),\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_larkbot.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/larkbot\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeLarkBot, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForLarkBot{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := larkbot.NewNotifier(&larkbot.NotifierConfig{\n\t\t\tWebhookUrl: credentials.WebhookUrl,\n\t\t\tSecret: credentials.Secret,\n\t\t\tCustomPayload: credentials.CustomPayload,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_mattermost.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/mattermost\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeMattermost, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForMattermost{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := mattermost.NewNotifier(&mattermost.NotifierConfig{\n\t\t\tServerUrl: credentials.ServerUrl,\n\t\t\tUsername: credentials.Username,\n\t\t\tPassword: credentials.Password,\n\t\t\tChannelId: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"channelId\", credentials.ChannelId),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_slackbot.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\tslackbot \"github.com/certimate-go/certimate/pkg/core/notifier/providers/slackbot\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeSlackBot, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForSlackBot{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := slackbot.NewNotifier(&slackbot.NotifierConfig{\n\t\t\tBotToken: credentials.BotToken,\n\t\t\tChannelId: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"channelId\", credentials.ChannelId),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_telegrambot.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/telegrambot\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeTelegramBot, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForTelegramBot{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := telegrambot.NewNotifier(&telegrambot.NotifierConfig{\n\t\t\tBotToken: credentials.BotToken,\n\t\t\tChatId: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"chatId\", credentials.ChatId),\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_webhook.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/webhook\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeWebhook, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForWebhook{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tmergedHeaders := make(map[string]string)\n\t\tif defaultHeadersString := credentials.HeadersString; defaultHeadersString != \"\" {\n\t\t\th, err := xhttp.ParseHeaders(defaultHeadersString)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to parse webhook headers: %w\", err)\n\t\t\t}\n\t\t\tfor key := range h {\n\t\t\t\tmergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)\n\t\t\t}\n\t\t}\n\t\tif extendedHeadersString := xmaps.GetString(options.ProviderExtendedConfig, \"headers\"); extendedHeadersString != \"\" {\n\t\t\th, err := xhttp.ParseHeaders(extendedHeadersString)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to parse webhook headers: %w\", err)\n\t\t\t}\n\t\t\tfor key := range h {\n\t\t\t\tmergedHeaders[http.CanonicalHeaderKey(key)] = h.Get(key)\n\t\t\t}\n\t\t}\n\n\t\tprovider, err := webhook.NewNotifier(&webhook.NotifierConfig{\n\t\t\tWebhookUrl: credentials.Url,\n\t\t\tWebhookData: xmaps.GetOrDefaultString(options.ProviderExtendedConfig, \"webhookData\", credentials.DataString),\n\t\t\tMethod: credentials.Method,\n\t\t\tHeaders: mergedHeaders,\n\t\t\tTimeout: xmaps.GetInt(options.ProviderExtendedConfig, \"timeout\"),\n\t\t\tAllowInsecureConnections: credentials.AllowInsecureConnections,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/notifiers/sp_wecombot.go",
"content": "package notifiers\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier/providers/wecombot\"\n\txmaps \"github.com/certimate-go/certimate/pkg/utils/maps\"\n)\n\nfunc init() {\n\tRegistries.MustRegister(domain.NotificationProviderTypeWeComBot, func(options *ProviderFactoryOptions) (notifier.Provider, error) {\n\t\tcredentials := domain.AccessConfigForWeComBot{}\n\t\tif err := xmaps.Populate(options.ProviderAccessConfig, &credentials); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to populate provider access config: %w\", err)\n\t\t}\n\n\t\tprovider, err := wecombot.NewNotifier(&wecombot.NotifierConfig{\n\t\t\tWebhookUrl: credentials.WebhookUrl,\n\t\t\tCustomPayload: credentials.CustomPayload,\n\t\t})\n\t\treturn provider, err\n\t})\n}\n"
},
{
"path": "internal/notify/service.go",
"content": "package notify\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/certimate-go/certimate/internal/domain/dtos\"\n)\n\nconst (\n\ttestSubject = \"[Certimate] Notification Testing\"\n\ttestMessage = \"Welcome to use Certimate!\"\n)\n\ntype NotifyService struct {\n\taccessRepo accessRepository\n}\n\nfunc NewNotifyService(accessRepo accessRepository) *NotifyService {\n\treturn &NotifyService{\n\t\taccessRepo: accessRepo,\n\t}\n}\n\nfunc (n *NotifyService) TestPush(ctx context.Context, req *dtos.NotifyTestPushReq) (*dtos.NotifyTestPushResp, error) {\n\taccessConfig := make(map[string]any)\n\tif access, err := n.accessRepo.GetById(ctx, req.AccessId); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to get access #%s record: %w\", req.AccessId, err)\n\t} else {\n\t\tif access.Reserve != \"notif\" {\n\t\t\treturn nil, fmt.Errorf(\"access #%s is not available for notification\", req.AccessId)\n\t\t}\n\n\t\taccessConfig = access.Config\n\t}\n\n\tnotifier := NewClient()\n\tnotifyReq := &SendNotificationRequest{\n\t\tProvider: req.Provider,\n\t\tProviderAccessConfig: accessConfig,\n\t\tProviderExtendedConfig: make(map[string]any),\n\t\tSubject: testSubject,\n\t\tMessage: testMessage,\n\t}\n\tif _, err := notifier.SendNotification(ctx, notifyReq); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &dtos.NotifyTestPushResp{}, nil\n}\n"
},
{
"path": "internal/notify/service_deps.go",
"content": "package notify\n\nimport (\n\t\"context\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype accessRepository interface {\n\tGetById(ctx context.Context, id string) (*domain.Access, error)\n}\n"
},
{
"path": "internal/repository/access.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype AccessRepository struct{}\n\nfunc NewAccessRepository() *AccessRepository {\n\treturn &AccessRepository{}\n}\n\nfunc (r *AccessRepository) GetById(ctx context.Context, id string) (*domain.Access, error) {\n\trecord, err := app.GetApp().FindRecordById(domain.CollectionNameAccess, id)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\n\tif !record.GetDateTime(\"deleted\").Time().IsZero() {\n\t\treturn nil, domain.ErrRecordNotFound\n\t}\n\n\treturn r.castRecordToModel(record)\n}\n\nfunc (r *AccessRepository) castRecordToModel(record *core.Record) (*domain.Access, error) {\n\tif record == nil {\n\t\treturn nil, errors.New(\"the record is nil\")\n\t}\n\n\tconfig := make(map[string]any)\n\tif err := record.UnmarshalJSONField(\"config\", &config); err != nil {\n\t\treturn nil, errors.New(\"field 'config' is malformed\")\n\t}\n\n\taccess := &domain.Access{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tName: record.GetString(\"name\"),\n\t\tProvider: record.GetString(\"provider\"),\n\t\tConfig: config,\n\t\tReserve: record.GetString(\"reserve\"),\n\t}\n\treturn access, nil\n}\n"
},
{
"path": "internal/repository/acme_account.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/go-acme/lego/v4/acme\"\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype ACMEAccountRepository struct{}\n\nfunc NewACMEAccountRepository() *ACMEAccountRepository {\n\treturn &ACMEAccountRepository{}\n}\n\nfunc (r *ACMEAccountRepository) GetByCAAndEmail(ctx context.Context, ca, caDirUrl, email string) (*domain.ACMEAccount, error) {\n\trecord, err := app.GetApp().FindFirstRecordByFilter(\n\t\tdomain.CollectionNameACMEAccount,\n\t\t\"ca={:ca} && acmeDirUrl={:acmeDirUrl} && email={:email}\",\n\t\tdbx.Params{\"ca\": ca, \"acmeDirUrl\": caDirUrl, \"email\": email},\n\t)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\n\treturn r.castRecordToModel(record)\n}\n\nfunc (r *ACMEAccountRepository) GetByAcctUrl(ctx context.Context, acctUrl string) (*domain.ACMEAccount, error) {\n\trecord, err := app.GetApp().FindFirstRecordByFilter(\n\t\tdomain.CollectionNameACMEAccount,\n\t\t\"acmeAcctUrl={:acmeAcctUrl}\",\n\t\tdbx.Params{\"acmeAcctUrl\": acctUrl},\n\t)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\n\treturn r.castRecordToModel(record)\n}\n\nfunc (r *ACMEAccountRepository) Save(ctx context.Context, acmeAccount *domain.ACMEAccount) (*domain.ACMEAccount, error) {\n\tcollection, err := app.GetApp().FindCollectionByNameOrId(domain.CollectionNameACMEAccount)\n\tif err != nil {\n\t\treturn acmeAccount, err\n\t}\n\n\tvar record *core.Record\n\tif acmeAccount.Id == \"\" {\n\t\trecord = core.NewRecord(collection)\n\t} else {\n\t\trecord, err = app.GetApp().FindRecordById(collection, acmeAccount.Id)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\t\treturn acmeAccount, domain.ErrRecordNotFound\n\t\t\t}\n\t\t\treturn acmeAccount, err\n\t\t}\n\t}\n\n\trecord.Set(\"ca\", acmeAccount.CA)\n\trecord.Set(\"email\", acmeAccount.Email)\n\trecord.Set(\"privateKey\", acmeAccount.PrivateKey)\n\trecord.Set(\"acmeAccount\", acmeAccount.ACMEAccount)\n\trecord.Set(\"acmeAcctUrl\", acmeAccount.ACMEAcctUrl)\n\trecord.Set(\"acmeDirUrl\", acmeAccount.ACMEDirUrl)\n\tif err := app.GetApp().Save(record); err != nil {\n\t\treturn acmeAccount, err\n\t}\n\n\tacmeAccount.Id = record.Id\n\tacmeAccount.CreatedAt = record.GetDateTime(\"created\").Time()\n\tacmeAccount.UpdatedAt = record.GetDateTime(\"updated\").Time()\n\treturn acmeAccount, nil\n}\n\nfunc (r *ACMEAccountRepository) castRecordToModel(record *core.Record) (*domain.ACMEAccount, error) {\n\tif record == nil {\n\t\treturn nil, errors.New(\"the record is nil\")\n\t}\n\n\taccount := &acme.Account{}\n\tif err := record.UnmarshalJSONField(\"acmeAccount\", account); err != nil {\n\t\treturn nil, errors.New(\"field 'acmeAccount' is malformed\")\n\t}\n\n\tacmeAccount := &domain.ACMEAccount{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tCA: record.GetString(\"ca\"),\n\t\tEmail: record.GetString(\"email\"),\n\t\tPrivateKey: record.GetString(\"privateKey\"),\n\t\tACMEAccount: account,\n\t\tACMEAcctUrl: record.GetString(\"acmeAcctUrl\"),\n\t\tACMEDirUrl: record.GetString(\"acmeDirUrl\"),\n\t}\n\treturn acmeAccount, nil\n}\n"
},
{
"path": "internal/repository/certificate.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n)\n\ntype CertificateRepository struct{}\n\nfunc NewCertificateRepository() *CertificateRepository {\n\treturn &CertificateRepository{}\n}\n\nfunc (r *CertificateRepository) ListExpiringSoon(ctx context.Context) ([]*domain.Certificate, error) {\n\trecords, err := app.GetApp().FindAllRecords(\n\t\tdomain.CollectionNameCertificate,\n\t\tdbx.NewExp(\"validityNotAfter>DATETIME('now')\"),\n\t\tdbx.NewExp(\"validityNotAfter 0 {\n\t\treturn ret, errors.Join(errs...)\n\t}\n\n\treturn ret, nil\n}\n\nfunc (r *CertificateRepository) castRecordToModel(record *core.Record) (*domain.Certificate, error) {\n\tif record == nil {\n\t\treturn nil, errors.New(\"the record is nil\")\n\t}\n\n\tcertificate := &domain.Certificate{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tSource: domain.CertificateSourceType(record.GetString(\"source\")),\n\t\tSubjectAltNames: record.GetString(\"subjectAltNames\"),\n\t\tSerialNumber: record.GetString(\"serialNumber\"),\n\t\tCertificate: record.GetString(\"certificate\"),\n\t\tPrivateKey: record.GetString(\"privateKey\"),\n\t\tIssuerOrg: record.GetString(\"issuerOrg\"),\n\t\tIssuerCertificate: record.GetString(\"issuerCertificate\"),\n\t\tKeyAlgorithm: domain.CertificateKeyAlgorithmType(record.GetString(\"keyAlgorithm\")),\n\t\tValidityNotBefore: record.GetDateTime(\"validityNotBefore\").Time(),\n\t\tValidityNotAfter: record.GetDateTime(\"validityNotAfter\").Time(),\n\t\tValidityInterval: int32(record.GetInt(\"validityInterval\")),\n\t\tACMEAcctUrl: record.GetString(\"acmeAcctUrl\"),\n\t\tACMECertUrl: record.GetString(\"acmeCertUrl\"),\n\t\tIsRenewed: record.GetBool(\"isRenewed\"),\n\t\tIsRevoked: record.GetBool(\"isRevoked\"),\n\t\tWorkflowId: record.GetString(\"workflowRef\"),\n\t\tWorkflowRunId: record.GetString(\"workflowRunRef\"),\n\t\tWorkflowNodeId: record.GetString(\"workflowNodeId\"),\n\t}\n\treturn certificate, nil\n}\n"
},
{
"path": "internal/repository/settings.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/pocketbase/dbx\"\n)\n\ntype SettingsRepository struct{}\n\nfunc NewSettingsRepository() *SettingsRepository {\n\treturn &SettingsRepository{}\n}\n\nfunc (r *SettingsRepository) GetByName(ctx context.Context, name string) (*domain.Settings, error) {\n\trecord, err := app.GetApp().FindFirstRecordByFilter(\n\t\tdomain.CollectionNameSettings,\n\t\t\"name={:name}\",\n\t\tdbx.Params{\"name\": name},\n\t)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\n\tcontent := make(map[string]any)\n\tif err := record.UnmarshalJSONField(\"content\", &content); err != nil {\n\t\treturn nil, errors.New(\"field 'content' is malformed\")\n\t}\n\n\tsettings := &domain.Settings{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tName: record.GetString(\"name\"),\n\t\tContent: content,\n\t}\n\treturn settings, nil\n}\n"
},
{
"path": "internal/repository/statistics.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/pocketbase/dbx\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype StatisticsRepository struct{}\n\nfunc NewStatisticsRepository() *StatisticsRepository {\n\treturn &StatisticsRepository{}\n}\n\nfunc (r *StatisticsRepository) Get(ctx context.Context) (*domain.Statistics, error) {\n\tstatistics := &domain.Statistics{}\n\n\t// 读取设置\n\tvar persistenceSettings *domain.SettingsContentForPersistence\n\trsSettings := struct {\n\t\tContent string `db:\"content\"`\n\t}{}\n\tif err := app.GetDB().\n\t\tNewQuery(fmt.Sprintf(\"SELECT content FROM %s WHERE name = {:name}\", domain.CollectionNameSettings)).\n\t\tBind(dbx.Params{\"name\": domain.SettingsNamePersistence}).\n\t\tOne(&rsSettings); err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\tpersistenceSettings = (domain.SettingsContent{}).AsPersistence()\n\t\t} else {\n\t\t\treturn nil, err\n\t\t}\n\t} else {\n\t\tjson.Unmarshal([]byte(rsSettings.Content), &persistenceSettings)\n\t}\n\n\t// 统计所有证书\n\trsCertTotal := struct {\n\t\tTotal int `db:\"total\"`\n\t}{}\n\tif err := app.GetDB().\n\t\tNewQuery(fmt.Sprintf(\"SELECT COUNT(*) AS total FROM %s WHERE deleted = ''\", domain.CollectionNameCertificate)).\n\t\tOne(&rsCertTotal); err != nil {\n\t\treturn nil, err\n\t}\n\tstatistics.CertificateTotal = rsCertTotal.Total\n\n\t// 统计即将过期证书\n\trsCertExpiringSoonTotal := struct {\n\t\tTotal int `db:\"total\"`\n\t}{}\n\tif err := app.GetDB().\n\t\tNewQuery(fmt.Sprintf(\"SELECT COUNT(*) AS total FROM %s WHERE validityNotAfter <= DATETIME('now', '+%d days') AND validityNotAfter > DATETIME('now') AND isRevoked = 0 AND deleted = ''\", domain.CollectionNameCertificate, persistenceSettings.CertificatesWarningDaysBeforeExpire)).\n\t\tOne(&rsCertExpiringSoonTotal); err != nil {\n\t\treturn nil, err\n\t}\n\tstatistics.CertificateExpiringSoon = rsCertExpiringSoonTotal.Total\n\n\t// 统计已过期证书\n\trsCertExpiredTotal := struct {\n\t\tTotal int `db:\"total\"`\n\t}{}\n\tif err := app.GetDB().\n\t\tNewQuery(fmt.Sprintf(\"SELECT COUNT(*) AS total FROM %s WHERE validityNotAfter <= DATETIME('now') AND deleted = ''\", domain.CollectionNameCertificate)).\n\t\tOne(&rsCertExpiredTotal); err != nil {\n\t\treturn nil, err\n\t}\n\tstatistics.CertificateExpired = rsCertExpiredTotal.Total\n\n\t// 统计所有工作流\n\trsWorkflowTotal := struct {\n\t\tTotal int `db:\"total\"`\n\t}{}\n\tif err := app.GetDB().\n\t\tNewQuery(fmt.Sprintf(\"SELECT COUNT(*) AS total FROM %s\", domain.CollectionNameWorkflow)).\n\t\tOne(&rsWorkflowTotal); err != nil {\n\t\treturn nil, err\n\t}\n\tstatistics.WorkflowTotal = rsWorkflowTotal.Total\n\n\t// 统计已启用工作流\n\trsWorkflowEnabledTotal := struct {\n\t\tTotal int `db:\"total\"`\n\t}{}\n\tif err := app.GetDB().\n\t\tNewQuery(fmt.Sprintf(\"SELECT COUNT(*) AS total FROM %s WHERE enabled IS TRUE\", domain.CollectionNameWorkflow)).\n\t\tOne(&rsWorkflowEnabledTotal); err != nil {\n\t\treturn nil, err\n\t}\n\tstatistics.WorkflowEnabled = rsWorkflowEnabledTotal.Total\n\tstatistics.WorkflowDisabled = rsWorkflowTotal.Total - rsWorkflowEnabledTotal.Total\n\n\treturn statistics, nil\n}\n"
},
{
"path": "internal/repository/workflow.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n)\n\ntype WorkflowRepository struct{}\n\nfunc NewWorkflowRepository() *WorkflowRepository {\n\treturn &WorkflowRepository{}\n}\n\nfunc (r *WorkflowRepository) ListEnabledScheduled(ctx context.Context) ([]*domain.Workflow, error) {\n\trecords, err := app.GetApp().FindRecordsByFilter(\n\t\tdomain.CollectionNameWorkflow,\n\t\t\"enabled={:enabled} && trigger={:trigger}\",\n\t\t\"-created\",\n\t\t0, 0,\n\t\tdbx.Params{\"enabled\": true, \"trigger\": string(domain.WorkflowTriggerTypeScheduled)},\n\t)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tworkflows := make([]*domain.Workflow, 0)\n\tfor _, record := range records {\n\t\tworkflow, err := r.castRecordToModel(record)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tworkflows = append(workflows, workflow)\n\t}\n\n\treturn workflows, nil\n}\n\nfunc (r *WorkflowRepository) GetById(ctx context.Context, id string) (*domain.Workflow, error) {\n\trecord, err := app.GetApp().FindRecordById(domain.CollectionNameWorkflow, id)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\n\treturn r.castRecordToModel(record)\n}\n\nfunc (r *WorkflowRepository) Save(ctx context.Context, workflow *domain.Workflow) (*domain.Workflow, error) {\n\tcollection, err := app.GetApp().FindCollectionByNameOrId(domain.CollectionNameWorkflow)\n\tif err != nil {\n\t\treturn workflow, err\n\t}\n\n\tvar record *core.Record\n\tif workflow.Id == \"\" {\n\t\trecord = core.NewRecord(collection)\n\t} else {\n\t\trecord, err = app.GetApp().FindRecordById(collection, workflow.Id)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\t\treturn workflow, domain.ErrRecordNotFound\n\t\t\t}\n\t\t\treturn workflow, err\n\t\t}\n\t}\n\n\trecord.Set(\"name\", workflow.Name)\n\trecord.Set(\"description\", workflow.Description)\n\trecord.Set(\"trigger\", string(workflow.Trigger))\n\trecord.Set(\"triggerCron\", workflow.TriggerCron)\n\trecord.Set(\"enabled\", workflow.Enabled)\n\trecord.Set(\"graphDraft\", workflow.GraphDraft)\n\trecord.Set(\"graphContent\", workflow.GraphContent)\n\trecord.Set(\"hasDraft\", workflow.HasDraft)\n\trecord.Set(\"hasContent\", workflow.HasContent)\n\trecord.Set(\"lastRunRef\", workflow.LastRunId)\n\trecord.Set(\"lastRunStatus\", string(workflow.LastRunStatus))\n\trecord.Set(\"lastRunTime\", workflow.LastRunTime)\n\tif err := app.GetApp().Save(record); err != nil {\n\t\treturn workflow, err\n\t}\n\n\tworkflow.Id = record.Id\n\tworkflow.CreatedAt = record.GetDateTime(\"created\").Time()\n\tworkflow.UpdatedAt = record.GetDateTime(\"updated\").Time()\n\treturn workflow, nil\n}\n\nfunc (r *WorkflowRepository) castRecordToModel(record *core.Record) (*domain.Workflow, error) {\n\tif record == nil {\n\t\treturn nil, errors.New(\"the record is nil\")\n\t}\n\n\tgraphDraft := &domain.WorkflowGraph{}\n\tif err := record.UnmarshalJSONField(\"graphDraft\", graphDraft); err != nil {\n\t\treturn nil, errors.New(\"field 'graphDraft' is malformed\")\n\t}\n\n\tgraphContent := &domain.WorkflowGraph{}\n\tif err := record.UnmarshalJSONField(\"graphContent\", graphContent); err != nil {\n\t\treturn nil, errors.New(\"field 'graphContent' is malformed\")\n\t}\n\n\tworkflow := &domain.Workflow{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tName: record.GetString(\"name\"),\n\t\tDescription: record.GetString(\"description\"),\n\t\tTrigger: domain.WorkflowTriggerType(record.GetString(\"trigger\")),\n\t\tTriggerCron: record.GetString(\"triggerCron\"),\n\t\tEnabled: record.GetBool(\"enabled\"),\n\t\tGraphDraft: graphDraft,\n\t\tGraphContent: graphContent,\n\t\tHasDraft: record.GetBool(\"hasDraft\"),\n\t\tHasContent: record.GetBool(\"hasContent\"),\n\t\tLastRunId: record.GetString(\"lastRunRef\"),\n\t\tLastRunStatus: domain.WorkflowRunStatusType(record.GetString(\"lastRunStatus\")),\n\t\tLastRunTime: record.GetDateTime(\"lastRunTime\").Time(),\n\t}\n\treturn workflow, nil\n}\n"
},
{
"path": "internal/repository/workflow_log.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n)\n\ntype WorkflowLogRepository struct{}\n\nfunc NewWorkflowLogRepository() *WorkflowLogRepository {\n\treturn &WorkflowLogRepository{}\n}\n\nfunc (r *WorkflowLogRepository) ListByWorkflowRunId(ctx context.Context, workflowRunId string) ([]*domain.WorkflowLog, error) {\n\trecords, err := app.GetApp().FindRecordsByFilter(\n\t\tdomain.CollectionNameWorkflowLog,\n\t\t\"runRef={:runId}\",\n\t\t\"timestamp\",\n\t\t0, 0,\n\t\tdbx.Params{\"runId\": workflowRunId},\n\t)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tworkflowLogs := make([]*domain.WorkflowLog, 0)\n\tfor _, record := range records {\n\t\tworkflowLog, err := r.castRecordToModel(record)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tworkflowLogs = append(workflowLogs, workflowLog)\n\t}\n\n\treturn workflowLogs, nil\n}\n\nfunc (r *WorkflowLogRepository) Save(ctx context.Context, workflowLog *domain.WorkflowLog) (*domain.WorkflowLog, error) {\n\tcollection, err := app.GetApp().FindCollectionByNameOrId(domain.CollectionNameWorkflowLog)\n\tif err != nil {\n\t\treturn workflowLog, err\n\t}\n\n\tvar record *core.Record\n\tif workflowLog.Id == \"\" {\n\t\trecord = core.NewRecord(collection)\n\t} else {\n\t\trecord, err = app.GetApp().FindRecordById(collection, workflowLog.Id)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\t\treturn workflowLog, err\n\t\t\t}\n\t\t\trecord = core.NewRecord(collection)\n\t\t}\n\t}\n\n\trecord.Set(\"workflowRef\", workflowLog.WorkflowId)\n\trecord.Set(\"runRef\", workflowLog.RunId)\n\trecord.Set(\"nodeId\", workflowLog.NodeId)\n\trecord.Set(\"nodeName\", workflowLog.NodeName)\n\trecord.Set(\"timestamp\", workflowLog.TimestampMilli)\n\trecord.Set(\"level\", workflowLog.Level)\n\trecord.Set(\"message\", workflowLog.Message)\n\trecord.Set(\"data\", workflowLog.Data)\n\trecord.Set(\"created\", workflowLog.CreatedAt)\n\terr = app.GetApp().Save(record)\n\tif err != nil {\n\t\treturn workflowLog, err\n\t}\n\n\tworkflowLog.Id = record.Id\n\tworkflowLog.CreatedAt = record.GetDateTime(\"created\").Time()\n\tworkflowLog.UpdatedAt = record.GetDateTime(\"updated\").Time()\n\n\treturn workflowLog, nil\n}\n\nfunc (r *WorkflowLogRepository) castRecordToModel(record *core.Record) (*domain.WorkflowLog, error) {\n\tif record == nil {\n\t\treturn nil, errors.New(\"the record is nil\")\n\t}\n\n\tlogdata := make(map[string]any)\n\tif err := record.UnmarshalJSONField(\"data\", &logdata); err != nil {\n\t\treturn nil, errors.New(\"field 'data' is malformed\")\n\t}\n\n\tworkflowLog := &domain.WorkflowLog{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tWorkflowId: record.GetString(\"workflowRef\"),\n\t\tRunId: record.GetString(\"runRef\"),\n\t\tNodeId: record.GetString(\"nodeId\"),\n\t\tNodeName: record.GetString(\"nodeName\"),\n\t\tTimestampMilli: int64(record.GetInt(\"timestamp\")),\n\t\tLevel: int32(record.GetInt(\"level\")),\n\t\tMessage: record.GetString(\"message\"),\n\t\tData: logdata,\n\t}\n\treturn workflowLog, nil\n}\n"
},
{
"path": "internal/repository/workflow_output.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n)\n\ntype WorkflowOutputRepository struct{}\n\nfunc NewWorkflowOutputRepository() *WorkflowOutputRepository {\n\treturn &WorkflowOutputRepository{}\n}\n\nfunc (r *WorkflowOutputRepository) GetByWorkflowIdAndNodeId(ctx context.Context, workflowId string, workflowNodeId string) (*domain.WorkflowOutput, error) {\n\trecords, err := app.GetApp().FindRecordsByFilter(\n\t\tdomain.CollectionNameWorkflowOutput,\n\t\t\"workflowRef={:workflowId} && nodeId={:nodeId}\",\n\t\t\"-created\",\n\t\t1, 0,\n\t\tdbx.Params{\"workflowId\": workflowId},\n\t\tdbx.Params{\"nodeId\": workflowNodeId},\n\t)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\tif len(records) == 0 {\n\t\treturn nil, domain.ErrRecordNotFound\n\t}\n\n\treturn r.castRecordToModel(records[0])\n}\n\nfunc (r *WorkflowOutputRepository) GetByWorkflowRunIdAndNodeId(ctx context.Context, workflowRunId string, workflowNodeId string) (*domain.WorkflowOutput, error) {\n\trecords, err := app.GetApp().FindRecordsByFilter(\n\t\tdomain.CollectionNameWorkflowOutput,\n\t\t\"runRef={:workflowRunId} && nodeId={:nodeId}\",\n\t\t\"-created\",\n\t\t1, 0,\n\t\tdbx.Params{\"workflowRunId\": workflowRunId},\n\t\tdbx.Params{\"nodeId\": workflowNodeId},\n\t)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\tif len(records) == 0 {\n\t\treturn nil, domain.ErrRecordNotFound\n\t}\n\n\treturn r.castRecordToModel(records[0])\n}\n\nfunc (r *WorkflowOutputRepository) Save(ctx context.Context, workflowOutput *domain.WorkflowOutput) (*domain.WorkflowOutput, error) {\n\trecord, err := r.saveRecord(workflowOutput)\n\tif err != nil {\n\t\treturn workflowOutput, err\n\t}\n\n\tworkflowOutput.Id = record.Id\n\tworkflowOutput.CreatedAt = record.GetDateTime(\"created\").Time()\n\tworkflowOutput.UpdatedAt = record.GetDateTime(\"updated\").Time()\n\treturn workflowOutput, nil\n}\n\nfunc (r *WorkflowOutputRepository) castRecordToModel(record *core.Record) (*domain.WorkflowOutput, error) {\n\tif record == nil {\n\t\treturn nil, errors.New(\"the record is nil\")\n\t}\n\n\tnodeConfig := make(domain.WorkflowNodeConfig)\n\tif err := record.UnmarshalJSONField(\"nodeConfig\", &nodeConfig); err != nil {\n\t\treturn nil, errors.New(\"field 'nodeConfig' is malformed\")\n\t}\n\n\toutputs := make([]*domain.WorkflowOutputEntry, 0)\n\tif err := record.UnmarshalJSONField(\"outputs\", &outputs); err != nil {\n\t\treturn nil, errors.New(\"field 'outputs' is malformed\")\n\t}\n\n\tworkflowOutput := &domain.WorkflowOutput{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tWorkflowId: record.GetString(\"workflowRef\"),\n\t\tRunId: record.GetString(\"runRef\"),\n\t\tNodeId: record.GetString(\"nodeId\"),\n\t\tNodeConfig: nodeConfig,\n\t\tOutputs: outputs,\n\t\tSucceeded: record.GetBool(\"succeeded\"),\n\t}\n\treturn workflowOutput, nil\n}\n\nfunc (r *WorkflowOutputRepository) saveRecord(workflowOutput *domain.WorkflowOutput) (*core.Record, error) {\n\tcollection, err := app.GetApp().FindCollectionByNameOrId(domain.CollectionNameWorkflowOutput)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar record *core.Record\n\tif workflowOutput.Id == \"\" {\n\t\trecord = core.NewRecord(collection)\n\t} else {\n\t\trecord, err = app.GetApp().FindRecordById(collection, workflowOutput.Id)\n\t\tif err != nil {\n\t\t\treturn record, err\n\t\t}\n\t}\n\trecord.Set(\"workflowRef\", workflowOutput.WorkflowId)\n\trecord.Set(\"runRef\", workflowOutput.RunId)\n\trecord.Set(\"nodeId\", workflowOutput.NodeId)\n\trecord.Set(\"nodeConfig\", workflowOutput.NodeConfig)\n\trecord.Set(\"outputs\", workflowOutput.Outputs)\n\trecord.Set(\"succeeded\", workflowOutput.Succeeded)\n\tif err := app.GetApp().Save(record); err != nil {\n\t\treturn record, err\n\t}\n\n\treturn record, nil\n}\n"
},
{
"path": "internal/repository/workflow_run.go",
"content": "package repository\n\nimport (\n\t\"context\"\n\t\"database/sql\"\n\t\"errors\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n)\n\ntype WorkflowRunRepository struct{}\n\nfunc NewWorkflowRunRepository() *WorkflowRunRepository {\n\treturn &WorkflowRunRepository{}\n}\n\nfunc (r *WorkflowRunRepository) GetById(ctx context.Context, id string) (*domain.WorkflowRun, error) {\n\trecord, err := app.GetApp().FindRecordById(domain.CollectionNameWorkflowRun, id)\n\tif err != nil {\n\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\treturn nil, domain.ErrRecordNotFound\n\t\t}\n\t\treturn nil, err\n\t}\n\n\treturn r.castRecordToModel(record)\n}\n\nfunc (r *WorkflowRunRepository) Save(ctx context.Context, workflowRun *domain.WorkflowRun) (*domain.WorkflowRun, error) {\n\tcollection, err := app.GetApp().FindCollectionByNameOrId(domain.CollectionNameWorkflowRun)\n\tif err != nil {\n\t\treturn workflowRun, err\n\t}\n\n\tvar record *core.Record\n\tif workflowRun.Id == \"\" {\n\t\trecord = core.NewRecord(collection)\n\t} else {\n\t\trecord, err = app.GetApp().FindRecordById(collection, workflowRun.Id)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\t\treturn workflowRun, err\n\t\t\t}\n\t\t\trecord = core.NewRecord(collection)\n\t\t}\n\t}\n\n\trecord.Set(\"workflowRef\", workflowRun.WorkflowId)\n\trecord.Set(\"trigger\", string(workflowRun.Trigger))\n\trecord.Set(\"status\", string(workflowRun.Status))\n\trecord.Set(\"startedAt\", workflowRun.StartedAt)\n\trecord.Set(\"endedAt\", workflowRun.EndedAt)\n\trecord.Set(\"graph\", workflowRun.Graph)\n\trecord.Set(\"error\", workflowRun.Error)\n\terr = app.GetApp().Save(record)\n\tif err != nil {\n\t\treturn workflowRun, err\n\t}\n\n\tworkflowRun.Id = record.Id\n\tworkflowRun.CreatedAt = record.GetDateTime(\"created\").Time()\n\tworkflowRun.UpdatedAt = record.GetDateTime(\"updated\").Time()\n\treturn workflowRun, nil\n}\n\nfunc (r *WorkflowRunRepository) SaveWithCascading(ctx context.Context, workflowRun *domain.WorkflowRun) (*domain.WorkflowRun, error) {\n\tcollection, err := app.GetApp().FindCollectionByNameOrId(domain.CollectionNameWorkflowRun)\n\tif err != nil {\n\t\treturn workflowRun, err\n\t}\n\n\tvar record *core.Record\n\tif workflowRun.Id == \"\" {\n\t\trecord = core.NewRecord(collection)\n\t} else {\n\t\trecord, err = app.GetApp().FindRecordById(collection, workflowRun.Id)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, sql.ErrNoRows) {\n\t\t\t\treturn workflowRun, err\n\t\t\t}\n\t\t\trecord = core.NewRecord(collection)\n\t\t}\n\t}\n\n\terr = app.GetApp().RunInTransaction(func(txApp core.App) error {\n\t\trecord.Set(\"workflowRef\", workflowRun.WorkflowId)\n\t\trecord.Set(\"trigger\", string(workflowRun.Trigger))\n\t\trecord.Set(\"status\", string(workflowRun.Status))\n\t\trecord.Set(\"startedAt\", workflowRun.StartedAt)\n\t\trecord.Set(\"endedAt\", workflowRun.EndedAt)\n\t\trecord.Set(\"graph\", workflowRun.Graph)\n\t\trecord.Set(\"error\", workflowRun.Error)\n\t\terr = txApp.Save(record)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tworkflowRun.Id = record.Id\n\t\tworkflowRun.CreatedAt = record.GetDateTime(\"created\").Time()\n\t\tworkflowRun.UpdatedAt = record.GetDateTime(\"updated\").Time()\n\n\t\t// 事务级联更新所属工作流的最后运行记录\n\t\tworkflowRecord, err := txApp.FindRecordById(domain.CollectionNameWorkflow, workflowRun.WorkflowId)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t} else if workflowRun.Id == workflowRecord.GetString(\"lastRunRef\") {\n\t\t\tworkflowRecord.IgnoreUnchangedFields(true)\n\t\t\tworkflowRecord.Set(\"lastRunStatus\", record.GetString(\"status\"))\n\t\t\terr = txApp.Save(workflowRecord)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t} else if workflowRecord.GetDateTime(\"lastRunTime\").Time().IsZero() || workflowRun.StartedAt.After(workflowRecord.GetDateTime(\"lastRunTime\").Time()) {\n\t\t\tworkflowRecord.IgnoreUnchangedFields(true)\n\t\t\tworkflowRecord.Set(\"lastRunRef\", record.Id)\n\t\t\tworkflowRecord.Set(\"lastRunStatus\", record.GetString(\"status\"))\n\t\t\tworkflowRecord.Set(\"lastRunTime\", record.GetString(\"startedAt\"))\n\t\t\terr = txApp.Save(workflowRecord)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\treturn nil\n\t})\n\tif err != nil {\n\t\treturn workflowRun, err\n\t}\n\n\treturn workflowRun, nil\n}\n\nfunc (r *WorkflowRunRepository) DeleteWhere(ctx context.Context, exprs ...dbx.Expression) (int, error) {\n\trecords, err := app.GetApp().FindAllRecords(domain.CollectionNameWorkflowRun, exprs...)\n\tif err != nil {\n\t\treturn 0, nil\n\t}\n\n\tvar ret int\n\tvar errs []error\n\tfor _, record := range records {\n\t\tif err := app.GetApp().Delete(record); err != nil {\n\t\t\terrs = append(errs, err)\n\t\t} else {\n\t\t\tret++\n\t\t}\n\t}\n\n\tif len(errs) > 0 {\n\t\treturn ret, errors.Join(errs...)\n\t}\n\n\treturn ret, nil\n}\n\nfunc (r *WorkflowRunRepository) castRecordToModel(record *core.Record) (*domain.WorkflowRun, error) {\n\tif record == nil {\n\t\treturn nil, errors.New(\"the record is nil\")\n\t}\n\n\tgraph := &domain.WorkflowGraph{}\n\tif err := record.UnmarshalJSONField(\"graph\", &graph); err != nil {\n\t\treturn nil, errors.New(\"field 'graph' is malformed\")\n\t}\n\n\tworkflowRun := &domain.WorkflowRun{\n\t\tMeta: domain.Meta{\n\t\t\tId: record.Id,\n\t\t\tCreatedAt: record.GetDateTime(\"created\").Time(),\n\t\t\tUpdatedAt: record.GetDateTime(\"updated\").Time(),\n\t\t},\n\t\tWorkflowId: record.GetString(\"workflowRef\"),\n\t\tStatus: domain.WorkflowRunStatusType(record.GetString(\"status\")),\n\t\tTrigger: domain.WorkflowTriggerType(record.GetString(\"trigger\")),\n\t\tStartedAt: record.GetDateTime(\"startedAt\").Time(),\n\t\tEndedAt: record.GetDateTime(\"endedAt\").Time(),\n\t\tGraph: graph,\n\t\tError: record.GetString(\"error\"),\n\t}\n\treturn workflowRun, nil\n}\n"
},
{
"path": "internal/rest/handlers/certificates.go",
"content": "package handlers\n\nimport (\n\t\"context\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\t\"github.com/pocketbase/pocketbase/tools/router\"\n\n\t\"github.com/certimate-go/certimate/internal/domain/dtos\"\n\t\"github.com/certimate-go/certimate/internal/rest/resp\"\n)\n\ntype certificateService interface {\n\tDownloadCertificate(ctx context.Context, req *dtos.CertificateDownloadReq) (*dtos.CertificateDownloadResp, error)\n\tRevokeCertificate(ctx context.Context, req *dtos.CertificateRevokeReq) (*dtos.CertificateRevokeResp, error)\n}\n\ntype CertificatesHandler struct {\n\tservice certificateService\n}\n\nfunc NewCertificatesHandler(router *router.RouterGroup[*core.RequestEvent], service certificateService) {\n\thandler := &CertificatesHandler{\n\t\tservice: service,\n\t}\n\n\tgroup := router.Group(\"/certificates\")\n\tgroup.POST(\"/{certificateId}/download\", handler.downloadCertificate)\n\tgroup.POST(\"/{certificateId}/revoke\", handler.revokeCertificate)\n\n\tgroup.POST(\"/{certificateId}/archive\", handler.downloadCertificate) // 兼容旧版\n}\n\nfunc (handler *CertificatesHandler) downloadCertificate(e *core.RequestEvent) error {\n\treq := &dtos.CertificateDownloadReq{}\n\treq.CertificateId = e.Request.PathValue(\"certificateId\")\n\tif err := e.BindBody(req); err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\tres, err := handler.service.DownloadCertificate(e.Request.Context(), req)\n\tif err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\treturn resp.Ok(e, res)\n}\n\nfunc (handler *CertificatesHandler) revokeCertificate(e *core.RequestEvent) error {\n\treq := &dtos.CertificateRevokeReq{}\n\treq.CertificateId = e.Request.PathValue(\"certificateId\")\n\tif err := e.BindBody(req); err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\tres, err := handler.service.RevokeCertificate(e.Request.Context(), req)\n\tif err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\treturn resp.Ok(e, res)\n}\n"
},
{
"path": "internal/rest/handlers/notifications.go",
"content": "package handlers\n\nimport (\n\t\"context\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\t\"github.com/pocketbase/pocketbase/tools/router\"\n\n\t\"github.com/certimate-go/certimate/internal/domain/dtos\"\n\t\"github.com/certimate-go/certimate/internal/rest/resp\"\n)\n\ntype notifyService interface {\n\tTestPush(ctx context.Context, req *dtos.NotifyTestPushReq) (*dtos.NotifyTestPushResp, error)\n}\n\ntype NotificationsHandler struct {\n\tservice notifyService\n}\n\nfunc NewNotificationsHandler(router *router.RouterGroup[*core.RequestEvent], service notifyService) {\n\thandler := &NotificationsHandler{\n\t\tservice: service,\n\t}\n\n\tgroup := router.Group(\"/notifications\")\n\tgroup.POST(\"/test\", handler.test)\n}\n\nfunc (handler *NotificationsHandler) test(e *core.RequestEvent) error {\n\treq := &dtos.NotifyTestPushReq{}\n\tif err := e.BindBody(req); err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\tres, err := handler.service.TestPush(e.Request.Context(), req)\n\tif err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\treturn resp.Ok(e, res)\n}\n"
},
{
"path": "internal/rest/handlers/statistics.go",
"content": "package handlers\n\nimport (\n\t\"context\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\t\"github.com/pocketbase/pocketbase/tools/router\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/rest/resp\"\n)\n\ntype statisticsService interface {\n\tGet(ctx context.Context) (*domain.Statistics, error)\n}\n\ntype StatisticsHandler struct {\n\tservice statisticsService\n}\n\nfunc NewStatisticsHandler(router *router.RouterGroup[*core.RequestEvent], service statisticsService) {\n\thandler := &StatisticsHandler{\n\t\tservice: service,\n\t}\n\n\trouter.GET(\"/statistics\", handler.get)\n\n\trouter.GET(\"/statistics/get\", handler.get) // 兼容旧版\n}\n\nfunc (handler *StatisticsHandler) get(e *core.RequestEvent) error {\n\tres, err := handler.service.Get(e.Request.Context())\n\tif err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\treturn resp.Ok(e, res)\n}\n"
},
{
"path": "internal/rest/handlers/workflows.go",
"content": "package handlers\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\t\"github.com/pocketbase/pocketbase/tools/router\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/domain/dtos\"\n\t\"github.com/certimate-go/certimate/internal/rest/resp\"\n)\n\ntype workflowService interface {\n\tGetStatistics(ctx context.Context) (*dtos.WorkflowStatisticsResp, error)\n\tStartRun(ctx context.Context, req *dtos.WorkflowStartRunReq) (*dtos.WorkflowStartRunResp, error)\n\tCancelRun(ctx context.Context, req *dtos.WorkflowCancelRunReq) (*dtos.WorkflowCancelRunResp, error)\n\tShutdown(ctx context.Context)\n}\n\ntype WorkflowsHandler struct {\n\tservice workflowService\n}\n\nfunc NewWorkflowsHandler(router *router.RouterGroup[*core.RequestEvent], service workflowService) {\n\thandler := &WorkflowsHandler{\n\t\tservice: service,\n\t}\n\n\tgroup := router.Group(\"/workflows\")\n\tgroup.GET(\"/stats\", handler.getStatistics)\n\tgroup.POST(\"/{workflowId}/runs\", handler.startRun)\n\tgroup.POST(\"/{workflowId}/runs/{runId}/cancel\", handler.cancelRun)\n}\n\nfunc (handler *WorkflowsHandler) getStatistics(e *core.RequestEvent) error {\n\tres, err := handler.service.GetStatistics(e.Request.Context())\n\tif err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\treturn resp.Ok(e, res)\n}\n\nfunc (handler *WorkflowsHandler) startRun(e *core.RequestEvent) error {\n\treq := &dtos.WorkflowStartRunReq{}\n\treq.WorkflowId = e.Request.PathValue(\"workflowId\")\n\tif err := e.BindBody(req); err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\tif req.RunTrigger != domain.WorkflowTriggerTypeManual {\n\t\treturn resp.Err(e, errors.New(\"invalid parameters: the value of 'trigger' must be 'manual'\"))\n\t}\n\n\tres, err := handler.service.StartRun(e.Request.Context(), req)\n\tif err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\treturn resp.Ok(e, res)\n}\n\nfunc (handler *WorkflowsHandler) cancelRun(e *core.RequestEvent) error {\n\treq := &dtos.WorkflowCancelRunReq{}\n\treq.WorkflowId = e.Request.PathValue(\"workflowId\")\n\treq.RunId = e.Request.PathValue(\"runId\")\n\n\tres, err := handler.service.CancelRun(e.Request.Context(), req)\n\tif err != nil {\n\t\treturn resp.Err(e, err)\n\t}\n\n\treturn resp.Ok(e, res)\n}\n"
},
{
"path": "internal/rest/resp/resp.go",
"content": "package resp\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype Response struct {\n\tCode int `json:\"code\"`\n\tMsg string `json:\"msg\"`\n\tData interface{} `json:\"data\"`\n}\n\nfunc Ok(e *core.RequestEvent, data interface{}) error {\n\trs := &Response{\n\t\tCode: 0,\n\t\tMsg: \"success\",\n\t\tData: data,\n\t}\n\treturn e.JSON(http.StatusOK, rs)\n}\n\nfunc Err(e *core.RequestEvent, err error) error {\n\tcode := 500\n\n\txerr, ok := err.(*domain.Error)\n\tif ok {\n\t\tcode = xerr.Code\n\t}\n\n\trs := &Response{\n\t\tCode: code,\n\t\tMsg: err.Error(),\n\t\tData: nil,\n\t}\n\treturn e.JSON(http.StatusOK, rs)\n}\n"
},
{
"path": "internal/rest/routes/routes.go",
"content": "package routes\n\nimport (\n\t\"github.com/pocketbase/pocketbase/apis\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\t\"github.com/pocketbase/pocketbase/tools/router\"\n\n\t\"github.com/certimate-go/certimate/internal/certificate\"\n\t\"github.com/certimate-go/certimate/internal/notify\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n\t\"github.com/certimate-go/certimate/internal/rest/handlers\"\n\t\"github.com/certimate-go/certimate/internal/statistics\"\n\t\"github.com/certimate-go/certimate/internal/workflow\"\n)\n\nvar (\n\tcertificateSvc *certificate.CertificateService\n\tworkflowSvc *workflow.WorkflowService\n\tstatisticsSvc *statistics.StatisticsService\n\tnotifySvc *notify.NotifyService\n)\n\nfunc BindRouter(router *router.Router[*core.RequestEvent]) {\n\taccessRepo := repository.NewAccessRepository()\n\tworkflowRepo := repository.NewWorkflowRepository()\n\tworkflowRunRepo := repository.NewWorkflowRunRepository()\n\tacmeAccountRepo := repository.NewACMEAccountRepository()\n\tcertificateRepo := repository.NewCertificateRepository()\n\tsettingsRepo := repository.NewSettingsRepository()\n\tstatisticsRepo := repository.NewStatisticsRepository()\n\n\tcertificateSvc = certificate.NewCertificateService(acmeAccountRepo, certificateRepo, settingsRepo)\n\tworkflowSvc = workflow.NewWorkflowService(workflowRepo, workflowRunRepo, settingsRepo)\n\tstatisticsSvc = statistics.NewStatisticsService(statisticsRepo)\n\tnotifySvc = notify.NewNotifyService(accessRepo)\n\n\tgroup := router.Group(\"/api\")\n\tgroup.Bind(apis.RequireSuperuserAuth())\n\thandlers.NewCertificatesHandler(group, certificateSvc)\n\thandlers.NewWorkflowsHandler(group, workflowSvc)\n\thandlers.NewStatisticsHandler(group, statisticsSvc)\n\thandlers.NewNotificationsHandler(group, notifySvc)\n}\n"
},
{
"path": "internal/scheduler/certificate.go",
"content": "package scheduler\n\nimport \"context\"\n\ntype certificateService interface {\n\tInitSchedule(ctx context.Context) error\n}\n\nfunc InitCertificateScheduler(service certificateService) error {\n\treturn service.InitSchedule(context.Background())\n}\n"
},
{
"path": "internal/scheduler/scheduler.go",
"content": "package scheduler\n\nimport (\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/certificate\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n\t\"github.com/certimate-go/certimate/internal/workflow\"\n)\n\nfunc Setup() {\n\tworkflowRepo := repository.NewWorkflowRepository()\n\tworkflowRunRepo := repository.NewWorkflowRunRepository()\n\tacmeAccountRepo := repository.NewACMEAccountRepository()\n\tcertificateRepo := repository.NewCertificateRepository()\n\tsettingsRepo := repository.NewSettingsRepository()\n\n\tworkflowSvc := workflow.NewWorkflowService(workflowRepo, workflowRunRepo, settingsRepo)\n\tcertificateSvc := certificate.NewCertificateService(acmeAccountRepo, certificateRepo, settingsRepo)\n\n\tif err := InitWorkflowScheduler(workflowSvc); err != nil {\n\t\tapp.GetLogger().Error(\"failed to init workflow scheduler\", slog.Any(\"error\", err))\n\t}\n\n\tif err := InitCertificateScheduler(certificateSvc); err != nil {\n\t\tapp.GetLogger().Error(\"failed to init certificate scheduler\", slog.Any(\"error\", err))\n\t}\n}\n"
},
{
"path": "internal/scheduler/workflow.go",
"content": "package scheduler\n\nimport \"context\"\n\ntype workflowService interface {\n\tInitSchedule(ctx context.Context) error\n}\n\nfunc InitWorkflowScheduler(service workflowService) error {\n\treturn service.InitSchedule(context.Background())\n}\n"
},
{
"path": "internal/statistics/service.go",
"content": "package statistics\n\nimport (\n\t\"context\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype StatisticsService struct {\n\tstatRepo statisticsRepository\n}\n\nfunc NewStatisticsService(statRepo statisticsRepository) *StatisticsService {\n\treturn &StatisticsService{\n\t\tstatRepo: statRepo,\n\t}\n}\n\nfunc (s *StatisticsService) Get(ctx context.Context) (*domain.Statistics, error) {\n\treturn s.statRepo.Get(ctx)\n}\n"
},
{
"path": "internal/statistics/service_deps.go",
"content": "package statistics\n\nimport (\n\t\"context\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype statisticsRepository interface {\n\tGet(ctx context.Context) (*domain.Statistics, error)\n}\n"
},
{
"path": "internal/tools/mproc/receiver.go",
"content": "package mproc\n\nimport (\n\t\"context\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\n\txcrypto \"github.com/certimate-go/certimate/pkg/utils/crypto\"\n)\n\ntype Receiver[TIn any, TOut any] interface {\n\tReceive(infile, outfile, enckey string) error\n\tReceiveWithContext(ctx context.Context, infile, outfile, enckey string) error\n}\n\ntype ReceiverHandler[TIn any, TOut any] func(ctx context.Context, params *TIn) (*TOut, error)\n\ntype receiver[TIn any, TOut any] struct {\n\thandler ReceiverHandler[TIn, TOut]\n}\n\nfunc (r *receiver[TIn, TOut]) Receive(infile, outfile, enckey string) error {\n\treturn r.ReceiveWithContext(context.Background(), infile, outfile, enckey)\n}\n\nfunc (r *receiver[TIn, TOut]) ReceiveWithContext(ctx context.Context, infile, outfile, enckey string) error {\n\tif infile == \"\" {\n\t\treturn errors.New(\"mproc: missing or invalid input file\")\n\t}\n\tif outfile == \"\" {\n\t\treturn errors.New(\"mproc: missing or invalid output file\")\n\t}\n\tif enckey == \"\" {\n\t\treturn errors.New(\"mproc: missing or invalid encryption key\")\n\t}\n\n\taesKey, err := hex.DecodeString(enckey)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"mproc: missing or invalid encryption key: %w\", err)\n\t}\n\n\taesCryptor := xcrypto.NewAESCryptor(aesKey)\n\n\t// 读取输入\n\tinCipherData, err := os.ReadFile(infile)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"mproc: failed to read input file: %w\", err)\n\t}\n\n\t// 解密输入\n\tinPlainData, err := aesCryptor.CBCDecrypt(inCipherData)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"mproc: failed to decrypt input data: %w\", err)\n\t}\n\n\t// 反序列化输入\n\tvar inData TIn\n\tif err := json.Unmarshal(inPlainData, &inData); err != nil {\n\t\treturn fmt.Errorf(\"mproc: failed to unmarshal input data: %w\", err)\n\t}\n\n\t// 处理\n\toutData, err := r.handler(ctx, &inData)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 序列化输出\n\toutPlainData, err := json.Marshal(outData)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"mproc: failed to marshal output data: %w\", err)\n\t}\n\n\t// 加密输出\n\toutCipherData, err := aesCryptor.CBCEncrypt(outPlainData)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"mproc: failed to encrypt output data: %w\", err)\n\t}\n\n\t// 写入输出\n\tif err := os.WriteFile(outfile, outCipherData, 0o644); err != nil {\n\t\treturn fmt.Errorf(\"mproc: failed to write output file: %w\", err)\n\t}\n\n\treturn nil\n}\n\n// 创建并返回一个多进程指令接收器。\n//\n// 入参:\n// - handler: 多进程指令处理函数。\n//\n// 出参:\n// - 多进程指令接收器。\nfunc NewReceiver[TIn any, TOut any](handler ReceiverHandler[TIn, TOut]) Receiver[TIn, TOut] {\n\treturn &receiver[TIn, TOut]{handler: handler}\n}\n"
},
{
"path": "internal/tools/mproc/sender.go",
"content": "package mproc\n\nimport (\n\t\"context\"\n\t\"crypto/rand\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/go-cmd/cmd\"\n\n\txcrypto \"github.com/certimate-go/certimate/pkg/utils/crypto\"\n)\n\ntype Sender[TIn any, TOut any] interface {\n\tSend(params *TIn) (*TOut, error)\n\tSendWithContext(ctx context.Context, params *TIn) (*TOut, error)\n}\n\ntype sender[TIn any, TOut any] struct {\n\tcommand string\n\n\tlogger *slog.Logger\n}\n\nfunc (s *sender[TIn, TOut]) Send(params *TIn) (*TOut, error) {\n\treturn s.SendWithContext(context.Background(), params)\n}\n\nfunc (s *sender[TIn, TOut]) SendWithContext(ctx context.Context, params *TIn) (*TOut, error) {\n\t// 生成随机密钥\n\taesKey := make([]byte, 32)\n\tif _, err := rand.Read(aesKey); err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to generate aes key: %w\", err)\n\t}\n\n\taesCryptor := xcrypto.NewAESCryptor(aesKey)\n\n\t// 准备临时输入文件\n\ttempIn, err := os.CreateTemp(\"\", \"certimate.mprocin_*.tmp\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to create temp input file: %w\", err)\n\t} else {\n\t\tinPlainData, err := json.Marshal(params)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"mproc: failed to marshal input data: %w\", err)\n\t\t}\n\n\t\tinCipherData, err := aesCryptor.CBCEncrypt(inPlainData)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"mproc: failed to encrypt input data: %w\", err)\n\t\t}\n\n\t\tif _, err := tempIn.Write(inCipherData); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"mproc: failed to write input file: %w\", err)\n\t\t}\n\n\t\ttempIn.Close()\n\t}\n\tdefer os.Remove(tempIn.Name())\n\n\t// 准备临时输出文件\n\ttempOut, err := os.CreateTemp(\"\", \"certimate.mprocout_*.tmp\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to create temp output file: %w\", err)\n\t} else {\n\t\ttempOut.Close()\n\t}\n\tdefer os.Remove(tempOut.Name())\n\n\t// 准备临时错误文件\n\ttempErr, err := os.CreateTemp(\"\", \"certimate.mprocerr_*.tmp\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to create temp error file: %w\", err)\n\t} else {\n\t\ttempErr.Close()\n\t}\n\tdefer os.Remove(tempOut.Name())\n\n\t// 初始化子进程\n\tdone := make(chan struct{})\n\tmcmd := cmd.NewCmdOptions(cmd.Options{Buffered: false, Streaming: true},\n\t\ts.getEntrypoint(),\n\t\t\"intercmd\",\n\t\ts.command,\n\t\t\"--in\", tempIn.Name(),\n\t\t\"--out\", tempOut.Name(),\n\t\t\"--err\", tempErr.Name(),\n\t\t\"--enckey\", hex.EncodeToString(aesKey),\n\t)\n\tgo func() {\n\t\tdefer close(done)\n\t\tfor mcmd.Stdout != nil || mcmd.Stderr != nil {\n\t\t\tselect {\n\t\t\tcase line, open := <-mcmd.Stdout:\n\t\t\t\t{\n\t\t\t\t\tif !open {\n\t\t\t\t\t\tmcmd.Stdout = nil\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tif s.logger != nil {\n\t\t\t\t\t\tprint := s.logger.Info\n\n\t\t\t\t\t\t// split log level prefix for those vendor packages:\n\t\t\t\t\t\t// - github.com/go-acme/lego: INFO, WARN\n\t\t\t\t\t\tif strings.HasPrefix(line, \"[INFO] \") {\n\t\t\t\t\t\t\tline = strings.TrimPrefix(line, \"[INFO] \")\n\t\t\t\t\t\t\tprint = s.logger.Info\n\t\t\t\t\t\t} else if strings.HasPrefix(line, \"[WARN] \") {\n\t\t\t\t\t\t\tline = strings.TrimPrefix(line, \"[WARN] \")\n\t\t\t\t\t\t\tprint = s.logger.Warn\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tprint(line)\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\tcase line, open := <-mcmd.Stderr:\n\t\t\t\t{\n\t\t\t\t\tif !open {\n\t\t\t\t\t\tmcmd.Stderr = nil\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tif s.logger != nil {\n\t\t\t\t\t\tprint := s.logger.Error\n\n\t\t\t\t\t\t// split log level prefix for those vendor packages:\n\t\t\t\t\t\t// - github.com/nrdcg/desec: DEBUG\n\t\t\t\t\t\tif strings.Contains(line, \"[DEBUG] \") {\n\t\t\t\t\t\t\tline = strings.SplitN(line, \"[DEBUG] \", 2)[1]\n\t\t\t\t\t\t\tprint = s.logger.Debug\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tprint(line)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}()\n\n\t// 等待子进程退出\n\t<-mcmd.Start()\n\t<-done\n\tif err := mcmd.Status().Error; err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to exec child process: %w\", err)\n\t}\n\n\t// 读取输出\n\toutCipherData, err := os.ReadFile(tempOut.Name())\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to read output file: %w\", err)\n\t} else {\n\t\terrData, _ := os.ReadFile(tempErr.Name())\n\t\tif len(errData) > 0 {\n\t\t\treturn nil, errors.New(string(errData))\n\t\t}\n\t}\n\n\t// 解密输出\n\toutPlainData, err := aesCryptor.CBCDecrypt(outCipherData)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to decrypt output data: %w\", err)\n\t}\n\n\t// 反序列化输出\n\tvar outData TOut\n\tif err := json.Unmarshal(outPlainData, &outData); err != nil {\n\t\treturn nil, fmt.Errorf(\"mproc: failed to unmarshal output data: %w\", err)\n\t}\n\n\treturn &outData, nil\n}\n\nfunc (s *sender[TIn, TOut]) getEntrypoint() string {\n\texecutable, err := os.Executable()\n\tif err != nil {\n\t\texecutable = os.Args[0]\n\t}\n\treturn executable\n}\n\n// 创建并返回一个多进程指令发送器。\n//\n// 入参:\n// - command: 多进程指令命令。需要先注册为 `intercmd [command]` 命令行。\n// - logger: 日志记录器,将重定向多进程的标准输出流和标准错误流到该日志记录器中。\n//\n// 出参:\n// - 多进程指令发送器。\nfunc NewSender[TIn any, TOut any](command string, logger *slog.Logger) Sender[TIn, TOut] {\n\treturn &sender[TIn, TOut]{command: command, logger: logger}\n}\n"
},
{
"path": "internal/tools/s3/client.go",
"content": "package s3\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"fmt\"\n\t\"io\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/minio/minio-go/v7\"\n\t\"github.com/minio/minio-go/v7/pkg/credentials\"\n\t\"github.com/samber/lo\"\n\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n\txtls \"github.com/certimate-go/certimate/pkg/utils/tls\"\n)\n\ntype Client struct {\n\tcli *minio.Client\n}\n\nfunc NewClient(config *Config) (*Client, error) {\n\tif config == nil {\n\t\treturn nil, fmt.Errorf(\"the configuration of S3 client is nil\")\n\t}\n\n\tclient, err := createS3Client(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{cli: client}, nil\n}\n\nfunc (c *Client) PutObject(ctx context.Context, bucket, key string, reader io.Reader, size int64) error {\n\tputOpts := minio.PutObjectOptions{\n\t\tDisableMultipart: true,\n\t}\n\t_, err := c.cli.PutObject(ctx, bucket, key, reader, size, putOpts)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"s3: failed to put object: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (c *Client) PutObjectString(ctx context.Context, bucket, key string, data string) error {\n\treader := strings.NewReader(data)\n\treturn c.PutObject(ctx, bucket, key, reader, reader.Size())\n}\n\nfunc (c *Client) PutObjectBytes(ctx context.Context, bucket, key string, data []byte) error {\n\treader := bytes.NewReader(data)\n\treturn c.PutObject(ctx, bucket, key, reader, reader.Size())\n}\n\nfunc (c *Client) RemoveObject(ctx context.Context, bucket, key string) error {\n\tremoveOpts := minio.RemoveObjectOptions{}\n\terr := c.cli.RemoveObject(ctx, bucket, key, removeOpts)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"s3: failed to remove object: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createS3Client(config *Config) (*minio.Client, error) {\n\tvar clientCred *credentials.Credentials\n\tswitch config.SignatureVersion {\n\tcase \"\", SignatureV4:\n\t\tclientCred = credentials.NewStaticV4(config.AccessKey, config.SecretKey, \"\")\n\tcase SignatureV2:\n\t\tclientCred = credentials.NewStaticV2(config.AccessKey, config.SecretKey, \"\")\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"s3: unsupported signature version: '%s'\", config.SignatureVersion)\n\t}\n\n\tendpoint, secure := resolveEndpoint(config.Endpoint)\n\tclientOpts := &minio.Options{\n\t\tCreds: clientCred,\n\t\tRegion: config.Region,\n\t\tBucketLookup: lo.If(config.UsePathStyle, minio.BucketLookupPath).Else(minio.BucketLookupDNS),\n\t\tSecure: secure,\n\t}\n\n\tif secure && config.SkipTlsVerify {\n\t\ttransport := xhttp.NewDefaultTransport()\n\t\ttransport.TLSClientConfig = xtls.NewInsecureConfig()\n\t\tclientOpts.Transport = transport\n\t}\n\n\tclient, err := minio.New(endpoint, clientOpts)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"s3: %w\", err)\n\t}\n\n\treturn client, nil\n}\n\nfunc resolveEndpoint(endpoint string) (string, bool) {\n\tvar secure bool\n\tvar result string\n\n\treScheme := regexp.MustCompile(`^([^:]+)://`)\n\tif reScheme.MatchString(endpoint) {\n\t\ttemp := strings.Split(endpoint, \"://\")\n\t\tscheme := temp[0]\n\t\tresult = temp[1]\n\t\tsecure = strings.EqualFold(scheme, \"https\")\n\t} else {\n\t\tresult = endpoint\n\t\tsecure = true\n\t}\n\n\treturn result, secure\n}\n"
},
{
"path": "internal/tools/s3/config.go",
"content": "package s3\n\nconst (\n\tSignatureV2 = \"v2\"\n\tSignatureV4 = \"v4\"\n)\n\nconst (\n\tdefaultSignatureVersion = SignatureV4\n)\n\ntype Config struct {\n\tEndpoint string\n\tAccessKey string\n\tSecretKey string\n\tSignatureVersion string\n\tUsePathStyle bool\n\tRegion string\n\tSkipTlsVerify bool\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tSignatureVersion: defaultSignatureVersion,\n\t}\n}\n"
},
{
"path": "internal/tools/smtp/client.go",
"content": "package smtp\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/wneessen/go-mail\"\n\n\txtls \"github.com/certimate-go/certimate/pkg/utils/tls\"\n)\n\ntype Client struct {\n\tcli *mail.Client\n}\n\nfunc NewClient(config *Config) (*Client, error) {\n\tif config == nil {\n\t\treturn nil, fmt.Errorf(\"the configuration of SMTP client is nil\")\n\t}\n\n\tclient, err := createSmtpClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{cli: client}, nil\n}\n\nfunc (c *Client) Close() error {\n\treturn c.cli.Close()\n}\n\nfunc (c *Client) Send(ctx context.Context, msg *Message) error {\n\tif err := c.cli.DialAndSendWithContext(ctx, msg); err != nil {\n\t\terrShouldBeIgnored := false\n\n\t\t// REF: https://github.com/wneessen/go-mail/issues/463\n\t\tvar sendErr *mail.SendError\n\t\tif errors.As(err, &sendErr) {\n\t\t\tif sendErr.Reason == mail.ErrSMTPReset {\n\t\t\t\terrShouldBeIgnored = true\n\t\t\t}\n\t\t}\n\n\t\tif !errShouldBeIgnored {\n\t\t\treturn fmt.Errorf(\"smtp: %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSmtpClient(config *Config) (*mail.Client, error) {\n\tclientOptions := []mail.Option{\n\t\tmail.WithSMTPAuth(mail.SMTPAuthAutoDiscover),\n\t\tmail.WithUsername(config.Username),\n\t\tmail.WithPassword(config.Password),\n\t\tmail.WithTimeout(time.Second * 30),\n\t}\n\n\tif config.Port == 0 {\n\t\tif config.UseSsl {\n\t\t\tclientOptions = append(clientOptions, mail.WithPort(mail.DefaultPortSSL))\n\t\t} else {\n\t\t\tclientOptions = append(clientOptions, mail.WithPort(mail.DefaultPort))\n\t\t}\n\t} else {\n\t\tclientOptions = append(clientOptions, mail.WithPort(config.Port))\n\t}\n\n\tif config.UseSsl {\n\t\ttlsConfig := xtls.NewCompatibleConfig()\n\t\tif config.SkipTlsVerify {\n\t\t\ttlsConfig.InsecureSkipVerify = true\n\t\t} else {\n\t\t\ttlsConfig.ServerName = config.Host\n\t\t}\n\n\t\tclientOptions = append(clientOptions, mail.WithSSL())\n\t\tclientOptions = append(clientOptions, mail.WithTLSConfig(tlsConfig))\n\t\tclientOptions = append(clientOptions, mail.WithTLSPolicy(mail.TLSMandatory))\n\t} else {\n\t\tclientOptions = append(clientOptions, mail.WithTLSPolicy(mail.TLSOpportunistic))\n\t}\n\n\tclient, err := mail.NewClient(config.Host, clientOptions...)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"smtp: %w\", err)\n\t}\n\n\tclient.ErrorHandlerRegistry.RegisterHandler(\"smtp.qq.com\", \"QUIT\", &wQQMailQuitErrorHandler{})\n\n\treturn client, nil\n}\n"
},
{
"path": "internal/tools/smtp/config.go",
"content": "package smtp\n\nconst (\n\tdefaultPort int = 25\n)\n\ntype Config struct {\n\tHost string\n\tPort int\n\tUsername string\n\tPassword string\n\tUseSsl bool\n\tSkipTlsVerify bool\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tPort: defaultPort,\n\t}\n}\n"
},
{
"path": "internal/tools/smtp/errhandler.go",
"content": "package smtp\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"io\"\n\t\"net/textproto\"\n)\n\n// REF: https://github.com/wneessen/go-mail/wiki/Error-Registry\ntype wQQMailQuitErrorHandler struct{}\n\nfunc (q *wQQMailQuitErrorHandler) HandleError(_, _ string, conn *textproto.Conn, err error) error {\n\tvar tpErr textproto.ProtocolError\n\tif errors.As(err, &tpErr) {\n\t\tif len(tpErr.Error()) < 16 {\n\t\t\treturn err\n\t\t}\n\t\tif !bytes.Equal([]byte(tpErr.Error()[16:]), []byte(\"\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\")) {\n\t\t\treturn err\n\t\t}\n\t\t_, _ = io.ReadFull(conn.R, make([]byte, 8))\n\t\treturn nil\n\t}\n\treturn err\n}\n"
},
{
"path": "internal/tools/smtp/message.go",
"content": "package smtp\n\nimport (\n\t\"github.com/wneessen/go-mail\"\n)\n\ntype Message = mail.Msg\n\nfunc NewMessage() *Message {\n\treturn mail.NewMsg()\n}\n\ntype MIMEType = mail.ContentType\n\nconst (\n\tMIMETypeTextHTML MIMEType = mail.TypeTextHTML\n\tMIMETypeTextPlain MIMEType = mail.TypeTextPlain\n)\n"
},
{
"path": "internal/tools/ssh/auth.go",
"content": "package ssh\n\ntype AuthMethodType string\n\nconst (\n\tAuthMethodTypeNone AuthMethodType = \"none\"\n\tAuthMethodTypePassword AuthMethodType = \"password\"\n\tAuthMethodTypeKey AuthMethodType = \"key\"\n)\n"
},
{
"path": "internal/tools/ssh/client.go",
"content": "package ssh\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"net\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\t\"golang.org/x/crypto/ssh\"\n)\n\ntype Client struct {\n\tconns []net.Conn\n\tclis []*ssh.Client\n}\n\nfunc NewClient(config *Config) (*Client, error) {\n\tif config == nil {\n\t\treturn nil, fmt.Errorf(\"the configuration of SSH client is nil\")\n\t}\n\n\tconns, clis, err := createConnsAndSshClients(config)\n\tif err != nil {\n\t\tfor i := len(clis) - 1; i >= 0; i-- {\n\t\t\tclis[i].Close()\n\t\t}\n\n\t\tfor i := len(conns) - 1; i >= 0; i-- {\n\t\t\tconns[i].Close()\n\t\t}\n\n\t\treturn nil, err\n\t}\n\n\treturn &Client{conns: conns, clis: clis}, nil\n}\n\nfunc (c *Client) Close() error {\n\terrs := make([]error, 0)\n\n\tfor i := len(c.clis) - 1; i >= 0; i-- {\n\t\tcli := c.clis[i]\n\t\tif err := cli.Close(); err != nil {\n\t\t\terrs = append(errs, err)\n\t\t}\n\t}\n\n\tfor i := len(c.conns) - 1; i >= 0; i-- {\n\t\tconn := c.conns[i]\n\t\tif err := conn.Close(); err != nil {\n\t\t\terrs = append(errs, err)\n\t\t}\n\t}\n\n\tif len(errs) == 0 {\n\t\treturn nil\n\t} else if len(errs) == 1 {\n\t\treturn errs[0]\n\t} else {\n\t\treturn errors.Join(errs...)\n\t}\n}\n\nfunc (c *Client) GetClient() *ssh.Client {\n\tif len(c.clis) == 0 {\n\t\treturn nil\n\t}\n\n\treturn c.clis[len(c.clis)-1]\n}\n\nfunc createConnsAndSshClients(config *Config) (conns []net.Conn, clis []*ssh.Client, err error) {\n\tconns = make([]net.Conn, 0)\n\tclis = make([]*ssh.Client, 0)\n\n\tvar targetConn net.Conn\n\tif len(config.JumpServers) > 0 {\n\t\tvar jumpCli *ssh.Client\n\n\t\tfor i, jumpConfig := range config.JumpServers {\n\t\t\tvar jumpConn net.Conn\n\t\t\tif jumpCli == nil {\n\t\t\t\tjumpConn, err = net.Dial(\"tcp\", resolveAddr(jumpConfig.Host, jumpConfig.Port))\n\t\t\t} else {\n\t\t\t\tjumpConn, err = jumpCli.Dial(\"tcp\", resolveAddr(jumpConfig.Host, jumpConfig.Port))\n\t\t\t}\n\t\t\tif err != nil {\n\t\t\t\terr = fmt.Errorf(\"ssh: failed to connect to jump server [%d]: %w\", i+1, err)\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\tconns = append(conns, jumpConn)\n\n\t\t\tjumpCli, err = createSshClientWithConn(&jumpConfig, jumpConn)\n\t\t\tif err != nil {\n\t\t\t\terr = fmt.Errorf(\"ssh: failed to create jump server SSH client[%d]: %w\", i+1, err)\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\tclis = append(clis, jumpCli)\n\t\t}\n\n\t\t// 通过跳板机发起 TCP 连接到目标服务器\n\t\ttargetConn, err = jumpCli.Dial(\"tcp\", resolveAddr(config.Host, config.Port))\n\t\tif err != nil {\n\t\t\terr = fmt.Errorf(\"ssh: failed to connect to target server: %w\", err)\n\t\t\treturn\n\t\t}\n\n\t\tconns = append(conns, targetConn)\n\t} else {\n\t\t// 直接发起 TCP 连接到目标服务器\n\t\ttargetConn, err = net.Dial(\"tcp\", resolveAddr(config.Host, config.Port))\n\t\tif err != nil {\n\t\t\terr = fmt.Errorf(\"ssh: failed to connect to target server: %w\", err)\n\t\t\treturn\n\t\t}\n\n\t\tconns = append(conns, targetConn)\n\t}\n\n\t// 创建 SSH 客户端\n\ttargetCli, err := createSshClientWithConn(&config.ServerConfig, targetConn)\n\tif err != nil {\n\t\treturn nil, nil, fmt.Errorf(\"ssh: failed to create SSH client: %w\", err)\n\t}\n\n\tclis = append(clis, targetCli)\n\n\treturn conns, clis, nil\n}\n\nfunc createSshClientWithConn(config *ServerConfig, conn net.Conn) (*ssh.Client, error) {\n\tif conn == nil {\n\t\treturn nil, fmt.Errorf(\"ssh: nil conn\")\n\t}\n\n\tauthMethodType := lo.\n\t\tIf(string(config.AuthMethod) != \"\", config.AuthMethod).\n\t\tElseIf(config.Key != \"\", AuthMethodTypeKey).\n\t\tElseIf(config.Password != \"\", AuthMethodTypePassword).\n\t\tElse(AuthMethodTypeNone)\n\tauthMethods := make([]ssh.AuthMethod, 0)\n\tswitch authMethodType {\n\tcase AuthMethodTypeNone:\n\t\t{\n\t\t\tif config.Username == \"\" {\n\t\t\t\treturn nil, fmt.Errorf(\"ssh: unset username\")\n\t\t\t}\n\t\t}\n\n\tcase AuthMethodTypePassword:\n\t\t{\n\t\t\tif config.Username == \"\" {\n\t\t\t\treturn nil, fmt.Errorf(\"ssh: unset username\")\n\t\t\t}\n\t\t\tif config.Password == \"\" {\n\t\t\t\treturn nil, fmt.Errorf(\"ssh: unset password\")\n\t\t\t}\n\n\t\t\tpassword := config.Password\n\t\t\tauthMethods = append(authMethods, ssh.Password(password))\n\t\t\tauthMethods = append(authMethods, ssh.KeyboardInteractive(func(user, instruction string, questions []string, echos []bool) ([]string, error) {\n\t\t\t\tanswers := make([]string, len(questions))\n\t\t\t\tif len(answers) == 0 {\n\t\t\t\t\treturn answers, nil\n\t\t\t\t}\n\n\t\t\t\tfor i, question := range questions {\n\t\t\t\t\tquestion = strings.TrimSpace(strings.TrimSuffix(strings.TrimSpace(question), \":\"))\n\t\t\t\t\tif strings.EqualFold(question, \"Password\") {\n\t\t\t\t\t\tanswers[i] = password\n\t\t\t\t\t\treturn answers, nil\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn nil, fmt.Errorf(\"unexpected keyboard interactive question '%s'\", strings.Join(questions, \", \"))\n\t\t\t}))\n\t\t}\n\n\tcase AuthMethodTypeKey:\n\t\t{\n\t\t\tif config.Username == \"\" {\n\t\t\t\treturn nil, fmt.Errorf(\"ssh: unset username\")\n\t\t\t}\n\t\t\tif config.Key == \"\" {\n\t\t\t\treturn nil, fmt.Errorf(\"ssh: unset key\")\n\t\t\t}\n\n\t\t\tkey := config.Key\n\t\t\tkeyPassphrase := config.KeyPassphrase\n\n\t\t\tvar signer ssh.Signer\n\t\t\tvar err error\n\t\t\tif keyPassphrase != \"\" {\n\t\t\t\tsigner, err = ssh.ParsePrivateKeyWithPassphrase([]byte(key), []byte(keyPassphrase))\n\t\t\t} else {\n\t\t\t\tsigner, err = ssh.ParsePrivateKey([]byte(key))\n\t\t\t}\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"ssh: %w\", err)\n\t\t\t}\n\n\t\t\tauthMethods = append(authMethods, ssh.PublicKeys(signer))\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"ssh: unsupported auth method '%s'\", authMethodType)\n\t}\n\n\taddr := resolveAddr(config.Host, config.Port)\n\tsshConn, chans, reqs, err := ssh.NewClientConn(conn, addr, &ssh.ClientConfig{\n\t\tUser: config.Username,\n\t\tAuth: authMethods,\n\t\tHostKeyCallback: ssh.InsecureIgnoreHostKey(),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"ssh: %w\", err)\n\t}\n\n\treturn ssh.NewClient(sshConn, chans, reqs), nil\n}\n\nfunc resolveAddr(host string, port int) string {\n\tif port == 0 {\n\t\tport = defaultPort\n\t}\n\treturn net.JoinHostPort(host, strconv.Itoa(port))\n}\n"
},
{
"path": "internal/tools/ssh/config.go",
"content": "package ssh\n\nconst (\n\tdefaultPort int = 22\n\tdefaultAuthMethod AuthMethodType = AuthMethodTypeNone\n\tdefaultUsername string = \"root\"\n)\n\ntype ServerConfig struct {\n\tHost string\n\tPort int\n\tAuthMethod AuthMethodType\n\tUsername string\n\tPassword string\n\tKey string\n\tKeyPassphrase string\n}\n\ntype Config struct {\n\tServerConfig\n\tJumpServers []ServerConfig\n}\n\nfunc NewServerConfig() *ServerConfig {\n\treturn &ServerConfig{\n\t\tPort: defaultPort,\n\t\tAuthMethod: defaultAuthMethod,\n\t\tUsername: defaultUsername,\n\t}\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tServerConfig: *NewServerConfig(),\n\t}\n}\n"
},
{
"path": "internal/workflow/dispatcher/deps.go",
"content": "package dispatcher\n\nimport (\n\t\"context\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype workflowRepository interface {\n\tGetById(ctx context.Context, id string) (*domain.Workflow, error)\n\tSave(ctx context.Context, workflow *domain.Workflow) (*domain.Workflow, error)\n}\n\ntype workflowRunRepository interface {\n\tGetById(ctx context.Context, id string) (*domain.WorkflowRun, error)\n\tSave(ctx context.Context, workflowRun *domain.WorkflowRun) (*domain.WorkflowRun, error)\n\tSaveWithCascading(ctx context.Context, workflowRun *domain.WorkflowRun) (*domain.WorkflowRun, error)\n}\n\ntype workflowLogRepository interface {\n\tSave(ctx context.Context, workflowLog *domain.WorkflowLog) (*domain.WorkflowLog, error)\n}\n"
},
{
"path": "internal/workflow/dispatcher/dispatcher.go",
"content": "package dispatcher\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log\"\n\t\"log/slog\"\n\t\"runtime\"\n\t\"runtime/debug\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n\t\"github.com/certimate-go/certimate/internal/workflow/engine\"\n\t\"github.com/certimate-go/certimate/pkg/logging\"\n\txenv \"github.com/certimate-go/certimate/pkg/utils/env\"\n)\n\nvar envMaxWorkers = 1\n\nfunc init() {\n\tenvMaxWorkers = xenv.GetOrDefaultInt(\"CERTIMATE_WORKFLOW_MAX_WORKERS\", runtime.GOMAXPROCS(0))\n\tif envMaxWorkers <= 0 {\n\t\tenvMaxWorkers = max(1, runtime.NumCPU())\n\t}\n}\n\ntype WorkflowDispatcher interface {\n\tGetStatistics() Statistics\n\n\tBootup(ctx context.Context) error\n\tShutdown(ctx context.Context) error\n\tStart(ctx context.Context, runId string) error\n\tCancel(ctx context.Context, runId string) error\n}\n\ntype Statistics struct {\n\tConcurrency int\n\tPendingRunIds []string\n\tProcessingRunIds []string\n}\n\ntype workflowDispatcher struct {\n\tbooted bool\n\tconcurrency int\n\n\ttaskMtx sync.RWMutex\n\tpendingRunQueue []string\n\tprocessingTasks map[string]*taskInfo // Key: RunId\n\n\tworkflowRepo workflowRepository\n\tworkflowRunRepo workflowRunRepository\n\tworkflowLogRepo workflowLogRepository\n\n\tsyslog *slog.Logger\n}\n\nvar _ WorkflowDispatcher = (*workflowDispatcher)(nil)\n\nfunc (wd *workflowDispatcher) GetStatistics() Statistics {\n\twd.taskMtx.RLock()\n\tdefer wd.taskMtx.RUnlock()\n\n\tstats := Statistics{\n\t\tConcurrency: wd.concurrency,\n\t\tPendingRunIds: make([]string, 0),\n\t\tProcessingRunIds: make([]string, 0),\n\t}\n\tfor _, pendingRunId := range wd.pendingRunQueue {\n\t\tstats.PendingRunIds = append(stats.PendingRunIds, pendingRunId)\n\t}\n\tfor _, processingRunId := range wd.processingTasks {\n\t\tstats.ProcessingRunIds = append(stats.ProcessingRunIds, processingRunId.RunId)\n\t}\n\n\treturn stats\n}\n\nfunc (wd *workflowDispatcher) Bootup(ctx context.Context) error {\n\tif wd.booted {\n\t\treturn errors.New(\"could not re-bootup\")\n\t}\n\n\twd.taskMtx.Lock()\n\tdefer wd.taskMtx.Unlock()\n\n\tif _, err := app.GetDB().NewQuery(fmt.Sprintf(\"UPDATE %s SET lastRunStatus = 'canceled' WHERE lastRunStatus = 'pending' OR lastRunStatus = 'processing'\", domain.CollectionNameWorkflow)).Execute(); err != nil {\n\t\treturn err\n\t}\n\tif _, err := app.GetDB().NewQuery(fmt.Sprintf(\"UPDATE %s SET status = 'canceled' WHERE status = 'pending' OR status = 'processing'\", domain.CollectionNameWorkflowRun)).Execute(); err != nil {\n\t\treturn err\n\t}\n\n\twd.booted = true\n\n\treturn nil\n}\n\nfunc (wd *workflowDispatcher) Shutdown(ctx context.Context) error {\n\tif !wd.booted {\n\t\treturn errors.New(\"could not re-shutdown\")\n\t}\n\n\twd.taskMtx.Lock()\n\tdefer wd.taskMtx.Unlock()\n\n\tfor runId, task := range wd.processingTasks {\n\t\ttask.cancel()\n\t\tdelete(wd.processingTasks, runId)\n\t}\n\n\twd.booted = false\n\twd.pendingRunQueue = make([]string, 0)\n\twd.processingTasks = make(map[string]*taskInfo)\n\treturn nil\n}\n\nfunc (wd *workflowDispatcher) Start(ctx context.Context, runId string) error {\n\twd.taskMtx.Lock()\n\tdefer wd.taskMtx.Unlock()\n\n\tif _, exists := wd.processingTasks[runId]; exists {\n\t\treturn fmt.Errorf(\"workflow run %s is already processing\", runId)\n\t}\n\n\tfor _, pendingRunId := range wd.pendingRunQueue {\n\t\tif pendingRunId == runId {\n\t\t\treturn fmt.Errorf(\"workflow run %s is already in the queue\", runId)\n\t\t}\n\t}\n\n\twd.pendingRunQueue = append(wd.pendingRunQueue, runId)\n\tgo func() { wd.tryNextAsync() }()\n\n\treturn nil\n}\n\nfunc (wd *workflowDispatcher) Cancel(ctx context.Context, runId string) error {\n\twd.taskMtx.Lock()\n\tdefer wd.taskMtx.Unlock()\n\n\tworkflowRun, err := wd.workflowRunRepo.GetById(ctx, runId)\n\tif err != nil {\n\t\treturn err\n\t} else if workflowRun.Status != domain.WorkflowRunStatusTypePending && workflowRun.Status != domain.WorkflowRunStatusTypeProcessing {\n\t\treturn fmt.Errorf(\"workrun #%s is already completed\", workflowRun.Id)\n\t}\n\n\tworkflow, err := wd.workflowRepo.GetById(ctx, workflowRun.WorkflowId)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\tworkflowRun.Status = domain.WorkflowRunStatusTypeCanceled\n\tif workflow.LastRunId == workflowRun.Id {\n\t\t_, err := wd.workflowRunRepo.SaveWithCascading(ctx, workflowRun)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t} else {\n\t\t_, err := wd.workflowRunRepo.Save(ctx, workflowRun)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t}\n\n\tif task, exists := wd.processingTasks[runId]; exists {\n\t\ttask.cancel()\n\t\tdelete(wd.processingTasks, runId)\n\n\t\twd.syslog.Info(fmt.Sprintf(\"workrun #%s was canceled\", task.RunId))\n\t}\n\n\tfor i, pendingRunId := range wd.pendingRunQueue {\n\t\tif pendingRunId == runId {\n\t\t\twd.pendingRunQueue = append(wd.pendingRunQueue[:i], wd.pendingRunQueue[i+1:]...)\n\t\t\tbreak\n\t\t}\n\t}\n\n\tgo func() { wd.tryNextAsync() }()\n\n\treturn nil\n}\n\nfunc (wd *workflowDispatcher) tryExecuteAsync(task *taskInfo) {\n\tvar workflow *domain.Workflow\n\tvar workflowRun *domain.WorkflowRun\n\tvar err error\n\n\t// 捕获 panic\n\tdefer func() {\n\t\tif r := recover(); r != nil {\n\t\t\twd.syslog.Error(fmt.Sprintf(\"workflow dispatcher panic: %v\", r), slog.String(\"workflowId\", task.WorkflowId), slog.String(\"runId\", task.RunId))\n\t\t\tslog.Error(fmt.Sprintf(\"workflow dispatcher panic: %v, stack trace: %s\", r, string(debug.Stack())), slog.String(\"workflowId\", task.WorkflowId), slog.String(\"runId\", task.RunId))\n\n\t\t\tif workflowRun != nil {\n\t\t\t\tworkflowRun.Status = domain.WorkflowRunStatusTypeFailed\n\t\t\t\tworkflowRun.EndedAt = time.Now()\n\t\t\t\tworkflowRun.Error = fmt.Sprintf(\"workflow dispatcher panic: %v\", r)\n\t\t\t\tif _, err := wd.workflowRunRepo.SaveWithCascading(context.Background(), workflowRun); err != nil {\n\t\t\t\t\tlog.Default().Println(\"failed to save workflow run after panic\", slog.Any(\"error\", err))\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}()\n\n\t// 尝试继续执行等待队列中的任务\n\tdefer func() {\n\t\twd.taskMtx.Lock()\n\t\tdelete(wd.processingTasks, task.RunId)\n\t\twd.taskMtx.Unlock()\n\n\t\tgo func() { wd.tryNextAsync() }()\n\t}()\n\n\t// 查询运行实体,并级联更新状态\n\tif workflowRun, err = wd.workflowRunRepo.GetById(task.ctx, task.RunId); err != nil {\n\t\tif !(errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded)) {\n\t\t\twd.syslog.Error(fmt.Sprintf(\"failed to get workrun #%s record\", task.RunId), slog.Any(\"error\", err))\n\t\t}\n\t\treturn\n\t} else {\n\t\tif workflowRun.Status == domain.WorkflowRunStatusTypePending {\n\t\t\tworkflowRun.Status = domain.WorkflowRunStatusTypeProcessing\n\t\t\twd.workflowRunRepo.SaveWithCascading(task.ctx, workflowRun)\n\t\t} else {\n\t\t\t// WTF? That should be impossible!\n\t\t\treturn\n\t\t}\n\t}\n\n\t// 查询工作流实体\n\tworkflow, err = wd.workflowRepo.GetById(task.ctx, workflowRun.WorkflowId)\n\tif err != nil {\n\t\twd.syslog.Error(fmt.Sprintf(\"failed to get workflow #%s record\", workflowRun.WorkflowId), slog.Any(\"error\", err))\n\t\treturn\n\t}\n\n\t// 初始化工作流引擎\n\tlogsBuf := make(domain.WorkflowLogs, 0)\n\twe := engine.NewWorkflowEngine()\n\twe.OnEnd(func(ctx context.Context) error {\n\t\tif errmsg := logsBuf.ErrorString(); errmsg == \"\" {\n\t\t\tworkflowRun.Status = domain.WorkflowRunStatusTypeSucceeded\n\t\t\tworkflowRun.EndedAt = time.Now()\n\t\t} else {\n\t\t\tworkflowRun.Status = domain.WorkflowRunStatusTypeFailed\n\t\t\tworkflowRun.EndedAt = time.Now()\n\t\t\tworkflowRun.Error = errmsg\n\t\t}\n\t\twd.workflowRunRepo.SaveWithCascading(task.ctx, workflowRun)\n\n\t\treturn nil\n\t})\n\twe.OnError(func(ctx context.Context, err error) error {\n\t\tif errors.Is(err, context.Canceled) || errors.Is(err, context.DeadlineExceeded) {\n\t\t\tworkflowRun.Status = domain.WorkflowRunStatusTypeCanceled\n\t\t\twd.workflowRunRepo.SaveWithCascading(context.Background(), workflowRun)\n\t\t} else {\n\t\t\tworkflowRun.Status = domain.WorkflowRunStatusTypeFailed\n\t\t\tworkflowRun.EndedAt = time.Now()\n\t\t\tworkflowRun.Error = err.Error()\n\t\t\twd.workflowRunRepo.SaveWithCascading(task.ctx, workflowRun)\n\t\t}\n\n\t\treturn nil\n\t})\n\twe.OnNodeError(func(ctx context.Context, node *engine.Node, err error) error {\n\t\tif errors.Is(err, engine.ErrTerminated) || errors.Is(err, engine.ErrBlocksException) {\n\t\t\treturn nil\n\t\t}\n\n\t\tlog := domain.WorkflowLog{}\n\t\tlog.WorkflowId = task.WorkflowId\n\t\tlog.RunId = task.RunId\n\t\tlog.NodeId = node.Id\n\t\tlog.NodeName = node.Data.Name\n\t\tlog.TimestampMilli = time.Now().UnixMilli()\n\t\tlog.Level = int32(slog.LevelError)\n\t\tlog.Message = err.Error()\n\t\tlog.CreatedAt = time.Now()\n\t\tlogsBuf = append(logsBuf, log)\n\n\t\tif _, err := wd.workflowLogRepo.Save(ctx, &log); err != nil {\n\t\t\twd.syslog.Error(err.Error())\n\t\t}\n\n\t\treturn nil\n\t})\n\twe.OnNodeLogging(func(ctx context.Context, node *engine.Node, record logging.Record) error {\n\t\tlog := domain.WorkflowLog{}\n\t\tlog.WorkflowId = task.WorkflowId\n\t\tlog.RunId = task.RunId\n\t\tlog.NodeId = node.Id\n\t\tlog.NodeName = node.Data.Name\n\t\tlog.TimestampMilli = record.Time.UnixMilli()\n\t\tlog.Level = int32(record.Level)\n\t\tlog.Message = record.Message\n\t\tlog.Data = record.Data()\n\t\tlog.CreatedAt = time.Now()\n\t\tlogsBuf = append(logsBuf, log)\n\n\t\tif _, err := wd.workflowLogRepo.Save(ctx, &log); err != nil {\n\t\t\twd.syslog.Error(err.Error())\n\t\t}\n\n\t\treturn nil\n\t})\n\n\t// 执行工作流\n\twd.syslog.Info(fmt.Sprintf(\"workflow #%s's run #%s started\", task.WorkflowId, task.RunId))\n\twe.Invoke(task.ctx, engine.WorkflowExecution{\n\t\tWorkflowId: workflowRun.WorkflowId,\n\t\tWorkflowName: workflow.Name,\n\t\tRunId: workflowRun.Id,\n\t\tRunTrigger: workflowRun.Trigger,\n\t\tGraph: workflowRun.Graph,\n\t})\n\twd.syslog.Info(fmt.Sprintf(\"workflow #%s's run #%s stopped\", task.WorkflowId, task.RunId))\n}\n\nfunc (wd *workflowDispatcher) tryNextAsync() {\n\twd.taskMtx.RLock()\n\n\tfor _, pendingRunId := range wd.pendingRunQueue {\n\t\tworkflowRun, err := wd.workflowRunRepo.GetById(context.Background(), pendingRunId)\n\t\tif err != nil {\n\t\t\twd.syslog.Error(fmt.Sprintf(\"failed to get workrun #%s record\", pendingRunId), slog.Any(\"error\", err))\n\t\t\tcontinue\n\t\t}\n\n\t\tvar hasSameWorkflowTask bool // 相同 Workflow 的任务同一时间只能有一个 Run 在执行\n\t\tfor _, processingTask := range wd.processingTasks {\n\t\t\tif processingTask.WorkflowId == workflowRun.WorkflowId {\n\t\t\t\thasSameWorkflowTask = true\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\tif hasSameWorkflowTask {\n\t\t\twd.syslog.Warn(fmt.Sprintf(\"workflow #%s's run #%s is pending, because tasks that belonging to the same workflow already exists\", workflowRun.WorkflowId, workflowRun.Id))\n\t\t} else if len(wd.processingTasks) >= wd.concurrency && wd.concurrency > 0 {\n\t\t\twd.syslog.Warn(fmt.Sprintf(\"workflow #%s's run #%s is pending, because the maximum concurrency (limit: %d) has been reached\", workflowRun.WorkflowId, workflowRun.Id, wd.concurrency))\n\t\t} else {\n\t\t\twd.taskMtx.RUnlock()\n\n\t\t\twd.taskMtx.Lock()\n\t\t\tctxRun, ctxCancel := context.WithCancel(context.Background())\n\t\t\ttask := &taskInfo{WorkflowId: workflowRun.WorkflowId, RunId: workflowRun.Id, ctx: ctxRun, cancel: ctxCancel}\n\t\t\twd.pendingRunQueue = lo.Filter(wd.pendingRunQueue, func(s string, _ int) bool { return s != pendingRunId })\n\t\t\twd.processingTasks[pendingRunId] = task\n\t\t\twd.syslog.Info(fmt.Sprintf(\"workflow #%s's run #%s is being dispatched ...\", task.WorkflowId, task.RunId))\n\t\t\twd.taskMtx.Unlock()\n\n\t\t\tgo func() { wd.tryExecuteAsync(task) }()\n\t\t\treturn\n\t\t}\n\t}\n\n\twd.taskMtx.RUnlock()\n}\n\nfunc newWorkflowDispatcher() WorkflowDispatcher {\n\treturn &workflowDispatcher{\n\t\tconcurrency: envMaxWorkers,\n\n\t\tpendingRunQueue: make([]string, 0),\n\t\tprocessingTasks: make(map[string]*taskInfo),\n\n\t\tworkflowRepo: repository.NewWorkflowRepository(),\n\t\tworkflowRunRepo: repository.NewWorkflowRunRepository(),\n\t\tworkflowLogRepo: repository.NewWorkflowLogRepository(),\n\n\t\tsyslog: app.GetLogger(),\n\t}\n}\n"
},
{
"path": "internal/workflow/dispatcher/singleton.go",
"content": "package dispatcher\n\nimport (\n\t\"sync\"\n)\n\nvar (\n\tinstance WorkflowDispatcher\n\tintanceOnce sync.Once\n)\n\nfunc GetSingletonDispatcher() WorkflowDispatcher {\n\tintanceOnce.Do(func() {\n\t\tinstance = newWorkflowDispatcher()\n\t})\n\treturn instance\n}\n"
},
{
"path": "internal/workflow/dispatcher/task.go",
"content": "package dispatcher\n\nimport (\n\t\"context\"\n)\n\ntype taskInfo struct {\n\tWorkflowId string\n\tRunId string\n\n\tctx context.Context\n\tcancel context.CancelFunc\n}\n"
},
{
"path": "internal/workflow/engine/context.go",
"content": "package engine\n\nimport (\n\t\"context\"\n)\n\ntype WorkflowContext struct {\n\tWorkflowId string\n\tRunId string\n\tRunGraph *Graph\n\n\tengine WorkflowEngine\n\tvariables VariableManager\n\tinputs InOutManager\n\n\tctx context.Context\n}\n\nfunc (c *WorkflowContext) SetExecutingWorkflow(workflowId string, runId string, runGraph *Graph) *WorkflowContext {\n\tc.WorkflowId = workflowId\n\tc.RunId = runId\n\tc.RunGraph = runGraph\n\treturn c\n}\n\nfunc (c *WorkflowContext) SetEngine(engine WorkflowEngine) *WorkflowContext {\n\tc.engine = engine\n\treturn c\n}\n\nfunc (c *WorkflowContext) SetVariablesManager(inputs VariableManager) *WorkflowContext {\n\tc.variables = inputs\n\treturn c\n}\n\nfunc (c *WorkflowContext) SetInputsManager(manager InOutManager) *WorkflowContext {\n\tc.inputs = manager\n\treturn c\n}\n\nfunc (c *WorkflowContext) SetContext(ctx context.Context) *WorkflowContext {\n\tc.ctx = ctx\n\treturn c\n}\n\nfunc (c *WorkflowContext) Context() context.Context {\n\treturn c.ctx\n}\n\nfunc (c *WorkflowContext) Clone() *WorkflowContext {\n\treturn &WorkflowContext{\n\t\tWorkflowId: c.WorkflowId,\n\t\tRunId: c.RunId,\n\t\tRunGraph: c.RunGraph,\n\n\t\tengine: c.engine,\n\t\tvariables: c.variables,\n\t\tinputs: c.inputs,\n\n\t\tctx: c.ctx,\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/deps.go",
"content": "package engine\n\nimport (\n\t\"context\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype accessRepository interface {\n\tGetById(ctx context.Context, id string) (*domain.Access, error)\n}\n\ntype certificateRepository interface {\n\tGetById(ctx context.Context, id string) (*domain.Certificate, error)\n\tGetByWorkflowRunIdAndNodeId(ctx context.Context, workflowRunId string, workflowNodeId string) (*domain.Certificate, error)\n\tSave(ctx context.Context, certificate *domain.Certificate) (*domain.Certificate, error)\n}\n\ntype workflowOutputRepository interface {\n\tGetByWorkflowIdAndNodeId(ctx context.Context, workflowId string, workflowNodeId string) (*domain.WorkflowOutput, error)\n\tSave(ctx context.Context, workflowOutput *domain.WorkflowOutput) (*domain.WorkflowOutput, error)\n}\n\ntype settingsRepository interface {\n\tGetByName(ctx context.Context, name string) (*domain.Settings, error)\n}\n"
},
{
"path": "internal/workflow/engine/engine.go",
"content": "package engine\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"runtime/debug\"\n\t\"sync\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n\t\"github.com/certimate-go/certimate/pkg/logging\"\n)\n\ntype WorkflowExecution struct {\n\tWorkflowId string\n\tWorkflowName string\n\tRunId string\n\tRunTrigger domain.WorkflowTriggerType\n\tGraph *Graph\n}\n\ntype WorkflowEngine interface {\n\tInvoke(ctx context.Context, execution WorkflowExecution) error\n\n\tOnStart(callback func(ctx context.Context) error)\n\tOnEnd(callback func(ctx context.Context) error)\n\tOnError(callback func(ctx context.Context, err error) error)\n\tOnNodeStart(callback func(ctx context.Context, node *Node) error)\n\tOnNodeEnd(callback func(ctx context.Context, node *Node, res *NodeExecutionResult) error)\n\tOnNodeError(callback func(ctx context.Context, node *Node, err error) error)\n\tOnNodeLogging(callback func(ctx context.Context, node *Node, log logging.Record) error)\n}\n\ntype workflowEngine struct {\n\texecutors map[NodeType]NodeExecutor\n\n\thooksMtx sync.RWMutex\n\tonStartHooks [](func(ctx context.Context) error)\n\tonEndHooks [](func(ctx context.Context) error)\n\tonErrorHooks [](func(ctx context.Context, err error) error)\n\tonNodeStartHooks [](func(ctx context.Context, node *Node) error)\n\tonNodeEndHooks [](func(ctx context.Context, node *Node, res *NodeExecutionResult) error)\n\tonNodeErrorHooks [](func(ctx context.Context, node *Node, err error) error)\n\tonNodeLoggingHooks [](func(ctx context.Context, node *Node, log logging.Record) error)\n\n\twfoutputRepo workflowOutputRepository\n\n\tsyslog *slog.Logger\n}\n\nvar _ WorkflowEngine = (*workflowEngine)(nil)\n\nfunc (we *workflowEngine) Invoke(ctx context.Context, execution WorkflowExecution) error {\n\tdefer func() {\n\t\tif r := recover(); r != nil {\n\t\t\twe.fireOnErrorHooks(ctx, fmt.Errorf(\"workflow engine panic: %v\", r))\n\t\t\twe.syslog.Error(fmt.Sprintf(\"workflow engine panic: %v\", r), slog.String(\"workflowId\", execution.WorkflowId), slog.String(\"runId\", execution.RunId))\n\t\t\tslog.Error(fmt.Sprintf(\"workflow engine panic: %v, stack trace: %s\", r, string(debug.Stack())), slog.String(\"workflowId\", execution.WorkflowId), slog.String(\"runId\", execution.RunId))\n\t\t}\n\t}()\n\n\twe.fireOnStartHooks(ctx)\n\n\twfIOs := newInOutManager()\n\n\twfVars := newVariableManager()\n\twfVars.Set(stateVarKeyWorkflowId, execution.WorkflowId, stateValTypeString)\n\twfVars.Set(stateVarKeyWorkflowName, execution.WorkflowName, stateValTypeString)\n\twfVars.Set(stateVarKeyRunId, execution.RunId, stateValTypeString)\n\twfVars.Set(stateVarKeyRunTrigger, execution.RunTrigger, stateValTypeString)\n\twfVars.Set(stateVarKeyErrorNodeId, \"\", stateValTypeString)\n\twfVars.Set(stateVarKeyErrorNodeName, \"\", stateValTypeString)\n\twfVars.Set(stateVarKeyErrorMessage, \"\", stateValTypeString)\n\n\twfCtx := (&WorkflowContext{}).\n\t\tSetExecutingWorkflow(execution.WorkflowId, execution.RunId, execution.Graph).\n\t\tSetEngine(we).\n\t\tSetInputsManager(wfIOs).\n\t\tSetVariablesManager(wfVars).\n\t\tSetContext(ctx)\n\tif err := we.executeBlocks(wfCtx, execution.Graph.Nodes); err != nil {\n\t\tif !errors.Is(err, ErrTerminated) {\n\t\t\twe.fireOnErrorHooks(ctx, err)\n\t\t\treturn err\n\t\t}\n\t}\n\n\twe.fireOnEndHooks(ctx)\n\n\treturn nil\n}\n\nfunc (we *workflowEngine) OnStart(callback func(ctx context.Context) error) {\n\twe.hooksMtx.Lock()\n\tdefer we.hooksMtx.Unlock()\n\twe.onStartHooks = append(we.onStartHooks, callback)\n}\n\nfunc (we *workflowEngine) OnEnd(callback func(ctx context.Context) error) {\n\twe.hooksMtx.Lock()\n\tdefer we.hooksMtx.Unlock()\n\twe.onEndHooks = append(we.onEndHooks, callback)\n}\n\nfunc (we *workflowEngine) OnError(callback func(ctx context.Context, err error) error) {\n\twe.hooksMtx.Lock()\n\tdefer we.hooksMtx.Unlock()\n\twe.onErrorHooks = append(we.onErrorHooks, callback)\n}\n\nfunc (we *workflowEngine) OnNodeStart(callback func(ctx context.Context, node *Node) error) {\n\twe.hooksMtx.Lock()\n\tdefer we.hooksMtx.Unlock()\n\twe.onNodeStartHooks = append(we.onNodeStartHooks, callback)\n}\n\nfunc (we *workflowEngine) OnNodeEnd(callback func(ctx context.Context, node *Node, res *NodeExecutionResult) error) {\n\twe.hooksMtx.Lock()\n\tdefer we.hooksMtx.Unlock()\n\twe.onNodeEndHooks = append(we.onNodeEndHooks, callback)\n}\n\nfunc (we *workflowEngine) OnNodeError(callback func(ctx context.Context, node *Node, err error) error) {\n\twe.hooksMtx.Lock()\n\tdefer we.hooksMtx.Unlock()\n\twe.onNodeErrorHooks = append(we.onNodeErrorHooks, callback)\n}\n\nfunc (we *workflowEngine) OnNodeLogging(callback func(ctx context.Context, node *Node, log logging.Record) error) {\n\twe.hooksMtx.Lock()\n\tdefer we.hooksMtx.Unlock()\n\twe.onNodeLoggingHooks = append(we.onNodeLoggingHooks, callback)\n}\n\nfunc (we *workflowEngine) executeNode(wfCtx *WorkflowContext, node *Node) error {\n\texecutor, ok := we.executors[node.Type]\n\tif !ok {\n\t\terr := fmt.Errorf(\"workflow engine: no executor registered for node type: '%s'\", node.Type)\n\t\treturn err\n\t} else {\n\t\tlogger := slog.New(logging.NewHookHandler(&logging.HookHandlerOptions{\n\t\t\tLevel: slog.LevelDebug,\n\t\t\tWriteFunc: func(ctx context.Context, record logging.Record) error {\n\t\t\t\twe.fireOnNodeLoggingHooks(ctx, node, record)\n\t\t\t\treturn nil\n\t\t\t},\n\t\t}))\n\t\texecutor.SetLogger(logger)\n\t}\n\n\twfCtx.variables.SetScoped(node.Id, stateVarKeyNodeId, node.Id, stateValTypeString)\n\twfCtx.variables.SetScoped(node.Id, stateVarKeyNodeName, node.Data.Name, stateValTypeString)\n\n\t// 节点已禁用,直接跳过执行\n\tif node.Data.Disabled {\n\t\treturn nil\n\t}\n\n\twe.fireOnNodeStartHooks(wfCtx.ctx, node)\n\n\texecCtx := newNodeExecutionContext(wfCtx, node)\n\texecRes, err := executor.Execute(execCtx)\n\tif err != nil && !errors.Is(err, ErrTerminated) {\n\t\tif !errors.Is(err, ErrBlocksException) {\n\t\t\twfCtx.variables.Set(stateVarKeyErrorNodeId, node.Id, stateValTypeString)\n\t\t\twfCtx.variables.Set(stateVarKeyErrorNodeName, node.Data.Name, stateValTypeString)\n\t\t\twfCtx.variables.Set(stateVarKeyErrorMessage, err.Error(), stateValTypeString)\n\t\t}\n\n\t\twe.fireOnNodeErrorHooks(wfCtx.ctx, node, err)\n\t\treturn err\n\t}\n\n\twe.fireOnNodeEndHooks(wfCtx.ctx, node, execRes)\n\n\tif execRes != nil {\n\t\tif execRes.Variables != nil {\n\t\t\tfor _, variable := range execRes.Variables {\n\t\t\t\twfCtx.variables.Add(variable)\n\t\t\t}\n\t\t}\n\n\t\tif execRes.Outputs != nil {\n\t\t\tfor _, output := range execRes.Outputs {\n\t\t\t\twfCtx.inputs.Add(output)\n\t\t\t}\n\t\t}\n\n\t\texecOutputs := lo.Filter(execRes.Outputs, func(state InOutState, _ int) bool { return state.Persistent })\n\t\tif execRes.outputForced || len(execOutputs) > 0 {\n\t\t\toutput := &domain.WorkflowOutput{\n\t\t\t\tWorkflowId: execCtx.WorkflowId,\n\t\t\t\tRunId: execCtx.RunId,\n\t\t\t\tNodeId: execCtx.Node.Id,\n\t\t\t\tNodeConfig: execCtx.Node.Data.Config,\n\t\t\t\tSucceeded: true, // TODO: 目前恒为 true\n\t\t\t}\n\t\t\tif len(execOutputs) > 0 {\n\t\t\t\toutput.Outputs = lo.Map(execOutputs, func(state InOutState, _ int) *domain.WorkflowOutputEntry {\n\t\t\t\t\treturn &domain.WorkflowOutputEntry{\n\t\t\t\t\t\tName: state.Name,\n\t\t\t\t\t\tType: state.Type,\n\t\t\t\t\t\tValue: state.ValueString(),\n\t\t\t\t\t\tValueType: state.ValueType,\n\t\t\t\t\t}\n\t\t\t\t})\n\t\t\t}\n\t\t\tif _, err := we.wfoutputRepo.Save(execCtx.Context(), output); err != nil {\n\t\t\t\twe.syslog.Error(\"failed to save node output\", slog.Any(\"error\", err))\n\t\t\t}\n\t\t}\n\n\t\tif execRes.Terminated {\n\t\t\treturn ErrTerminated\n\t\t}\n\t}\n\n\tif err != nil && errors.Is(err, ErrTerminated) {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (we *workflowEngine) executeBlocks(wfCtx *WorkflowContext, blocks []*Node) error {\n\terrs := make([]error, 0)\n\n\tfor _, node := range blocks {\n\t\tselect {\n\t\tcase <-wfCtx.ctx.Done():\n\t\t\treturn wfCtx.ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\terr := we.executeNode(wfCtx, node)\n\t\tif err != nil {\n\t\t\t// 如果当前节点是 TryCatch 节点、且在 CatchBlock 分支中没有 End 节点,\n\t\t\t// 则暂存错误,但继续执行下一个节点,直到当前 Blocks 全部执行完毕。\n\t\t\tif node.Type == NodeTypeTryCatch {\n\t\t\t\tif !errors.Is(err, ErrTerminated) {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn err\n\t\t}\n\t}\n\n\tif len(errs) > 0 {\n\t\tif len(errs) == 1 {\n\t\t\treturn errs[0]\n\t\t}\n\t\treturn errors.Join(errs...)\n\t}\n\n\treturn nil\n}\n\nfunc (we *workflowEngine) fireOnStartHooks(ctx context.Context) {\n\twe.hooksMtx.RLock()\n\tdefer we.hooksMtx.RUnlock()\n\tfor _, cb := range we.onStartHooks {\n\t\tif cbErr := cb(ctx); cbErr != nil {\n\t\t\twe.syslog.Error(\"workflow engine: error in onStart hook\", slog.Any(\"error\", cbErr))\n\t\t}\n\t}\n}\n\nfunc (we *workflowEngine) fireOnEndHooks(ctx context.Context) {\n\twe.hooksMtx.RLock()\n\tdefer we.hooksMtx.RUnlock()\n\tfor _, cb := range we.onEndHooks {\n\t\tif cbErr := cb(ctx); cbErr != nil {\n\t\t\twe.syslog.Error(\"workflow engine: error in onEnd hook\", slog.Any(\"error\", cbErr))\n\t\t}\n\t}\n}\n\nfunc (we *workflowEngine) fireOnErrorHooks(ctx context.Context, err error) {\n\twe.hooksMtx.RLock()\n\tdefer we.hooksMtx.RUnlock()\n\tfor _, cb := range we.onErrorHooks {\n\t\tif cbErr := cb(ctx, err); cbErr != nil {\n\t\t\twe.syslog.Error(\"workflow engine: error in onError hook\", slog.Any(\"error\", cbErr))\n\t\t}\n\t}\n}\n\nfunc (we *workflowEngine) fireOnNodeStartHooks(ctx context.Context, node *Node) {\n\twe.hooksMtx.RLock()\n\tdefer we.hooksMtx.RUnlock()\n\tfor _, cb := range we.onNodeStartHooks {\n\t\tif cbErr := cb(ctx, node); cbErr != nil {\n\t\t\twe.syslog.Error(\"workflow engine: error in onNodeStart hook\", slog.Any(\"error\", cbErr))\n\t\t}\n\t}\n}\n\nfunc (we *workflowEngine) fireOnNodeEndHooks(ctx context.Context, node *Node, result *NodeExecutionResult) {\n\twe.hooksMtx.RLock()\n\tdefer we.hooksMtx.RUnlock()\n\tfor _, cb := range we.onNodeEndHooks {\n\t\tif cbErr := cb(ctx, node, result); cbErr != nil {\n\t\t\twe.syslog.Error(\"workflow engine: error in onNodeEnd hook\", slog.Any(\"error\", cbErr))\n\t\t}\n\t}\n}\n\nfunc (we *workflowEngine) fireOnNodeErrorHooks(ctx context.Context, node *Node, err error) {\n\twe.hooksMtx.RLock()\n\tdefer we.hooksMtx.RUnlock()\n\tfor _, cb := range we.onNodeErrorHooks {\n\t\tif cbErr := cb(ctx, node, err); cbErr != nil {\n\t\t\twe.syslog.Error(\"workflow engine: error in onNodeError hook\", slog.Any(\"error\", cbErr))\n\t\t}\n\t}\n}\n\nfunc (we *workflowEngine) fireOnNodeLoggingHooks(ctx context.Context, node *Node, log logging.Record) {\n\twe.hooksMtx.RLock()\n\tdefer we.hooksMtx.RUnlock()\n\tfor _, cb := range we.onNodeLoggingHooks {\n\t\tif cbErr := cb(ctx, node, log); cbErr != nil {\n\t\t\twe.syslog.Error(\"workflow engine: error in onNodeLogging hook\", slog.Any(\"error\", cbErr))\n\t\t}\n\t}\n}\n\nfunc NewWorkflowEngine() WorkflowEngine {\n\tengine := &workflowEngine{\n\t\texecutors: make(map[NodeType]NodeExecutor),\n\t\twfoutputRepo: repository.NewWorkflowOutputRepository(),\n\t\tsyslog: app.GetLogger(),\n\t}\n\tengine.executors[NodeTypeStart] = newStartNodeExecutor()\n\tengine.executors[NodeTypeEnd] = newEndNodeExecutor()\n\tengine.executors[NodeTypeDelay] = newDelayNodeExecutor()\n\tengine.executors[NodeTypeCondition] = newConditionNodeExecutor()\n\tengine.executors[NodeTypeBranchBlock] = newBranchBlockNodeExecutor()\n\tengine.executors[NodeTypeTryCatch] = newTryCatchNodeExecutor()\n\tengine.executors[NodeTypeTryBlock] = newTryBlockNodeExecutor()\n\tengine.executors[NodeTypeCatchBlock] = newCatchBlockNodeExecutor()\n\tengine.executors[NodeTypeBizApply] = newBizApplyNodeExecutor()\n\tengine.executors[NodeTypeBizUpload] = newBizUploadNodeExecutor()\n\tengine.executors[NodeTypeBizMonitor] = newBizMonitorNodeExecutor()\n\tengine.executors[NodeTypeBizDeploy] = newBizDeployNodeExecutor()\n\tengine.executors[NodeTypeBizNotify] = newBizNotifyNodeExecutor()\n\treturn engine\n}\n"
},
{
"path": "internal/workflow/engine/errors.go",
"content": "package engine\n\nimport (\n\t\"errors\"\n)\n\nvar (\n\t// 表示工作流引擎执行被中断,可能已结束\n\tErrTerminated = errors.New(\"workflow engine: execution was terminated\")\n\t// 表示工作流引擎在执行子节点时发生异常\n\tErrBlocksException = errors.New(\"workflow engine: error occurred when executing blocks\")\n)\n"
},
{
"path": "internal/workflow/engine/executor.go",
"content": "package engine\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n\t\"sync\"\n)\n\ntype NodeExecutor interface {\n\twithLogger\n\n\tExecute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error)\n}\n\ntype nodeExecutor struct {\n\tlogger *slog.Logger\n}\n\nfunc (e *nodeExecutor) SetLogger(logger *slog.Logger) {\n\te.logger = logger\n}\n\ntype NodeExecutionContext struct {\n\tWorkflowContext\n\n\tNode *Node\n}\n\nfunc (c *NodeExecutionContext) SetExecutingWorkflow(workflowId string, runId string, runGraph *Graph) *NodeExecutionContext {\n\tc.WorkflowContext.SetExecutingWorkflow(workflowId, runId, runGraph)\n\treturn c\n}\n\nfunc (c *NodeExecutionContext) SetExecutingNode(node *Node) *NodeExecutionContext {\n\tc.Node = node\n\treturn c\n}\n\nfunc (c *NodeExecutionContext) SetEngine(engine WorkflowEngine) *NodeExecutionContext {\n\tc.WorkflowContext.SetEngine(engine)\n\treturn c\n}\n\nfunc (c *NodeExecutionContext) SetVariablesManager(variables VariableManager) *NodeExecutionContext {\n\tc.WorkflowContext.SetVariablesManager(variables)\n\treturn c\n}\n\nfunc (c *NodeExecutionContext) SetInputsManager(inputs InOutManager) *NodeExecutionContext {\n\tc.WorkflowContext.SetInputsManager(inputs)\n\treturn c\n}\n\nfunc (c *NodeExecutionContext) SetContext(ctx context.Context) *NodeExecutionContext {\n\tc.WorkflowContext.SetContext(ctx)\n\treturn c\n}\n\nfunc newNodeExecutionContext(wfCtx *WorkflowContext, node *Node) *NodeExecutionContext {\n\treturn (&NodeExecutionContext{}).\n\t\tSetExecutingWorkflow(wfCtx.WorkflowId, wfCtx.RunId, wfCtx.RunGraph).\n\t\tSetExecutingNode(node).\n\t\tSetEngine(wfCtx.engine).\n\t\tSetVariablesManager(wfCtx.variables).\n\t\tSetInputsManager(wfCtx.inputs).\n\t\tSetContext(wfCtx.ctx)\n}\n\ntype NodeExecutionResult struct {\n\tnode *Node\n\n\tTerminated bool // 是否终止执行(通常由 End 节点主动触发)\n\n\tvariablesMtx sync.Mutex\n\tVariables []VariableState\n\n\toutputForced bool // 即使 Outputs 为空,也强制持久化输出\n\toutputsMtx sync.Mutex\n\tOutputs []InOutState\n}\n\nfunc (r *NodeExecutionResult) AddVariable(key string, value any, valueType string) {\n\tr.AddVariableWithScope(\"\", key, value, valueType)\n}\n\nfunc (r *NodeExecutionResult) AddVariableWithScope(scope string, key string, value any, valueType string) {\n\tr.addVariableState(VariableState{\n\t\tScope: scope,\n\t\tKey: key,\n\t\tValue: value,\n\t\tValueType: valueType,\n\t})\n}\n\nfunc (r *NodeExecutionResult) addVariableState(state VariableState) {\n\tr.variablesMtx.Lock()\n\tdefer r.variablesMtx.Unlock()\n\n\tif r.Variables == nil {\n\t\tr.Variables = make([]VariableState, 0)\n\t}\n\n\tfor i, item := range r.Variables {\n\t\tif item.Scope == state.Scope && item.Key == state.Key {\n\t\t\tr.Variables[i] = state\n\t\t\treturn\n\t\t}\n\t}\n\tr.Variables = append(r.Variables, state)\n}\n\nfunc (r *NodeExecutionResult) AddOutput(stype string, key string, value any, valueType string) {\n\tr.addOutputState(InOutState{\n\t\tNodeId: r.node.Id,\n\t\tType: stype,\n\t\tName: key,\n\t\tValue: value,\n\t\tValueType: valueType,\n\t\tPersistent: false,\n\t})\n}\n\nfunc (r *NodeExecutionResult) AddOutputWithPersistent(stype string, key string, value any, valueType string) {\n\tr.addOutputState(InOutState{\n\t\tNodeId: r.node.Id,\n\t\tType: stype,\n\t\tName: key,\n\t\tValue: value,\n\t\tValueType: valueType,\n\t\tPersistent: true,\n\t})\n}\n\nfunc (r *NodeExecutionResult) addOutputState(state InOutState) {\n\tr.outputsMtx.Lock()\n\tdefer r.outputsMtx.Unlock()\n\n\tif r.Outputs == nil {\n\t\tr.Outputs = make([]InOutState, 0)\n\t}\n\n\tfor i, t := range r.Outputs {\n\t\tif t.NodeId == state.NodeId && t.Name == state.Name {\n\t\t\tr.Outputs[i] = state\n\t\t\treturn\n\t\t}\n\t}\n\tr.Outputs = append(r.Outputs, state)\n}\n\nfunc newNodeExecutionResult(node *Node) *NodeExecutionResult {\n\treturn &NodeExecutionResult{\n\t\tnode: node,\n\t\tVariables: make([]VariableState, 0),\n\t\tOutputs: make([]InOutState, 0),\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_bizapply.go",
"content": "package engine\n\nimport (\n\t\"crypto/x509\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"maps\"\n\t\"math\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\tlegocertifier \"github.com/go-acme/lego/v4/certificate\"\n\t\"github.com/go-acme/lego/v4/lego\"\n\tlegolog \"github.com/go-acme/lego/v4/log\"\n\t\"github.com/samber/lo\"\n\t\"github.com/xhit/go-str2duration/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/certacme\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n\t\"github.com/certimate-go/certimate/internal/tools/mproc\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcertkey \"github.com/certimate-go/certimate/pkg/utils/cert/key\"\n\txenv \"github.com/certimate-go/certimate/pkg/utils/env\"\n)\n\nvar envMultiProc = true\n\nfunc init() {\n\tenvMultiProc = xenv.GetOrDefaultBool(\"CERTIMATE_WORKFLOW_MULTIPROC\", true)\n}\n\nconst (\n\tBizApplyKeySourceAuto = \"auto\"\n\tBizApplyKeySourceReuse = \"reuse\"\n\tBizApplyKeySourceCustom = \"custom\"\n)\n\n/**\n * Outputs:\n * - ref: \"certificate\": string\n *\n * Variables:\n * - \"node.skipped\": boolean\n * - \"certificate.commanName\": string\n * - \"certificate.subjectAltNames\": string\n * - \"certificate.notBefore\": datetime\n * - \"certificate.notAfter\": datetime\n * - \"certificate.hoursLeft\": number\n * - \"certificate.daysLeft\": number\n * - \"certificate.validity\": boolean\n */\ntype bizApplyNodeExecutor struct {\n\tnodeExecutor\n\n\taccessRepo accessRepository\n\tcertificateRepo certificateRepository\n\twfoutputRepo workflowOutputRepository\n}\n\nfunc (ne *bizApplyNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tnodeCfg := execCtx.Node.Data.Config.AsBizApply()\n\tne.logger.Info(\"ready to request certificate ...\", slog.Any(\"config\", nodeCfg))\n\n\t// 查询上次执行结果\n\tlastOutput, lastCertificate, err := ne.getLastOutputArtifacts(execCtx)\n\tif err != nil {\n\t\treturn execRes, err\n\t} else {\n\t\tif lastOutput != nil {\n\t\t\tne.logger.Info(fmt.Sprintf(\"found last node output #%s record\", lastOutput.RunId))\n\t\t}\n\n\t\tif lastCertificate != nil {\n\t\t\tne.setOuputsOfResult(execCtx, execRes, lastCertificate, false)\n\t\t\tne.setVariablesOfResult(execCtx, execRes, lastCertificate)\n\t\t\tne.logger.Info(fmt.Sprintf(\"found last certificate #%s record\", lastCertificate.Id))\n\t\t}\n\t}\n\n\t// 检测是否可以跳过本次执行\n\tif skippable, reason := ne.checkCanSkip(execCtx, lastOutput, lastCertificate); skippable {\n\t\tne.logger.Info(fmt.Sprintf(\"skip this application, because %s\", reason))\n\n\t\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyNodeSkipped, true, stateValTypeBoolean)\n\t\treturn execRes, nil\n\t} else {\n\t\tif reason != \"\" {\n\t\t\tne.logger.Info(fmt.Sprintf(\"re-apply, because %s\", reason))\n\t\t} else {\n\t\t\tne.logger.Info(\"no found last requested certificate, begin to apply\")\n\t\t}\n\n\t\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyNodeSkipped, false, stateValTypeBoolean)\n\t}\n\n\t// 申请证书\n\tobtainResp, err := ne.executeObtain(execCtx, &nodeCfg, lastCertificate)\n\tif err != nil {\n\t\treturn execRes, err\n\t}\n\n\t// 保存证书实体\n\tcertificate := &domain.Certificate{\n\t\tSource: domain.CertificateSourceTypeRequest,\n\t\tCertificate: obtainResp.FullChainCertificate,\n\t\tPrivateKey: obtainResp.PrivateKey,\n\t\tIssuerCertificate: obtainResp.IssuerCertificate,\n\t\tACMEAcctUrl: obtainResp.ACMEAcctUrl,\n\t\tACMECertUrl: obtainResp.ACMECertUrl,\n\t\tWorkflowId: execCtx.WorkflowId,\n\t\tWorkflowRunId: execCtx.RunId,\n\t\tWorkflowNodeId: execCtx.Node.Id,\n\t}\n\tcertificate.PopulateFromPEM(obtainResp.FullChainCertificate, obtainResp.PrivateKey)\n\tif certificate, err := ne.certificateRepo.Save(execCtx.Context(), certificate); err != nil {\n\t\tne.logger.Warn(\"could not save certificate\")\n\t\treturn execRes, err\n\t} else {\n\t\tne.logger.Info(\"certificate saved\", slog.String(\"recordId\", certificate.Id))\n\t}\n\n\t// 保存 ARI 替换状态\n\tif lastCertificate != nil && obtainResp.ARIReplaced {\n\t\tlastCertificate.IsRenewed = true\n\t\tne.certificateRepo.Save(execCtx.Context(), lastCertificate)\n\t}\n\n\t// 节点输出\n\tne.setOuputsOfResult(execCtx, execRes, certificate, true)\n\tne.setVariablesOfResult(execCtx, execRes, certificate)\n\n\tne.logger.Info(\"application completed\")\n\treturn execRes, nil\n}\n\nfunc (ne *bizApplyNodeExecutor) getLastOutputArtifacts(execCtx *NodeExecutionContext) (*domain.WorkflowOutput, *domain.Certificate, error) {\n\tlastOutput, err := ne.wfoutputRepo.GetByWorkflowIdAndNodeId(execCtx.Context(), execCtx.WorkflowId, execCtx.Node.Id)\n\tif err != nil && !domain.IsRecordNotFoundError(err) {\n\t\treturn nil, nil, fmt.Errorf(\"failed to get last output record of node #%s: %w\", execCtx.Node.Id, err)\n\t}\n\n\tif lastOutput != nil {\n\t\tlastCertificate, err := ne.certificateRepo.GetByWorkflowRunIdAndNodeId(execCtx.Context(), lastOutput.RunId, lastOutput.NodeId)\n\t\tif err != nil && !domain.IsRecordNotFoundError(err) {\n\t\t\treturn lastOutput, nil, fmt.Errorf(\"failed to get last certificate record of node #%s: %w\", execCtx.Node.Id, err)\n\t\t}\n\n\t\treturn lastOutput, lastCertificate, nil\n\t}\n\n\treturn lastOutput, nil, nil\n}\n\nfunc (ne *bizApplyNodeExecutor) checkCanSkip(execCtx *NodeExecutionContext, lastOutput *domain.WorkflowOutput, lastCertificate *domain.Certificate) (_skip bool, _reason string) {\n\tthisNodeCfg := execCtx.Node.Data.Config.AsBizApply()\n\n\tif lastOutput != nil && lastOutput.Succeeded {\n\t\t// 比较和上次申请时的关键配置(即影响证书签发的)参数是否一致\n\t\tlastNodeCfg := lastOutput.NodeConfig.AsBizApply()\n\n\t\tif !slices.Equal(thisNodeCfg.Domains, lastNodeCfg.Domains) {\n\t\t\treturn false, \"the configuration item 'Domains' changed\"\n\t\t}\n\t\tif !slices.Equal(thisNodeCfg.IPAddrs, lastNodeCfg.IPAddrs) {\n\t\t\treturn false, \"the configuration item 'IPAddrs' changed\"\n\t\t}\n\t\tif thisNodeCfg.ContactEmail != lastNodeCfg.ContactEmail {\n\t\t\treturn false, \"the configuration item 'ContactEmail' changed\"\n\t\t}\n\t\tif thisNodeCfg.Provider != lastNodeCfg.Provider {\n\t\t\treturn false, \"the configuration item 'Provider' changed\"\n\t\t}\n\t\tif thisNodeCfg.ProviderAccessId != lastNodeCfg.ProviderAccessId {\n\t\t\treturn false, \"the configuration item 'ProviderAccessId' changed\"\n\t\t}\n\t\tif !maps.Equal(thisNodeCfg.ProviderConfig, lastNodeCfg.ProviderConfig) {\n\t\t\treturn false, \"the configuration item 'ProviderConfig' changed\"\n\t\t}\n\t\tif thisNodeCfg.CAProvider != lastNodeCfg.CAProvider {\n\t\t\treturn false, \"the configuration item 'CAProvider' changed\"\n\t\t}\n\t\tif thisNodeCfg.CAProviderAccessId != lastNodeCfg.CAProviderAccessId {\n\t\t\treturn false, \"the configuration item 'CAProviderAccessId' changed\"\n\t\t}\n\t\tif !maps.Equal(thisNodeCfg.CAProviderConfig, lastNodeCfg.CAProviderConfig) {\n\t\t\treturn false, \"the configuration item 'CAProviderConfig' changed\"\n\t\t}\n\t\tif thisNodeCfg.KeyAlgorithm != lastNodeCfg.KeyAlgorithm {\n\t\t\treturn false, \"the configuration item 'KeyAlgorithm' changed\"\n\t\t}\n\t\tif thisNodeCfg.KeySource == BizApplyKeySourceCustom && thisNodeCfg.KeyContent != lastNodeCfg.KeyContent {\n\t\t\treturn false, \"the configuration item 'KeyContent' changed\"\n\t\t}\n\t\tif thisNodeCfg.ValidityLifetime != lastNodeCfg.ValidityLifetime {\n\t\t\treturn false, \"the configuration item 'ValidityLifetime' changed\"\n\t\t}\n\t\tif thisNodeCfg.PreferredChain != lastNodeCfg.PreferredChain {\n\t\t\treturn false, \"the configuration item 'PreferredChain' changed\"\n\t\t}\n\t\tif thisNodeCfg.ACMEProfile != lastNodeCfg.ACMEProfile {\n\t\t\treturn false, \"the configuration item 'ACMEProfile' changed\"\n\t\t}\n\t\tif thisNodeCfg.DisableCommonName != lastNodeCfg.DisableCommonName {\n\t\t\treturn false, \"the configuration item 'DisableCommonName' changed\"\n\t\t}\n\t}\n\n\tif lastCertificate != nil {\n\t\tif lastCertificate.IsRevoked {\n\t\t\treturn false, \"the last requested certificate has been revoked\"\n\t\t}\n\n\t\trenewalInterval := time.Duration(thisNodeCfg.SkipBeforeExpiryDays) * time.Hour * 24\n\t\texpirationTime := time.Until(lastCertificate.ValidityNotAfter)\n\t\tdaysLeft := int(math.Floor(expirationTime.Hours() / 24))\n\t\tif expirationTime > renewalInterval {\n\t\t\treturn true, fmt.Sprintf(\"the last requested certificate expires in %d day(s), next renewal will be in %d day(s)\", daysLeft, thisNodeCfg.SkipBeforeExpiryDays)\n\t\t}\n\n\t\treturn false, fmt.Sprintf(\"the last requested certificate expires in %d day(s), the renewal window period has been reached\", daysLeft)\n\t}\n\n\treturn false, \"\"\n}\n\nfunc (ne *bizApplyNodeExecutor) executeObtain(execCtx *NodeExecutionContext, nodeCfg *domain.WorkflowNodeConfigForBizApply, lastCertificate *domain.Certificate) (*certacme.ObtainCertificateResponse, error) {\n\t// 读取私钥算法\n\t// 如果复用私钥,则保持算法一致\n\tlegoKeyType, err := domain.CertificateKeyAlgorithmType(nodeCfg.KeyAlgorithm).KeyType()\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tswitch nodeCfg.KeySource {\n\t\tcase BizApplyKeySourceAuto:\n\t\t\tbreak\n\t\tcase BizApplyKeySourceReuse:\n\t\t\tif lastCertificate != nil {\n\t\t\t\tlegoKeyType, _ = lastCertificate.KeyAlgorithm.KeyType()\n\t\t\t}\n\t\tcase BizApplyKeySourceCustom:\n\t\t\tprivkey, err := xcert.ParsePrivateKeyFromPEM(nodeCfg.KeyContent)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"could not parse custom private key: %w\", err)\n\t\t\t} else {\n\t\t\t\tprivkeyAlg, privkeySize, _ := xcertkey.GetPrivateKeyAlgorithm(privkey)\n\t\t\t\tswitch privkeyAlg {\n\t\t\t\tcase x509.RSA:\n\t\t\t\t\tif nodeCfg.KeyAlgorithm != fmt.Sprintf(\"RSA%d\", privkeySize) {\n\t\t\t\t\t\treturn nil, fmt.Errorf(\"could not parse custom private key: unsupported algorithm or key size\")\n\t\t\t\t\t}\n\t\t\t\tcase x509.ECDSA:\n\t\t\t\t\tif nodeCfg.KeyAlgorithm != fmt.Sprintf(\"EC%d\", privkeySize) {\n\t\t\t\t\t\treturn nil, fmt.Errorf(\"could not parse custom private key: unsupported algorithm or key size\")\n\t\t\t\t\t}\n\t\t\t\tdefault:\n\t\t\t\t\treturn nil, fmt.Errorf(\"could not parse custom private key: unsupported algorithm\")\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t// 读取质询提供商授权\n\tproviderAccessConfig := make(map[string]any)\n\tif nodeCfg.ProviderAccessId != \"\" {\n\t\tif access, err := ne.accessRepo.GetById(execCtx.Context(), nodeCfg.ProviderAccessId); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to get access #%s record: %w\", nodeCfg.ProviderAccessId, err)\n\t\t} else {\n\t\t\tproviderAccessConfig = access.Config\n\t\t}\n\t}\n\n\t// 读取证书颁发机构授权\n\tcaAccessConfig := make(map[string]any)\n\tif nodeCfg.CAProviderAccessId != \"\" {\n\t\tif access, err := ne.accessRepo.GetById(execCtx.Context(), nodeCfg.CAProviderAccessId); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to get access #%s record: %w\", nodeCfg.CAProviderAccessId, err)\n\t\t} else {\n\t\t\tcaAccessConfig = access.Config\n\t\t}\n\t}\n\n\t// 初始化 ACME 配置项\n\tlegoOptions := &certacme.ACMEConfigOptions{\n\t\tCAProvider: nodeCfg.CAProvider,\n\t\tCAAccessConfig: caAccessConfig,\n\t\tCAProviderConfig: nodeCfg.CAProviderConfig,\n\t\tCertifierKeyType: legoKeyType,\n\t}\n\tlegoConfig, err := certacme.NewACMEConfig(legoOptions)\n\tif err != nil {\n\t\tne.logger.Warn(\"could not initialize acme config\")\n\t\treturn nil, err\n\t} else {\n\t\tne.logger.Info(\"acme config initialized\", slog.String(\"acmeDirUrl\", legoConfig.CADirUrl))\n\t}\n\n\t// 初始化 ACME 账户\n\t// 注意此步骤仍需在主进程中进行,以保证并发安全\n\tlegoUser, err := certacme.NewACMEAccountWithSingleFlight(legoConfig, nodeCfg.ContactEmail)\n\tif err != nil {\n\t\tne.logger.Warn(\"could not initialize acme account\")\n\t\treturn nil, err\n\t} else {\n\t\tne.logger.Info(\"acme account initialized\", slog.String(\"acmeAcctUrl\", legoUser.ACMEAcctUrl))\n\t}\n\n\t// 构造证书申请请求\n\tlegoDomains := make([]string, 0)\n\tlegoDomains = append(legoDomains, nodeCfg.Domains...)\n\tlegoDomains = append(legoDomains, nodeCfg.IPAddrs...)\n\tobtainReq := &certacme.ObtainCertificateRequest{\n\t\tDomainOrIPs: legoDomains,\n\t\tPrivateKeyType: legoKeyType,\n\t\tPrivateKeyPEM: lo.\n\t\t\tIf(nodeCfg.KeySource == BizApplyKeySourceAuto, \"\").\n\t\t\tElseF(func() string {\n\t\t\t\tswitch nodeCfg.KeySource {\n\t\t\t\tcase BizApplyKeySourceReuse:\n\t\t\t\t\tif lastCertificate != nil {\n\t\t\t\t\t\treturn lastCertificate.PrivateKey\n\t\t\t\t\t}\n\t\t\t\tcase BizApplyKeySourceCustom:\n\t\t\t\t\treturn nodeCfg.KeyContent\n\t\t\t\t}\n\t\t\t\treturn \"\"\n\t\t\t}),\n\t\tValidityNotAfter: lo.\n\t\t\tIf(nodeCfg.ValidityLifetime == \"\", time.Time{}).\n\t\t\tElseF(func() time.Time {\n\t\t\t\tduration, err := str2duration.ParseDuration(nodeCfg.ValidityLifetime)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn time.Time{}\n\t\t\t\t}\n\t\t\t\treturn time.Now().Add(duration)\n\t\t\t}),\n\t\tNoCommonName: nodeCfg.DisableCommonName,\n\t\tChallengeType: nodeCfg.ChallengeType,\n\t\tProvider: nodeCfg.Provider,\n\t\tProviderAccessConfig: providerAccessConfig,\n\t\tProviderExtendedConfig: nodeCfg.ProviderConfig,\n\t\tDisableFollowCNAME: nodeCfg.DisableFollowCNAME,\n\t\tNameservers: nodeCfg.Nameservers,\n\t\tDnsPropagationWait: nodeCfg.DnsPropagationWait,\n\t\tDnsPropagationTimeout: nodeCfg.DnsPropagationTimeout,\n\t\tDnsTTL: nodeCfg.DnsTTL,\n\t\tHttpDelayWait: nodeCfg.HttpDelayWait,\n\t\tPreferredChain: nodeCfg.PreferredChain,\n\t\tACMEProfile: nodeCfg.ACMEProfile,\n\t\tARIReplacesAcctUrl: lo.\n\t\t\tIf(nodeCfg.DisableARI || lastCertificate == nil, \"\").\n\t\t\tElseF(func() string {\n\t\t\t\tif lastCertificate.IsRenewed {\n\t\t\t\t\treturn \"\"\n\t\t\t\t}\n\t\t\t\treturn lastCertificate.ACMEAcctUrl\n\t\t\t}),\n\t\tARIReplacesCertId: lo.\n\t\t\tIf(nodeCfg.DisableARI || lastCertificate == nil, \"\").\n\t\t\tElseF(func() string {\n\t\t\t\tif lastCertificate.IsRenewed {\n\t\t\t\t\treturn \"\"\n\t\t\t\t}\n\n\t\t\t\tnewCertSan := slices.Clone(nodeCfg.Domains)\n\t\t\t\toldCertSan := strings.Split(lastCertificate.SubjectAltNames, \";\")\n\t\t\t\tslices.Sort(newCertSan)\n\t\t\t\tslices.Sort(oldCertSan)\n\t\t\t\tif !slices.Equal(newCertSan, oldCertSan) {\n\t\t\t\t\treturn \"\"\n\t\t\t\t}\n\n\t\t\t\toldCertX509, err := xcert.ParseCertificateFromPEM(lastCertificate.Certificate)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn \"\"\n\t\t\t\t}\n\n\t\t\t\toldARICertId, _ := legocertifier.MakeARICertID(oldCertX509)\n\t\t\t\treturn oldARICertId\n\t\t\t}),\n\t}\n\n\t// 如果启用多进程模式,发送指令\n\tif envMultiProc {\n\t\ttype InData struct {\n\t\t\tAccount *certacme.ACMEAccount `json:\"account,omitempty\"`\n\t\t\tRequest *certacme.ObtainCertificateRequest `json:\"request,omitempty\"`\n\t\t}\n\n\t\ttype OutData struct {\n\t\t\tResponse *certacme.ObtainCertificateResponse `json:\"response\"`\n\t\t}\n\n\t\tmsender := mproc.NewSender[InData, OutData](\"certapply\", ne.logger)\n\t\tmoutput, err := msender.SendWithContext(execCtx.Context(), &InData{\n\t\t\tAccount: legoUser,\n\t\t\tRequest: obtainReq,\n\t\t})\n\t\tif err != nil {\n\t\t\tne.logger.Warn(\"could not obtain certificate\")\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif moutput.Response != nil {\n\t\t\treturn moutput.Response, nil\n\t\t} else {\n\t\t\tpanic(\"unreachable\")\n\t\t}\n\t}\n\n\t// 初始化 ACME 客户端\n\tlegolog.Logger = certacme.NewLegoLogger(app.GetLogger())\n\tlegoClient, err := certacme.NewACMEClientWithAccount(legoUser, func(c *lego.Config) error {\n\t\tc.UserAgent = app.AppUserAgent\n\t\tc.Certificate.KeyType = legoKeyType\n\t\tc.Certificate.DisableCommonName = obtainReq.NoCommonName\n\t\treturn nil\n\t})\n\tif err != nil {\n\t\tne.logger.Warn(\"could not initialize acme client\")\n\t\treturn nil, err\n\t}\n\n\t// 执行申请证书请求\n\tobtainResp, err := legoClient.ObtainCertificate(execCtx.Context(), obtainReq)\n\tif err != nil {\n\t\tne.logger.Warn(\"could not obtain certificate\")\n\t\treturn nil, err\n\t}\n\n\treturn obtainResp, nil\n}\n\nfunc (ne *bizApplyNodeExecutor) setOuputsOfResult(execCtx *NodeExecutionContext, execRes *NodeExecutionResult, certificate *domain.Certificate, persistent bool) {\n\tif certificate != nil {\n\t\tkey := \"certificate\"\n\t\tvalue := fmt.Sprintf(\"%s#%s\", domain.CollectionNameCertificate, certificate.Id)\n\t\tif persistent {\n\t\t\texecRes.AddOutputWithPersistent(stateIOTypeRef, key, value, stateValTypeString)\n\t\t} else {\n\t\t\texecRes.AddOutput(stateIOTypeRef, key, value, stateValTypeString)\n\t\t}\n\t}\n}\n\nfunc (ne *bizApplyNodeExecutor) setVariablesOfResult(execCtx *NodeExecutionContext, execRes *NodeExecutionResult, certificate *domain.Certificate) {\n\tvar vCommonName string\n\tvar vSubjectAltNames string\n\tvar vNotBefore time.Time\n\tvar vNotAfter time.Time\n\tvar vHoursLeft int32\n\tvar vDaysLeft int32\n\tvar vValidity bool\n\n\tif certificate != nil {\n\t\tvCommonName = strings.Split(certificate.SubjectAltNames, \";\")[0]\n\t\tvSubjectAltNames = certificate.SubjectAltNames\n\t\tvNotBefore = certificate.ValidityNotBefore\n\t\tvNotAfter = certificate.ValidityNotAfter\n\t\tvHoursLeft = int32(math.Floor(time.Until(certificate.ValidityNotAfter).Hours()))\n\t\tvDaysLeft = int32(math.Floor(time.Until(certificate.ValidityNotAfter).Hours() / 24))\n\t\tvValidity = certificate.ValidityNotAfter.After(time.Now())\n\t}\n\n\texecRes.AddVariable(stateVarKeyCertificateDomain, vCommonName, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateDomains, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateCommonName, vCommonName, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateSubjectAltNames, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateNotBefore, vNotBefore, stateValTypeDateTime)\n\texecRes.AddVariable(stateVarKeyCertificateNotAfter, vNotAfter, stateValTypeDateTime)\n\texecRes.AddVariable(stateVarKeyCertificateHoursLeft, vHoursLeft, stateValTypeNumber)\n\texecRes.AddVariable(stateVarKeyCertificateDaysLeft, vDaysLeft, stateValTypeNumber)\n\texecRes.AddVariable(stateVarKeyCertificateValidity, vValidity, stateValTypeBoolean)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDomain, vCommonName, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDomains, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateCommonName, vCommonName, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateSubjectAltNames, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateNotBefore, vNotBefore, stateValTypeDateTime)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateNotAfter, vNotAfter, stateValTypeDateTime)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateHoursLeft, vHoursLeft, stateValTypeNumber)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDaysLeft, vDaysLeft, stateValTypeNumber)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateValidity, vValidity, stateValTypeBoolean)\n}\n\nfunc newBizApplyNodeExecutor() NodeExecutor {\n\treturn &bizApplyNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t\taccessRepo: repository.NewAccessRepository(),\n\t\tcertificateRepo: repository.NewCertificateRepository(),\n\t\twfoutputRepo: repository.NewWorkflowOutputRepository(),\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_bizdeploy.go",
"content": "package engine\n\nimport (\n\t\"fmt\"\n\t\"log/slog\"\n\t\"maps\"\n\t\"strings\"\n\n\t\"github.com/certimate-go/certimate/internal/certmgmt\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n)\n\n/**\n * Inputs:\n * - ref: \"certificate\": string\n *\n * Variables:\n * - \"node.skipped\": boolean\n */\ntype bizDeployNodeExecutor struct {\n\tnodeExecutor\n\n\taccessRepo accessRepository\n\tcertificateRepo certificateRepository\n\twfoutputRepo workflowOutputRepository\n}\n\nfunc (ne *bizDeployNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tnodeCfg := execCtx.Node.Data.Config.AsBizDeploy()\n\tne.logger.Info(\"ready to deploy certificate ...\", slog.Any(\"config\", nodeCfg))\n\n\t// 查询上次执行结果\n\tlastOutput, err := ne.getLastOutputArtifacts(execCtx)\n\tif err != nil {\n\t\treturn execRes, err\n\t} else {\n\t\tif lastOutput != nil {\n\t\t\tne.logger.Info(fmt.Sprintf(\"found last node output #%s record\", lastOutput.RunId))\n\t\t}\n\t}\n\n\t// 获取前序节点输出证书\n\tvar inputCertificate *domain.Certificate\n\tif inputState, ok := execCtx.inputs.Get(nodeCfg.CertificateOutputNodeId, \"certificate\"); ok {\n\t\tif inputStateValue, ok := inputState.Value.(string); ok {\n\t\t\ts := strings.Split(inputStateValue, \"#\")\n\t\t\tif len(s) == 2 {\n\t\t\t\tcertificate, err := ne.certificateRepo.GetById(execCtx.Context(), s[1])\n\t\t\t\tif err != nil {\n\t\t\t\t\tne.logger.Warn(\"could not get input certificate\")\n\t\t\t\t\treturn execRes, err\n\t\t\t\t}\n\n\t\t\t\tinputCertificate = certificate\n\t\t\t}\n\t\t}\n\t}\n\tif inputCertificate == nil {\n\t\treturn execRes, fmt.Errorf(\"invalid input certificate\")\n\t}\n\n\t// 检测是否可以跳过本次执行\n\tif lastOutput != nil && inputCertificate.CreatedAt.Before(lastOutput.UpdatedAt) {\n\t\tif skippable, reason := ne.checkCanSkip(execCtx, lastOutput); skippable {\n\t\t\tne.logger.Info(fmt.Sprintf(\"skip this deployment, because %s\", reason))\n\n\t\t\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyNodeSkipped, true, stateValTypeBoolean)\n\t\t\treturn execRes, nil\n\t\t} else if reason != \"\" {\n\t\t\tne.logger.Info(fmt.Sprintf(\"re-deploy, because %s\", reason))\n\n\t\t\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyNodeSkipped, false, stateValTypeBoolean)\n\t\t}\n\t} else {\n\t\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyNodeSkipped, false, stateValTypeBoolean)\n\t}\n\n\t// 读取部署提供商授权\n\tproviderAccessConfig := make(map[string]any)\n\tif nodeCfg.ProviderAccessId != \"\" {\n\t\tif access, err := ne.accessRepo.GetById(execCtx.Context(), nodeCfg.ProviderAccessId); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to get access #%s record: %w\", nodeCfg.ProviderAccessId, err)\n\t\t} else {\n\t\t\tproviderAccessConfig = access.Config\n\t\t}\n\t}\n\n\t// 部署证书\n\tdeployer := certmgmt.NewClient(certmgmt.WithLogger(ne.logger))\n\tdeployReq := &certmgmt.DeployCertificateRequest{\n\t\tProvider: nodeCfg.Provider,\n\t\tProviderAccessConfig: providerAccessConfig,\n\t\tProviderExtendedConfig: nodeCfg.ProviderConfig,\n\t\tCertificate: inputCertificate.Certificate,\n\t\tPrivateKey: inputCertificate.PrivateKey,\n\t}\n\tif _, err := deployer.DeployCertificate(execCtx.Context(), deployReq); err != nil {\n\t\tne.logger.Warn(\"could not deploy certificate\")\n\t\treturn execRes, err\n\t}\n\n\t// 节点输出\n\texecRes.outputForced = true\n\n\tne.logger.Info(\"deployment completed\")\n\treturn execRes, nil\n}\n\nfunc (ne *bizDeployNodeExecutor) getLastOutputArtifacts(execCtx *NodeExecutionContext) (*domain.WorkflowOutput, error) {\n\tlastOutput, err := ne.wfoutputRepo.GetByWorkflowIdAndNodeId(execCtx.Context(), execCtx.WorkflowId, execCtx.Node.Id)\n\tif err != nil && !domain.IsRecordNotFoundError(err) {\n\t\treturn nil, fmt.Errorf(\"failed to get last output record of node #%s: %w\", execCtx.Node.Id, err)\n\t}\n\n\treturn lastOutput, nil\n}\n\nfunc (ne *bizDeployNodeExecutor) checkCanSkip(execCtx *NodeExecutionContext, lastOutput *domain.WorkflowOutput) (_skip bool, _reason string) {\n\tthisNodeCfg := execCtx.Node.Data.Config.AsBizDeploy()\n\n\tif lastOutput != nil && lastOutput.Succeeded {\n\t\t// 比较和上次部署时的关键配置(即影响证书部署的)参数是否一致\n\t\tlastNodeCfg := lastOutput.NodeConfig.AsBizDeploy()\n\n\t\tif thisNodeCfg.ProviderAccessId != lastNodeCfg.ProviderAccessId {\n\t\t\treturn false, \"the configuration item 'ProviderAccessId' changed\"\n\t\t}\n\t\tif !maps.Equal(thisNodeCfg.ProviderConfig, lastNodeCfg.ProviderConfig) {\n\t\t\treturn false, \"the configuration item 'ProviderConfig' changed\"\n\t\t}\n\n\t\tif thisNodeCfg.SkipOnLastSucceeded {\n\t\t\treturn true, \"the last deployment already completed\"\n\t\t}\n\t}\n\n\treturn false, \"\"\n}\n\nfunc newBizDeployNodeExecutor() NodeExecutor {\n\treturn &bizDeployNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t\taccessRepo: repository.NewAccessRepository(),\n\t\tcertificateRepo: repository.NewCertificateRepository(),\n\t\twfoutputRepo: repository.NewWorkflowOutputRepository(),\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_bizmonitor.go",
"content": "package engine\n\nimport (\n\t\"crypto/x509\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"math\"\n\t\"net\"\n\t\"net/http\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n\txcertx509 \"github.com/certimate-go/certimate/pkg/utils/cert/x509\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n\txtls \"github.com/certimate-go/certimate/pkg/utils/tls\"\n)\n\n/**\n * Variables:\n * - \"certificate.commanName\": string\n * - \"certificate.subjectAltNames\": string\n * - \"certificate.notBefore\": datetime\n * - \"certificate.notAfter\": datetime\n * - \"certificate.hoursLeft\": number\n * - \"certificate.daysLeft\": number\n * - \"certificate.validity\": boolean\n */\ntype bizMonitorNodeExecutor struct {\n\tnodeExecutor\n\n\tcertificateRepo certificateRepository\n}\n\nfunc (ne *bizMonitorNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tnodeCfg := execCtx.Node.Data.Config.AsBizMonitor()\n\tne.logger.Info(\"ready to monitor certificate ...\", slog.Any(\"config\", nodeCfg))\n\n\ttargetAddr := net.JoinHostPort(nodeCfg.Host, strconv.Itoa(int(nodeCfg.Port)))\n\tif nodeCfg.Port == 0 {\n\t\ttargetAddr = net.JoinHostPort(nodeCfg.Host, \"443\")\n\t}\n\n\ttargetDomain := nodeCfg.Domain\n\tif targetDomain == \"\" {\n\t\ttargetDomain = nodeCfg.Host\n\t}\n\n\tne.logger.Info(fmt.Sprintf(\"retrieving certificate at %s (domain: %s)\", targetAddr, targetDomain))\n\n\tconst MAX_ATTEMPTS = 3\n\tconst RETRY_INTERVAL = 2 * time.Second\n\tvar err error\n\tvar certs []*x509.Certificate\n\tfor attempt := 0; attempt < MAX_ATTEMPTS; attempt++ {\n\t\tif attempt > 0 {\n\t\t\tne.logger.Info(fmt.Sprintf(\"retry %d time(s) ...\", attempt))\n\n\t\t\tctx := execCtx.Context()\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn execRes, ctx.Err()\n\t\t\tcase <-time.After(RETRY_INTERVAL):\n\t\t\t}\n\t\t}\n\n\t\tcerts, err = ne.tryRetrievePeerCertificates(execCtx, targetAddr, targetDomain, nodeCfg.RequestPath)\n\t\tif err == nil {\n\t\t\tbreak\n\t\t}\n\t}\n\n\tif err != nil {\n\t\tne.logger.Warn(\"could not retrieve certificate\")\n\t\treturn execRes, err\n\t} else {\n\t\tif len(certs) == 0 {\n\t\t\tne.logger.Warn(\"no ssl certificates retrieved in http response\")\n\n\t\t\tne.setVariablesOfResult(execCtx, execRes, nil)\n\t\t} else {\n\t\t\tcert := certs[0] // 只取证书链中的第一个证书,即服务器证书\n\t\t\tne.logger.Info(fmt.Sprintf(\"ssl certificate retrieved (serial='%s', subject='%s', issuer='%s', not_before='%s', not_after='%s', sans='%s')\",\n\t\t\t\tcert.SerialNumber, cert.Subject.String(), cert.Issuer.String(),\n\t\t\t\tcert.NotBefore.Format(time.RFC3339), cert.NotAfter.Format(time.RFC3339),\n\t\t\t\tstrings.Join(xcertx509.GetSubjectAltNames(cert), \";\")),\n\t\t\t)\n\t\t\tne.setVariablesOfResult(execCtx, execRes, cert)\n\n\t\t\tnow := time.Now()\n\t\t\tisCertPeriodValid := now.Before(cert.NotAfter) && now.After(cert.NotBefore)\n\t\t\tisCertHostMatched := cert.VerifyHostname(targetDomain) == nil\n\t\t\tdaysLeft := int32(math.Floor(time.Until(cert.NotAfter).Hours() / 24))\n\t\t\tvalidated := isCertPeriodValid && isCertHostMatched\n\n\t\t\tif validated {\n\t\t\t\tne.logger.Info(fmt.Sprintf(\"the certificate is valid, and will expire in %d day(s)\", daysLeft))\n\t\t\t} else {\n\t\t\t\tif !isCertHostMatched {\n\t\t\t\t\tne.logger.Warn(\"the certificate is invalid, because it is not matched the host\")\n\t\t\t\t} else if !isCertPeriodValid {\n\t\t\t\t\tne.logger.Warn(\"the certificate is invalid, because it is either expired or not yet valid\")\n\t\t\t\t} else {\n\t\t\t\t\tne.logger.Warn(\"the certificate is invalid\")\n\t\t\t\t}\n\n\t\t\t\t// 除了验证证书有效期,还要确保证书与域名匹配\n\t\t\t\texecRes.AddVariable(stateVarKeyCertificateValidity, false, stateValTypeBoolean)\n\t\t\t\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateValidity, false, stateValTypeBoolean)\n\t\t\t}\n\t\t}\n\t}\n\n\tne.logger.Info(\"monitoring completed\")\n\treturn execRes, nil\n}\n\nfunc (ne *bizMonitorNodeExecutor) tryRetrievePeerCertificates(execCtx *NodeExecutionContext, addr, domain, requestPath string) ([]*x509.Certificate, error) {\n\ttransport := xhttp.NewDefaultTransport()\n\ttransport.DisableKeepAlives = true\n\ttransport.TLSClientConfig = xtls.NewInsecureConfig()\n\n\tclient := &http.Client{\n\t\tCheckRedirect: func(req *http.Request, via []*http.Request) error {\n\t\t\treturn http.ErrUseLastResponse\n\t\t},\n\t\tTimeout: 30 * time.Second,\n\t\tTransport: transport,\n\t}\n\n\turl := fmt.Sprintf(\"https://%s/%s\", addr, strings.TrimLeft(requestPath, \"/\"))\n\treq, err := http.NewRequestWithContext(execCtx.Context(), http.MethodHead, url, nil)\n\tif err != nil {\n\t\terr = fmt.Errorf(\"failed to create http request: %w\", err)\n\t\tne.logger.Warn(err.Error())\n\t\treturn nil, err\n\t}\n\n\treq.Header.Set(\"Host\", domain)\n\treq.Header.Set(\"User-Agent\", app.AppUserAgent)\n\tresp, err := client.Do(req)\n\tif err != nil {\n\t\terr = fmt.Errorf(\"failed to send http request: %w\", err)\n\t\tne.logger.Warn(err.Error())\n\t\treturn nil, err\n\t}\n\tdefer resp.Body.Close()\n\n\tif resp.TLS == nil || len(resp.TLS.PeerCertificates) == 0 {\n\t\treturn make([]*x509.Certificate, 0), nil\n\t}\n\treturn resp.TLS.PeerCertificates, nil\n}\n\nfunc (ne *bizMonitorNodeExecutor) setVariablesOfResult(execCtx *NodeExecutionContext, execRes *NodeExecutionResult, certX509 *x509.Certificate) {\n\tvar vCommonName string\n\tvar vSubjectAltNames string\n\tvar vNotBefore time.Time\n\tvar vNotAfter time.Time\n\tvar vHoursLeft int32\n\tvar vDaysLeft int32\n\tvar vValidity bool\n\n\tif certX509 != nil {\n\t\tvCommonName = certX509.Subject.CommonName\n\t\tvSubjectAltNames = strings.Join(xcertx509.GetSubjectAltNames(certX509), \";\")\n\t\tvNotBefore = certX509.NotBefore\n\t\tvNotAfter = certX509.NotAfter\n\t\tvHoursLeft = int32(math.Floor(time.Until(certX509.NotAfter).Hours()))\n\t\tvDaysLeft = int32(math.Floor(time.Until(certX509.NotAfter).Hours() / 24))\n\t\tvValidity = certX509.NotAfter.After(time.Now())\n\t}\n\n\texecRes.AddVariable(stateVarKeyCertificateDomain, vCommonName, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateDomains, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateCommonName, vCommonName, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateSubjectAltNames, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateNotBefore, vNotBefore, stateValTypeDateTime)\n\texecRes.AddVariable(stateVarKeyCertificateNotAfter, vNotAfter, stateValTypeDateTime)\n\texecRes.AddVariable(stateVarKeyCertificateHoursLeft, vHoursLeft, stateValTypeNumber)\n\texecRes.AddVariable(stateVarKeyCertificateDaysLeft, vDaysLeft, stateValTypeNumber)\n\texecRes.AddVariable(stateVarKeyCertificateValidity, vValidity, stateValTypeBoolean)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDomain, vCommonName, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDomains, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateCommonName, vCommonName, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateSubjectAltNames, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateNotBefore, vNotBefore, stateValTypeDateTime)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateNotAfter, vNotAfter, stateValTypeDateTime)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateHoursLeft, vHoursLeft, stateValTypeNumber)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDaysLeft, vDaysLeft, stateValTypeNumber)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateValidity, vValidity, stateValTypeBoolean)\n}\n\nfunc newBizMonitorNodeExecutor() NodeExecutor {\n\treturn &bizMonitorNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t\tcertificateRepo: repository.NewCertificateRepository(),\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_biznotify.go",
"content": "package engine\n\nimport (\n\t\"fmt\"\n\t\"log/slog\"\n\t\"regexp\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/internal/notify\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n)\n\ntype bizNotifyNodeExecutor struct {\n\tnodeExecutor\n\n\taccessRepo accessRepository\n\tsettingsRepo settingsRepository\n}\n\nfunc (ne *bizNotifyNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tnodeCfg := execCtx.Node.Data.Config.AsBizNotify()\n\tne.logger.Info(\"ready to send notification ...\", slog.Any(\"config\", nodeCfg))\n\n\t// 检测是否可以跳过本次执行\n\tif skippable, reason := ne.checkCanSkip(execCtx); skippable {\n\t\tne.logger.Info(fmt.Sprintf(\"skip this application, because %s\", reason))\n\t\treturn execRes, nil\n\t}\n\n\t// 读取部署提供商授权\n\tproviderAccessConfig := make(map[string]any)\n\tif nodeCfg.ProviderAccessId != \"\" {\n\t\tif access, err := ne.accessRepo.GetById(execCtx.Context(), nodeCfg.ProviderAccessId); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to get access #%s record: %w\", nodeCfg.ProviderAccessId, err)\n\t\t} else {\n\t\t\tproviderAccessConfig = access.Config\n\t\t}\n\t}\n\n\t// 渲染通知模板\n\treMustache := regexp.MustCompile(`\\{\\{\\s*(\\$[^\\s]+)\\s*\\}\\}`)\n\treMustacheReplacer := func(match string) string {\n\t\tmustache := strings.TrimSpace(match[2 : len(match)-2])\n\t\tif mustache == \"\" {\n\t\t\treturn match\n\t\t}\n\n\t\tkey := mustache[1:]\n\t\tif key == \"\" {\n\t\t\treturn match\n\t\t} else if key == \"now\" {\n\t\t\treturn time.Now().Format(time.RFC3339)\n\t\t}\n\n\t\t// TODO: 支持作用域变量\n\t\tif state, ok := execCtx.variables.Get(key); ok {\n\t\t\treturn state.ValueString()\n\t\t}\n\n\t\treturn match\n\t}\n\tsubject := reMustache.ReplaceAllStringFunc(nodeCfg.Subject, reMustacheReplacer)\n\tmessage := reMustache.ReplaceAllStringFunc(nodeCfg.Message, reMustacheReplacer)\n\n\t// 推送通知\n\tnotifier := notify.NewClient(notify.WithLogger(ne.logger))\n\tnotifyReq := ¬ify.SendNotificationRequest{\n\t\tProvider: nodeCfg.Provider,\n\t\tProviderAccessConfig: providerAccessConfig,\n\t\tProviderExtendedConfig: nodeCfg.ProviderConfig,\n\t\tSubject: subject,\n\t\tMessage: message,\n\t}\n\tif _, err := notifier.SendNotification(execCtx.Context(), notifyReq); err != nil {\n\t\tne.logger.Warn(\"could not send notification\")\n\t\treturn execRes, err\n\t}\n\n\tne.logger.Info(\"notification completed\")\n\treturn execRes, nil\n}\n\nfunc (ne *bizNotifyNodeExecutor) checkCanSkip(execCtx *NodeExecutionContext) (_skip bool, _reason string) {\n\tthisNodeCfg := execCtx.Node.Data.Config.AsBizNotify()\n\tif !thisNodeCfg.SkipOnAllPrevSkipped {\n\t\treturn false, \"\"\n\t}\n\n\tvar total, skipped int32\n\tfor _, variable := range execCtx.variables.All() {\n\t\tif variable.Scope != \"\" && variable.Key == stateVarKeyNodeSkipped {\n\t\t\ttotal++\n\t\t\tif variable.Value == true {\n\t\t\t\tskipped++\n\t\t\t}\n\t\t}\n\t}\n\tif total == 0 || skipped != total {\n\t\treturn false, \"\"\n\t}\n\n\treturn true, \"all the previous nodes have been skipped\"\n}\n\nfunc newBizNotifyNodeExecutor() NodeExecutor {\n\treturn &bizNotifyNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t\taccessRepo: repository.NewAccessRepository(),\n\t\tsettingsRepo: repository.NewSettingsRepository(),\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_bizupload.go",
"content": "package engine\n\nimport (\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/rsa\"\n\t\"crypto/tls\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"math\"\n\t\"os\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/repository\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\n/**\n * Outputs:\n * - ref: \"certificate\": string\n *\n * Variables:\n * - \"node.skipped\": boolean\n * - \"certificate.commanName\": string\n * - \"certificate.subjectAltNames\": string\n * - \"certificate.notBefore\": datetime\n * - \"certificate.notAfter\": datetime\n * - \"certificate.hoursLeft\": number\n * - \"certificate.daysLeft\": number\n * - \"certificate.validity\": boolean\n */\ntype bizUploadNodeExecutor struct {\n\tnodeExecutor\n\n\tcertificateRepo certificateRepository\n\twfoutputRepo workflowOutputRepository\n}\n\nconst (\n\tBizUploadSourceForm = \"form\"\n\tBizUploadSourceLocal = \"local\"\n\tBizUploadSourceURL = \"url\"\n)\n\nfunc (ne *bizUploadNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tnodeCfg := execCtx.Node.Data.Config.AsBizUpload()\n\tne.logger.Info(\"ready to upload certiticate ...\", slog.Any(\"config\", nodeCfg))\n\n\t// 查询上次执行结果\n\tlastOutput, lastCertificate, err := ne.getLastOutputArtifacts(execCtx)\n\tif err != nil {\n\t\treturn execRes, err\n\t} else {\n\t\tif lastOutput != nil {\n\t\t\tne.logger.Info(fmt.Sprintf(\"found last node output #%s record\", lastOutput.RunId))\n\t\t}\n\n\t\tif lastCertificate != nil {\n\t\t\tne.setOuputsOfResult(execCtx, execRes, lastCertificate, false)\n\t\t\tne.setVariablesOfResult(execCtx, execRes, lastCertificate)\n\t\t\tne.logger.Info(fmt.Sprintf(\"found last certificate #%s record\", lastCertificate.Id))\n\t\t}\n\t}\n\n\t// 检测是否可以跳过本次执行\n\tif skippable, reason := ne.checkCanSkip(execCtx, lastOutput, lastCertificate); skippable {\n\t\tne.logger.Info(fmt.Sprintf(\"skip this uploading, because %s\", reason))\n\n\t\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyNodeSkipped, true, stateValTypeBoolean)\n\t\treturn execRes, nil\n\t} else if reason != \"\" {\n\t\tne.logger.Info(fmt.Sprintf(\"re-upload, because %s\", reason))\n\t} else if lastCertificate != nil {\n\t\tne.logger.Info(\"no found last uploaded certificate, begin to upload\")\n\t} else {\n\t\tne.logger.Info(\"try to upload\")\n\t}\n\n\t// 获取证书及私钥\n\tvar certPEM, privkeyPEM string\n\tswitch nodeCfg.Source {\n\tcase BizUploadSourceForm:\n\t\t{\n\t\t\tcertPEM = nodeCfg.Certificate\n\t\t\tprivkeyPEM = nodeCfg.PrivateKey\n\t\t}\n\n\tcase BizUploadSourceLocal:\n\t\t{\n\t\t\tcertData, err := os.ReadFile(nodeCfg.Certificate)\n\t\t\tif err != nil {\n\t\t\t\treturn execRes, fmt.Errorf(\"failed to read certificate file from local path: %w\", err)\n\t\t\t} else {\n\t\t\t\tcertPEM = string(certData)\n\t\t\t}\n\n\t\t\tprivkeyData, err := os.ReadFile(nodeCfg.PrivateKey)\n\t\t\tif err != nil {\n\t\t\t\treturn execRes, fmt.Errorf(\"failed to read private key file from local path: %w\", err)\n\t\t\t} else {\n\t\t\t\tprivkeyPEM = string(privkeyData)\n\t\t\t}\n\t\t}\n\n\tcase BizUploadSourceURL:\n\t\t{\n\t\t\tclient := resty.New()\n\t\t\tclient.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})\n\n\t\t\tcertResp, err := client.NewRequest().Get(nodeCfg.Certificate)\n\t\t\tif err != nil || certResp.IsError() {\n\t\t\t\treturn execRes, fmt.Errorf(\"failed to download certificate from URL: %w\", err)\n\t\t\t} else {\n\t\t\t\tcertPEM = string(certResp.Body())\n\t\t\t}\n\n\t\t\tprivkeyResp, err := client.NewRequest().Get(nodeCfg.PrivateKey)\n\t\t\tif err != nil || privkeyResp.IsError() {\n\t\t\t\treturn execRes, fmt.Errorf(\"failed to download private key from URL: %w\", err)\n\t\t\t} else {\n\t\t\t\tprivkeyPEM = string(privkeyResp.Body())\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn execRes, fmt.Errorf(\"unsupported upload source: '%s'\", nodeCfg.Source)\n\t}\n\n\t// 验证证书\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn execRes, err\n\t} else if certX509.NotAfter.Before(time.Now()) {\n\t\tne.logger.Warn(fmt.Sprintf(\"the uploaded certificate has expired at %s\", certX509.NotAfter.UTC().Format(time.RFC3339)))\n\t}\n\n\t// 验证私钥\n\tprivkey, err := xcert.ParsePrivateKeyFromPEM(privkeyPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tmatched := false\n\t\tswitch pub := certX509.PublicKey.(type) {\n\t\tcase *rsa.PublicKey:\n\t\t\tp, ok := privkey.(*rsa.PrivateKey)\n\t\t\tmatched = ok && pub.Equal(p.Public())\n\t\tcase *ecdsa.PublicKey:\n\t\t\tp, ok := privkey.(*ecdsa.PrivateKey)\n\t\t\tmatched = ok && pub.Equal(p.Public())\n\t\tcase ed25519.PublicKey:\n\t\t\tp, ok := privkey.(ed25519.PrivateKey)\n\t\t\tmatched = ok && pub.Equal(p.Public())\n\t\tdefault:\n\t\t\tmatched = false\n\t\t}\n\n\t\tif !matched {\n\t\t\treturn nil, fmt.Errorf(\"the uploaded private key does not match the uploaded certificate\")\n\t\t}\n\t}\n\n\t// 二次检测是否可以跳过执行\n\tif lastCertificate != nil {\n\t\tif xcert.EqualCertificatesFromPEM(certPEM, lastCertificate.Certificate) {\n\t\t\tne.logger.Info(\"skip this uploading, because the last uploaded certificate already exists\")\n\t\t\treturn execRes, nil\n\t\t}\n\t}\n\n\t// 保存证书实体\n\tcertificate := &domain.Certificate{\n\t\tSource: domain.CertificateSourceTypeUpload,\n\t\tWorkflowId: execCtx.WorkflowId,\n\t\tWorkflowRunId: execCtx.RunId,\n\t\tWorkflowNodeId: execCtx.Node.Id,\n\t}\n\tcertificate.PopulateFromPEM(certPEM, privkeyPEM)\n\tif certificate, err := ne.certificateRepo.Save(execCtx.Context(), certificate); err != nil {\n\t\tne.logger.Warn(\"could not save certificate\")\n\t\treturn execRes, err\n\t} else {\n\t\tne.logger.Info(\"certificate saved\", slog.String(\"recordId\", certificate.Id))\n\t}\n\n\t// 节点输出\n\tne.setOuputsOfResult(execCtx, execRes, certificate, true)\n\tne.setVariablesOfResult(execCtx, execRes, certificate)\n\n\tne.logger.Info(\"uploading completed\")\n\treturn execRes, nil\n}\n\nfunc (ne *bizUploadNodeExecutor) getLastOutputArtifacts(execCtx *NodeExecutionContext) (*domain.WorkflowOutput, *domain.Certificate, error) {\n\tlastOutput, err := ne.wfoutputRepo.GetByWorkflowIdAndNodeId(execCtx.Context(), execCtx.WorkflowId, execCtx.Node.Id)\n\tif err != nil && !domain.IsRecordNotFoundError(err) {\n\t\treturn nil, nil, fmt.Errorf(\"failed to get last output record of node #%s: %w\", execCtx.Node.Id, err)\n\t}\n\n\tif lastOutput != nil {\n\t\tlastCertificate, err := ne.certificateRepo.GetByWorkflowRunIdAndNodeId(execCtx.Context(), lastOutput.RunId, lastOutput.NodeId)\n\t\tif err != nil && !domain.IsRecordNotFoundError(err) {\n\t\t\treturn lastOutput, nil, fmt.Errorf(\"failed to get last certificate record of node #%s: %w\", execCtx.Node.Id, err)\n\t\t}\n\n\t\treturn lastOutput, lastCertificate, nil\n\t}\n\n\treturn lastOutput, nil, nil\n}\n\nfunc (ne *bizUploadNodeExecutor) checkCanSkip(execCtx *NodeExecutionContext, lastOutput *domain.WorkflowOutput, lastCertificate *domain.Certificate) (_skip bool, _reason string) {\n\tthisNodeCfg := execCtx.Node.Data.Config.AsBizUpload()\n\n\tif lastOutput != nil && lastOutput.Succeeded {\n\t\t// 比较和上次上传时的关键配置(即影响证书上传的)参数是否一致\n\t\tlastNodeCfg := lastOutput.NodeConfig.AsBizUpload()\n\n\t\tif thisNodeCfg.Source != lastNodeCfg.Source {\n\t\t\treturn false, \"the configuration item 'Source' changed\"\n\t\t}\n\n\t\tswitch thisNodeCfg.Source {\n\t\tcase BizUploadSourceForm:\n\t\t\tif strings.TrimSpace(thisNodeCfg.Certificate) != strings.TrimSpace(lastNodeCfg.Certificate) {\n\t\t\t\treturn false, \"the configuration item 'Certificate' changed\"\n\t\t\t}\n\t\t\tif strings.TrimSpace(thisNodeCfg.PrivateKey) != strings.TrimSpace(lastNodeCfg.PrivateKey) {\n\t\t\t\treturn false, \"the configuration item 'PrivateKey' changed\"\n\t\t\t}\n\n\t\tdefault:\n\t\t\t// 本地或远程文件来源,需实际下载后才能比较\n\t\t\treturn false, \"\"\n\t\t}\n\t}\n\n\tif lastCertificate != nil {\n\t\treturn true, \"the last uploaded certificate already exists\"\n\t}\n\n\treturn false, \"\"\n}\n\nfunc (ne *bizUploadNodeExecutor) setOuputsOfResult(execCtx *NodeExecutionContext, execRes *NodeExecutionResult, certificate *domain.Certificate, persistent bool) {\n\tif certificate != nil {\n\t\tkey := \"certificate\"\n\t\tvalue := fmt.Sprintf(\"%s#%s\", domain.CollectionNameCertificate, certificate.Id)\n\t\tif persistent {\n\t\t\texecRes.AddOutputWithPersistent(stateIOTypeRef, key, value, stateValTypeString)\n\t\t} else {\n\t\t\texecRes.AddOutput(stateIOTypeRef, key, value, stateValTypeString)\n\t\t}\n\t}\n}\n\nfunc (ne *bizUploadNodeExecutor) setVariablesOfResult(execCtx *NodeExecutionContext, execRes *NodeExecutionResult, certificate *domain.Certificate) {\n\tvar vCommonName string\n\tvar vSubjectAltNames string\n\tvar vNotBefore time.Time\n\tvar vNotAfter time.Time\n\tvar vHoursLeft int32\n\tvar vDaysLeft int32\n\tvar vValidity bool\n\n\tif certificate != nil {\n\t\tvCommonName = strings.Split(certificate.SubjectAltNames, \";\")[0]\n\t\tvSubjectAltNames = certificate.SubjectAltNames\n\t\tvNotBefore = certificate.ValidityNotBefore\n\t\tvNotAfter = certificate.ValidityNotAfter\n\t\tvHoursLeft = int32(math.Floor(time.Until(certificate.ValidityNotAfter).Hours()))\n\t\tvDaysLeft = int32(math.Floor(time.Until(certificate.ValidityNotAfter).Hours() / 24))\n\t\tvValidity = certificate.ValidityNotAfter.After(time.Now())\n\t}\n\n\texecRes.AddVariable(stateVarKeyCertificateDomain, vCommonName, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateDomains, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateCommonName, vCommonName, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateSubjectAltNames, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariable(stateVarKeyCertificateNotBefore, vNotBefore, stateValTypeDateTime)\n\texecRes.AddVariable(stateVarKeyCertificateNotAfter, vNotAfter, stateValTypeDateTime)\n\texecRes.AddVariable(stateVarKeyCertificateHoursLeft, vHoursLeft, stateValTypeNumber)\n\texecRes.AddVariable(stateVarKeyCertificateDaysLeft, vDaysLeft, stateValTypeNumber)\n\texecRes.AddVariable(stateVarKeyCertificateValidity, vValidity, stateValTypeBoolean)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDomain, vCommonName, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDomains, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateCommonName, vCommonName, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateSubjectAltNames, vSubjectAltNames, stateValTypeString)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateNotBefore, vNotBefore, stateValTypeDateTime)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateNotAfter, vNotAfter, stateValTypeDateTime)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateHoursLeft, vHoursLeft, stateValTypeNumber)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateDaysLeft, vDaysLeft, stateValTypeNumber)\n\texecRes.AddVariableWithScope(execCtx.Node.Id, stateVarKeyCertificateValidity, vValidity, stateValTypeBoolean)\n}\n\nfunc newBizUploadNodeExecutor() NodeExecutor {\n\treturn &bizUploadNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t\tcertificateRepo: repository.NewCertificateRepository(),\n\t\twfoutputRepo: repository.NewWorkflowOutputRepository(),\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_condition.go",
"content": "package engine\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n)\n\ntype conditionNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *conditionNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\tvar engine *workflowEngine\n\tif we, ok := execCtx.engine.(*workflowEngine); !ok {\n\t\tpanic(\"unreachable\")\n\t} else {\n\t\tengine = we\n\t}\n\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\terrs := make([]error, 0)\n\tblocks := lo.Filter(execCtx.Node.Blocks, func(n *Node, _ int) bool { return n.Type == NodeTypeBranchBlock })\n\tfor _, node := range blocks {\n\t\tctx := execCtx.Context()\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn execRes, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\terr := engine.executeNode(execCtx.Clone(), node)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, ErrTerminated) {\n\t\t\t\treturn execRes, err\n\t\t\t}\n\t\t\terrs = append(errs, err)\n\t\t}\n\t}\n\n\tif len(errs) > 0 {\n\t\treturn execRes, fmt.Errorf(\"%w: %w\", ErrBlocksException, errors.Join(errs...))\n\t}\n\n\treturn execRes, nil\n}\n\nfunc newConditionNodeExecutor() NodeExecutor {\n\treturn &conditionNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n\ntype branchBlockNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *branchBlockNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tnodeCfg := execCtx.Node.Data.Config.AsBranchBlock()\n\tif nodeCfg.Expression == nil {\n\t\tne.logger.Info(\"enter this branch without any conditions\")\n\t} else {\n\t\tvariables := lo.Reduce(execCtx.variables.All(), func(acc map[string]map[string]any, state VariableState, _ int) map[string]map[string]any {\n\t\t\tif _, ok := acc[state.Scope]; !ok {\n\t\t\t\tacc[state.Scope] = make(map[string]any)\n\t\t\t}\n\n\t\t\t// 这里需要把所有值都转换为字符串形式,因为 Expression.Eval 仅支持字符串类型的值\n\t\t\tacc[state.Scope][state.Key] = state.ValueString()\n\t\t\treturn acc\n\t\t}, make(map[string]map[string]any))\n\n\t\trs, err := nodeCfg.Expression.Eval(variables)\n\t\tif err != nil {\n\t\t\tne.logger.Warn(fmt.Sprintf(\"failed to eval expr: %+v\", err))\n\t\t\treturn execRes, err\n\t\t}\n\n\t\tif rs.Value == false {\n\t\t\tne.logger.Info(\"skip this branch, because condition not met\")\n\t\t\treturn execRes, nil\n\t\t} else {\n\t\t\tne.logger.Info(\"enter this branch, because condition met\")\n\t\t}\n\t}\n\n\tif engine, ok := execCtx.engine.(*workflowEngine); !ok {\n\t\tpanic(\"unreachable\")\n\t} else {\n\t\tif err := engine.executeBlocks(execCtx.Clone(), execCtx.Node.Blocks); err != nil {\n\t\t\treturn execRes, fmt.Errorf(\"%w: %w\", ErrBlocksException, err)\n\t\t}\n\t}\n\n\treturn execRes, nil\n}\n\nfunc newBranchBlockNodeExecutor() NodeExecutor {\n\treturn &branchBlockNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_delay.go",
"content": "package engine\n\nimport (\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype delayNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *delayNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tnodeCfg := execCtx.Node.Data.Config.AsDelay()\n\tne.logger.Info(fmt.Sprintf(\"delay for %d second(s) before continuing ...\", nodeCfg.Wait))\n\n\txwait.DelayWithContext(execCtx.Context(), time.Duration(nodeCfg.Wait)*time.Second)\n\n\treturn execRes, nil\n}\n\nfunc newDelayNodeExecutor() NodeExecutor {\n\treturn &delayNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_end.go",
"content": "package engine\n\nimport (\n\t\"log/slog\"\n)\n\ntype endNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *endNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\texecRes.Terminated = true\n\n\tne.logger.Info(\"the workflow is ending\")\n\n\treturn execRes, nil\n}\n\nfunc newEndNodeExecutor() NodeExecutor {\n\treturn &endNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_start.go",
"content": "package engine\n\nimport (\n\t\"log/slog\"\n)\n\ntype startNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *startNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tne.logger.Info(\"the workflow is starting\")\n\n\treturn execRes, nil\n}\n\nfunc newStartNodeExecutor() NodeExecutor {\n\treturn &startNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/executor_trycatch.go",
"content": "package engine\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n)\n\ntype tryCatchNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *tryCatchNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\tvar engine *workflowEngine\n\tif we, ok := execCtx.engine.(*workflowEngine); !ok {\n\t\tpanic(\"unreachable\")\n\t} else {\n\t\tengine = we\n\t}\n\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\ttryErrs := make([]error, 0)\n\ttryBlocks := lo.Filter(execCtx.Node.Blocks, func(n *Node, _ int) bool { return n.Type == NodeTypeTryBlock })\n\tfor _, node := range tryBlocks {\n\t\tctx := execCtx.Context()\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn execRes, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\terr := engine.executeNode(execCtx.Clone(), node)\n\t\tif err != nil {\n\t\t\tif errors.Is(err, ErrTerminated) {\n\t\t\t\treturn execRes, err\n\t\t\t}\n\t\t\ttryErrs = append(tryErrs, err)\n\t\t}\n\t}\n\n\tif len(tryErrs) > 0 {\n\t\tcatchErrs := make([]error, 0)\n\t\tcatchBlocks := lo.Filter(execCtx.Node.Blocks, func(n *Node, _ int) bool { return n.Type == NodeTypeCatchBlock })\n\t\tfor _, node := range catchBlocks {\n\t\t\tselect {\n\t\t\tcase <-execCtx.Context().Done():\n\t\t\t\treturn execRes, execCtx.Context().Err()\n\t\t\tdefault:\n\t\t\t}\n\n\t\t\terr := engine.executeNode(execCtx.Clone(), node)\n\t\t\tif err != nil {\n\t\t\t\tif errors.Is(err, ErrTerminated) {\n\t\t\t\t\treturn execRes, err\n\t\t\t\t}\n\t\t\t\tcatchErrs = append(catchErrs, err)\n\t\t\t}\n\t\t}\n\n\t\terrs := make([]error, 0)\n\t\terrs = append(errs, tryErrs...)\n\t\terrs = append(errs, catchErrs...)\n\t\treturn execRes, fmt.Errorf(\"%w: %w\", ErrBlocksException, errors.Join(errs...))\n\t}\n\n\treturn execRes, nil\n}\n\nfunc newTryCatchNodeExecutor() NodeExecutor {\n\treturn &tryCatchNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n\ntype tryBlockNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *tryBlockNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\tvar engine *workflowEngine\n\tif we, ok := execCtx.engine.(*workflowEngine); !ok {\n\t\tpanic(\"unreachable\")\n\t} else {\n\t\tengine = we\n\t}\n\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tif err := engine.executeBlocks(execCtx.Clone(), execCtx.Node.Blocks); err != nil {\n\t\treturn execRes, fmt.Errorf(\"%w: %w\", ErrBlocksException, err)\n\t}\n\n\treturn execRes, nil\n}\n\nfunc newTryBlockNodeExecutor() NodeExecutor {\n\treturn &tryBlockNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n\ntype catchBlockNodeExecutor struct {\n\tnodeExecutor\n}\n\nfunc (ne *catchBlockNodeExecutor) Execute(execCtx *NodeExecutionContext) (*NodeExecutionResult, error) {\n\texecRes := newNodeExecutionResult(execCtx.Node)\n\n\tvar engine *workflowEngine\n\tif we, ok := execCtx.engine.(*workflowEngine); !ok {\n\t\tpanic(\"unreachable\")\n\t} else {\n\t\tengine = we\n\t}\n\n\tif err := engine.executeBlocks(execCtx.Clone(), execCtx.Node.Blocks); err != nil {\n\t\treturn execRes, fmt.Errorf(\"%w: %w\", ErrBlocksException, err)\n\t}\n\n\treturn execRes, nil\n}\n\nfunc newCatchBlockNodeExecutor() NodeExecutor {\n\treturn &catchBlockNodeExecutor{\n\t\tnodeExecutor: nodeExecutor{logger: slog.Default()},\n\t}\n}\n"
},
{
"path": "internal/workflow/engine/logger.go",
"content": "package engine\n\nimport (\n\t\"log/slog\"\n)\n\ntype withLogger interface {\n\tSetLogger(logger *slog.Logger)\n}\n"
},
{
"path": "internal/workflow/engine/models.go",
"content": "package engine\n\nimport (\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype Node = domain.WorkflowNode\n\ntype NodeType = domain.WorkflowNodeType\n\nconst (\n\tNodeTypeStart = domain.WorkflowNodeTypeStart\n\tNodeTypeEnd = domain.WorkflowNodeTypeEnd\n\tNodeTypeCondition = domain.WorkflowNodeTypeCondition\n\tNodeTypeBranchBlock = domain.WorkflowNodeTypeBranchBlock\n\tNodeTypeTryCatch = domain.WorkflowNodeTypeTryCatch\n\tNodeTypeTryBlock = domain.WorkflowNodeTypeTryBlock\n\tNodeTypeCatchBlock = domain.WorkflowNodeTypeCatchBlock\n\tNodeTypeDelay = domain.WorkflowNodeTypeDelay\n\tNodeTypeBizApply = domain.WorkflowNodeTypeBizApply\n\tNodeTypeBizUpload = domain.WorkflowNodeTypeBizUpload\n\tNodeTypeBizMonitor = domain.WorkflowNodeTypeBizMonitor\n\tNodeTypeBizDeploy = domain.WorkflowNodeTypeBizDeploy\n\tNodeTypeBizNotify = domain.WorkflowNodeTypeBizNotify\n)\n\ntype Graph = domain.WorkflowGraph\n"
},
{
"path": "internal/workflow/engine/state.go",
"content": "package engine\n\nimport (\n\t\"fmt\"\n\t\"slices\"\n\t\"strconv\"\n\t\"sync\"\n\t\"time\"\n)\n\ntype VariableState struct {\n\tScope string // 零值时表示全局的,否则表示指定节点的\n\tKey string\n\tValue any\n\tValueType string\n}\n\nfunc (s VariableState) ValueString() string {\n\tswitch s.ValueType {\n\tcase stateValTypeString:\n\t\treturn fmt.Sprintf(\"%s\", s.Value)\n\tcase stateValTypeNumber:\n\t\treturn fmt.Sprintf(\"%d\", s.Value)\n\tcase stateValTypeBoolean:\n\t\treturn strconv.FormatBool(s.Value.(bool))\n\tcase stateValTypeDateTime:\n\t\tvalueAsTime := s.Value.(time.Time)\n\t\tif valueAsTime.IsZero() {\n\t\t\treturn \"-\"\n\t\t}\n\t\treturn valueAsTime.Format(time.RFC3339)\n\tdefault:\n\t\treturn fmt.Sprintf(\"[%s]%v\", s.ValueType, s.Value)\n\t}\n}\n\ntype VariableManager interface {\n\tAll() []VariableState\n\tErase()\n\n\tAdd(entry VariableState)\n\tSet(name string, value any, valueType string)\n\tSetScoped(scope string, name string, value any, valueType string)\n\tGet(name string) (*VariableState, bool)\n\tGetScoped(scope string, key string) (*VariableState, bool)\n\tTake(key string) (*VariableState, bool)\n\tTakeScoped(scope string, key string) (*VariableState, bool)\n\tRemove(key string) bool\n\tRemoveScoped(scope string, key string) bool\n}\n\ntype variableManager struct {\n\tstatesMtx sync.RWMutex\n\tstates []VariableState\n}\n\nvar _ VariableManager = (*variableManager)(nil)\n\nfunc (m *variableManager) All() []VariableState {\n\tm.statesMtx.RLock()\n\tdefer m.statesMtx.RUnlock()\n\n\tif m.states == nil {\n\t\treturn make([]VariableState, 0)\n\t}\n\n\treturn slices.Clone(m.states)\n}\n\nfunc (m *variableManager) Erase() {\n\tm.statesMtx.Lock()\n\tdefer m.statesMtx.Unlock()\n\n\tm.states = make([]VariableState, 0)\n}\n\nfunc (m *variableManager) Add(state VariableState) {\n\tm.statesMtx.Lock()\n\tdefer m.statesMtx.Unlock()\n\n\tif m.states == nil {\n\t\tm.states = make([]VariableState, 0)\n\t}\n\n\tfor i, item := range m.states {\n\t\tif item.Scope == state.Scope && item.Key == state.Key {\n\t\t\tm.states[i] = state\n\t\t\treturn\n\t\t}\n\t}\n\tm.states = append(m.states, state)\n}\n\nfunc (m *variableManager) Set(key string, value any, valueType string) {\n\tm.SetScoped(\"\", key, value, valueType)\n}\n\nfunc (m *variableManager) SetScoped(scope string, key string, value any, valueType string) {\n\tm.Add(VariableState{Scope: scope, Key: key, Value: value, ValueType: valueType})\n}\n\nfunc (m *variableManager) Get(key string) (*VariableState, bool) {\n\treturn m.GetScoped(\"\", key)\n}\n\nfunc (m *variableManager) GetScoped(scope string, key string) (*VariableState, bool) {\n\tm.statesMtx.RLock()\n\tdefer m.statesMtx.RUnlock()\n\n\tif m.states == nil {\n\t\treturn nil, false\n\t}\n\n\tfor _, item := range m.states {\n\t\tif item.Scope == scope && item.Key == key {\n\t\t\treturn &item, true\n\t\t}\n\t}\n\treturn nil, false\n}\n\nfunc (m *variableManager) Take(key string) (*VariableState, bool) {\n\treturn m.TakeScoped(\"\", key)\n}\n\nfunc (m *variableManager) TakeScoped(scope string, key string) (*VariableState, bool) {\n\tm.statesMtx.Lock()\n\tdefer m.statesMtx.Unlock()\n\n\tif m.states == nil {\n\t\treturn nil, false\n\t}\n\n\tfor i, item := range m.states {\n\t\tif item.Scope == scope && item.Key == key {\n\t\t\tm.states = slices.Delete(m.states, i, i+1)\n\t\t\treturn &item, true\n\t\t}\n\t}\n\treturn nil, false\n}\n\nfunc (m *variableManager) Remove(key string) bool {\n\treturn m.RemoveScoped(\"\", key)\n}\n\nfunc (m *variableManager) RemoveScoped(scope string, key string) bool {\n\t_, ok := m.TakeScoped(scope, key)\n\treturn ok\n}\n\nfunc newVariableManager() VariableManager {\n\treturn &variableManager{\n\t\tstates: make([]VariableState, 0),\n\t}\n}\n\ntype InOutState struct {\n\tNodeId string\n\tType string\n\tName string\n\tValue any\n\tValueType string\n\tPersistent bool\n}\n\nfunc (s InOutState) ValueString() string {\n\tswitch s.ValueType {\n\tcase stateValTypeString:\n\t\treturn s.Value.(string)\n\tcase stateValTypeNumber:\n\t\treturn fmt.Sprintf(\"%d\", s.Value)\n\tcase stateValTypeBoolean:\n\t\treturn strconv.FormatBool(s.Value.(bool))\n\tdefault:\n\t\treturn fmt.Sprintf(\"%v\", s.Value)\n\t}\n}\n\ntype InOutManager interface {\n\tAll() []InOutState\n\tErase()\n\n\tAdd(state InOutState)\n\tSet(nodeId string, stype string, name string, value any, valueType string, persistent bool)\n\tGet(nodeId string, name string) (*InOutState, bool)\n\tTake(nodeId string, name string) (*InOutState, bool)\n\tRemove(nodeId string, name string) bool\n}\n\ntype inoutManager struct {\n\tstatesMtx sync.RWMutex\n\tstates []InOutState\n}\n\nvar _ InOutManager = (*inoutManager)(nil)\n\nfunc (m *inoutManager) All() []InOutState {\n\tm.statesMtx.RLock()\n\tdefer m.statesMtx.RUnlock()\n\n\tif m.states == nil {\n\t\treturn make([]InOutState, 0)\n\t}\n\n\treturn slices.Clone(m.states)\n}\n\nfunc (m *inoutManager) Erase() {\n\tm.statesMtx.Lock()\n\tdefer m.statesMtx.Unlock()\n\n\tm.states = make([]InOutState, 0)\n}\n\nfunc (m *inoutManager) Add(state InOutState) {\n\tm.statesMtx.Lock()\n\tdefer m.statesMtx.Unlock()\n\n\tif m.states == nil {\n\t\tm.states = make([]InOutState, 0)\n\t}\n\n\tfor i, item := range m.states {\n\t\tif item.NodeId == state.NodeId && item.Name == state.Name {\n\t\t\tm.states[i] = state\n\t\t\treturn\n\t\t}\n\t}\n\tm.states = append(m.states, state)\n}\n\nfunc (m *inoutManager) Set(nodeId string, stype string, name string, value any, valueType string, persistent bool) {\n\tm.Add(InOutState{NodeId: nodeId, Type: stype, Name: name, Value: value, ValueType: valueType, Persistent: persistent})\n}\n\nfunc (m *inoutManager) Get(nodeId string, name string) (*InOutState, bool) {\n\tm.statesMtx.RLock()\n\tdefer m.statesMtx.RUnlock()\n\n\tif m.states == nil {\n\t\treturn nil, false\n\t}\n\n\tfor _, item := range m.states {\n\t\tif item.NodeId == nodeId && item.Name == name {\n\t\t\treturn &item, true\n\t\t}\n\t}\n\treturn nil, false\n}\n\nfunc (m *inoutManager) Take(nodeId string, name string) (*InOutState, bool) {\n\tm.statesMtx.Lock()\n\tdefer m.statesMtx.Unlock()\n\n\tif m.states == nil {\n\t\treturn nil, false\n\t}\n\n\tfor i, item := range m.states {\n\t\tif item.NodeId == nodeId && item.Name == name {\n\t\t\tm.states = slices.Delete(m.states, i, i+1)\n\t\t\treturn &item, true\n\t\t}\n\t}\n\treturn nil, false\n}\n\nfunc (m *inoutManager) Remove(nodeId string, name string) bool {\n\t_, ok := m.Take(nodeId, name)\n\treturn ok\n}\n\nfunc newInOutManager() InOutManager {\n\treturn &inoutManager{\n\t\tstates: make([]InOutState, 0),\n\t}\n}\n\nconst (\n\tstateValTypeBoolean = \"boolean\"\n\tstateValTypeDateTime = \"datetime\"\n\tstateValTypeNumber = \"number\"\n\tstateValTypeString = \"string\"\n)\n\nconst (\n\tstateIOTypeRef = \"ref\"\n)\n\nconst (\n\tstateVarKeyWorkflowId = \"workflow.id\" // ValueType: \"string\"\n\tstateVarKeyWorkflowName = \"workflow.name\" // ValueType: \"string\"\n\tstateVarKeyRunId = \"run.id\" // ValueType: \"string\"\n\tstateVarKeyRunTrigger = \"run.trigger\" // ValueType: \"string\"\n\tstateVarKeyNodeId = \"node.id\" // ValueType: \"string\"\n\tstateVarKeyNodeName = \"node.name\" // ValueType: \"string\"\n\tstateVarKeyNodeSkipped = \"node.skipped\" // ValueType: \"boolean\"\n\tstateVarKeyErrorNodeId = \"error.nodeId\" // ValueType: \"string\"\n\tstateVarKeyErrorNodeName = \"error.nodeName\" // ValueType: \"string\"\n\tstateVarKeyErrorMessage = \"error.message\" // ValueType: \"string\"\n\tstateVarKeyCertificateDomain = \"certificate.domain\" // 已废弃,仅为兼容旧版而保留,请使用 [stateVarKeyCertificateCommonName]\n\tstateVarKeyCertificateDomains = \"certificate.domains\" // 已废弃,仅为兼容旧版而保留,请使用 [stateVarKeyCertificateSubjectAltNames]\n\tstateVarKeyCertificateCommonName = \"certificate.commonName\" // ValueType: \"string\"\n\tstateVarKeyCertificateSubjectAltNames = \"certificate.subjectAltNames\" // ValueType: \"string\"\n\tstateVarKeyCertificateNotBefore = \"certificate.notBefore\" // ValueType: \"datetime\"\n\tstateVarKeyCertificateNotAfter = \"certificate.notAfter\" // ValueType: \"datetime\"\n\tstateVarKeyCertificateHoursLeft = \"certificate.hoursLeft\" // ValueType: \"number\"\n\tstateVarKeyCertificateDaysLeft = \"certificate.daysLeft\" // ValueType: \"number\"\n\tstateVarKeyCertificateValidity = \"certificate.validity\" // ValueType: \"boolean\"\n)\n"
},
{
"path": "internal/workflow/pbhook.go",
"content": "package workflow\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\nfunc registerWorkflowRecordEvents() {\n\tpb := app.GetApp()\n\tpb.OnRecordCreateRequest(domain.CollectionNameWorkflow).BindFunc(func(e *core.RecordRequestEvent) error {\n\t\tif err := e.Next(); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif err := onWorkflowRecordCreateOrUpdate(e.Request.Context(), e.Record); err != nil {\n\t\t\tapp.GetLogger().Error(err.Error())\n\t\t\treturn err\n\t\t}\n\n\t\treturn nil\n\t})\n\tpb.OnRecordUpdateRequest(domain.CollectionNameWorkflow).BindFunc(func(e *core.RecordRequestEvent) error {\n\t\tif err := e.Next(); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif err := onWorkflowRecordCreateOrUpdate(e.Request.Context(), e.Record); err != nil {\n\t\t\tapp.GetLogger().Error(err.Error())\n\t\t\treturn err\n\t\t}\n\n\t\treturn nil\n\t})\n\tpb.OnRecordDeleteRequest(domain.CollectionNameWorkflow).BindFunc(func(e *core.RecordRequestEvent) error {\n\t\tif err := e.Next(); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tif err := onWorkflowRecordDelete(e.Request.Context(), e.Record); err != nil {\n\t\t\tapp.GetLogger().Error(err.Error())\n\t\t\treturn err\n\t\t}\n\n\t\treturn nil\n\t})\n}\n\nfunc onWorkflowRecordCreateOrUpdate(_ context.Context, record *core.Record) error {\n\tscheduler := app.GetScheduler()\n\n\t// 向数据库插入/更新时,同时更新定时任务\n\tenabled := record.GetBool(\"enabled\")\n\ttrigger := record.GetString(\"trigger\")\n\ttriggerCron := record.GetString(\"triggerCron\")\n\n\t// 如果非定时触发或未启用,移除定时任务\n\tif !enabled || trigger != string(domain.WorkflowTriggerTypeScheduled) {\n\t\tscheduler.Remove(fmt.Sprintf(\"workflow#%s\", record.Id))\n\t\treturn nil\n\t}\n\n\t// 反之,重新添加定时任务\n\tif err := registerWorkflowJob(thisSvcInst(), record.Id, triggerCron); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc onWorkflowRecordDelete(_ context.Context, record *core.Record) error {\n\tscheduler := app.GetScheduler()\n\n\t// 从数据库删除时,同时移除定时任务\n\tjobId := fmt.Sprintf(\"workflow#%s\", record.Id)\n\tscheduler.Remove(jobId)\n\n\treturn nil\n}\n"
},
{
"path": "internal/workflow/pbjob.go",
"content": "package workflow\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/pocketbase/pocketbase/tools/cron\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/domain/dtos\"\n)\n\nfunc registerWorkflowJob(workflowSrv *WorkflowService, workflowId string, triggerCron string) error {\n\tscheduler := app.GetScheduler()\n\n\tjobId := fmt.Sprintf(\"workflow#%s\", workflowId)\n\tjob, _ := lo.Find(scheduler.Jobs(), func(j *cron.Job) bool { return j.Id() == jobId })\n\tif job != nil && job.Expression() == triggerCron {\n\t\treturn nil\n\t}\n\n\terr := scheduler.Add(jobId, triggerCron, func() {\n\t\tapp.GetLogger().Info(fmt.Sprintf(\"workflow #%s is triggered ...\", workflowId))\n\n\t\t_, err := workflowSrv.StartRun(context.Background(), &dtos.WorkflowStartRunReq{\n\t\t\tWorkflowId: workflowId,\n\t\t\tRunTrigger: domain.WorkflowTriggerTypeScheduled,\n\t\t})\n\t\tif err != nil {\n\t\t\tapp.GetLogger().Warn(fmt.Sprintf(\"failed to start scheduled run for workflow #%s\", workflowId), slog.Any(\"error\", err))\n\t\t}\n\t})\n\tif err != nil {\n\t\tapp.GetLogger().Error(fmt.Sprintf(\"failed to register cron job for workflow #%s\", workflowId), slog.Any(\"error\", err))\n\t\treturn fmt.Errorf(\"failed to add cron job: %w\", err)\n\t}\n\n\tapp.GetLogger().Info(fmt.Sprintf(\"registered cron job for workflow #%s\", workflowId), slog.String(\"cron\", triggerCron))\n\treturn nil\n}\n"
},
{
"path": "internal/workflow/service.go",
"content": "package workflow\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/pocketbase/dbx\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/domain\"\n\t\"github.com/certimate-go/certimate/internal/domain/dtos\"\n\t\"github.com/certimate-go/certimate/internal/workflow/dispatcher\"\n)\n\ntype WorkflowService struct {\n\tdispatcher dispatcher.WorkflowDispatcher\n\n\tworkflowRepo workflowRepository\n\tworkflowRunRepo workflowRunRepository\n\tsettingsRepo settingsRepository\n}\n\nfunc NewWorkflowService(workflowRepo workflowRepository, workflowRunRepo workflowRunRepository, settingsRepo settingsRepository) *WorkflowService {\n\tsrv := &WorkflowService{\n\t\tdispatcher: dispatcher.GetSingletonDispatcher(),\n\n\t\tworkflowRepo: workflowRepo,\n\t\tworkflowRunRepo: workflowRunRepo,\n\t\tsettingsRepo: settingsRepo,\n\t}\n\treturn srv\n}\n\nfunc (s *WorkflowService) InitSchedule(ctx context.Context) error {\n\t// 每日清理工作流运行历史\n\tapp.GetScheduler().MustAdd(\"cleanupWorkflowHistoryRuns\", \"0 0 * * *\", func() {\n\t\ts.cleanupHistoryRuns(context.Background())\n\t})\n\n\t// 初始化工作流调度器\n\tif err := s.dispatcher.Bootup(ctx); err != nil {\n\t\tpanic(err)\n\t}\n\n\t// 注册工作流后台任务\n\t{\n\t\tworkflows, err := s.workflowRepo.ListEnabledScheduled(ctx)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\tvar errs []error\n\t\tfor _, workflow := range workflows {\n\t\t\tif err := registerWorkflowJob(s, workflow.Id, workflow.TriggerCron); err != nil {\n\t\t\t\terrs = append(errs, err)\n\t\t\t}\n\t\t}\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (s *WorkflowService) GetStatistics(ctx context.Context) (*dtos.WorkflowStatisticsResp, error) {\n\tstats := s.dispatcher.GetStatistics()\n\treturn &dtos.WorkflowStatisticsResp{\n\t\tConcurrency: stats.Concurrency,\n\t\tPendingRunIds: stats.PendingRunIds,\n\t\tProcessingRunIds: stats.ProcessingRunIds,\n\t}, nil\n}\n\nfunc (s *WorkflowService) StartRun(ctx context.Context, req *dtos.WorkflowStartRunReq) (*dtos.WorkflowStartRunResp, error) {\n\tworkflow, err := s.workflowRepo.GetById(ctx, req.WorkflowId)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif req.RunTrigger == domain.WorkflowTriggerTypeManual && (workflow.LastRunStatus == domain.WorkflowRunStatusTypePending || workflow.LastRunStatus == domain.WorkflowRunStatusTypeProcessing) {\n\t\treturn nil, errors.New(\"workflow is already pending or processing\")\n\t} else if workflow.GraphContent == nil {\n\t\treturn nil, errors.New(\"workflow graph content is empty\")\n\t} else if err := workflow.GraphContent.Verify(); err != nil {\n\t\treturn nil, fmt.Errorf(\"workflow graph content is invalid: %w\", err)\n\t}\n\n\tworkflowRun := &domain.WorkflowRun{\n\t\tWorkflowId: workflow.Id,\n\t\tStatus: domain.WorkflowRunStatusTypePending,\n\t\tTrigger: req.RunTrigger,\n\t\tStartedAt: time.Now(),\n\t\tGraph: workflow.GraphContent.Clone(),\n\t}\n\tif resp, err := s.workflowRunRepo.Save(ctx, workflowRun); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tworkflowRun = resp\n\t}\n\n\tif err := s.dispatcher.Start(ctx, workflowRun.Id); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &dtos.WorkflowStartRunResp{RunId: workflowRun.Id}, nil\n}\n\nfunc (s *WorkflowService) CancelRun(ctx context.Context, req *dtos.WorkflowCancelRunReq) (*dtos.WorkflowCancelRunResp, error) {\n\tworkflow, err := s.workflowRepo.GetById(ctx, req.WorkflowId)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tworkflowRun, err := s.workflowRunRepo.GetById(ctx, req.RunId)\n\tif err != nil {\n\t\treturn nil, err\n\t} else if workflowRun.WorkflowId != workflow.Id {\n\t\treturn nil, errors.New(\"workflow run not found\")\n\t} else if workflowRun.Status != domain.WorkflowRunStatusTypePending && workflowRun.Status != domain.WorkflowRunStatusTypeProcessing {\n\t\treturn nil, errors.New(\"workflow run is not pending or processing\")\n\t}\n\n\tif err := s.dispatcher.Cancel(ctx, workflowRun.Id); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &dtos.WorkflowCancelRunResp{}, nil\n}\n\nfunc (s *WorkflowService) Shutdown(ctx context.Context) {\n\ts.dispatcher.Shutdown(ctx)\n}\n\nfunc (s *WorkflowService) cleanupHistoryRuns(ctx context.Context) error {\n\tsettings, err := s.settingsRepo.GetByName(ctx, domain.SettingsNamePersistence)\n\tif err != nil {\n\t\tif errors.Is(err, domain.ErrRecordNotFound) {\n\t\t\treturn nil\n\t\t}\n\n\t\tapp.GetLogger().Error(\"failed to get persistence settings\", slog.Any(\"error\", err))\n\t\treturn err\n\t}\n\n\tpersistenceSettings := settings.Content.AsPersistence()\n\tif persistenceSettings.WorkflowRunsRetentionMaxDays != 0 {\n\t\tret, err := s.workflowRunRepo.DeleteWhere(\n\t\t\tctx,\n\t\t\tdbx.NewExp(fmt.Sprintf(\"status!='%s'\", string(domain.WorkflowRunStatusTypePending))),\n\t\t\tdbx.NewExp(fmt.Sprintf(\"status!='%s'\", string(domain.WorkflowRunStatusTypeProcessing))),\n\t\t\tdbx.NewExp(fmt.Sprintf(\"endedAt 0 {\n\t\t\tapp.GetLogger().Info(fmt.Sprintf(\"cleanup %d workflow history runs\", ret))\n\t\t}\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "internal/workflow/service_deps.go",
"content": "package workflow\n\nimport (\n\t\"context\"\n\n\t\"github.com/pocketbase/dbx\"\n\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\ntype workflowRepository interface {\n\tListEnabledScheduled(ctx context.Context) ([]*domain.Workflow, error)\n\tGetById(ctx context.Context, id string) (*domain.Workflow, error)\n\tSave(ctx context.Context, workflow *domain.Workflow) (*domain.Workflow, error)\n}\n\ntype workflowRunRepository interface {\n\tGetById(ctx context.Context, id string) (*domain.WorkflowRun, error)\n\tSave(ctx context.Context, workflowRun *domain.WorkflowRun) (*domain.WorkflowRun, error)\n\tSaveWithCascading(ctx context.Context, workflowRun *domain.WorkflowRun) (*domain.WorkflowRun, error)\n\tDeleteWhere(ctx context.Context, exprs ...dbx.Expression) (int, error)\n}\n\ntype settingsRepository interface {\n\tGetByName(ctx context.Context, name string) (*domain.Settings, error)\n}\n"
},
{
"path": "internal/workflow/service_inst.go",
"content": "package workflow\n\nimport (\n\t\"sync\"\n\n\t\"github.com/certimate-go/certimate/internal/repository\"\n)\n\nvar (\n\tthisSvc *WorkflowService\n\tthisSvcOnce sync.Once\n)\n\nfunc thisSvcInst() *WorkflowService {\n\tthisSvcOnce.Do(func() {\n\t\tthisSvc = NewWorkflowService(repository.NewWorkflowRepository(), repository.NewWorkflowRunRepository(), repository.NewSettingsRepository())\n\t})\n\treturn thisSvc\n}\n"
},
{
"path": "internal/workflow/workflow.go",
"content": "package workflow\n\nimport (\n\t\"context\"\n)\n\nfunc Setup() {\n\tregisterWorkflowRecordEvents()\n}\n\nfunc Teardown() {\n\tthisSvcInst().Shutdown(context.Background())\n}\n"
},
{
"path": "main.go",
"content": "package main\n\nimport (\n\t\"log/slog\"\n\t\"os\"\n\t\"strings\"\n\t_ \"time/tzdata\"\n\n\t\"github.com/pocketbase/pocketbase\"\n\t\"github.com/pocketbase/pocketbase/apis\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\t\"github.com/pocketbase/pocketbase/plugins/migratecmd\"\n\t\"github.com/pocketbase/pocketbase/tools/hook\"\n\t\"github.com/spf13/pflag\"\n\n\t\"github.com/certimate-go/certimate/cmd\"\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/internal/rest/routes\"\n\t\"github.com/certimate-go/certimate/internal/scheduler\"\n\t\"github.com/certimate-go/certimate/internal/workflow\"\n\t\"github.com/certimate-go/certimate/ui\"\n\n\t_ \"github.com/certimate-go/certimate/migrations\"\n)\n\nfunc main() {\n\tpb := app.GetApp().(*pocketbase.PocketBase)\n\tif len(os.Args) < 2 {\n\t\tslog.Error(\"[CERTIMATE] missing exec args, maybe you forget the 'serve' command?\")\n\t\tos.Exit(1)\n\t\treturn\n\t}\n\n\tvar flagHttp string\n\tpflag.CommandLine = pflag.NewFlagSet(os.Args[0], pflag.ContinueOnError)\n\tpflag.CommandLine.Parse(os.Args[2:]) // skip the first two arguments: \"main.go serve\"\n\tpflag.StringVar(&flagHttp, \"http\", \"127.0.0.1:8090\", \"HTTP server address\")\n\tpflag.Parse()\n\n\tmigratecmd.MustRegister(pb, pb.RootCmd, migratecmd.Config{\n\t\t// enable auto creation of migration files when making collection changes in the Admin UI\n\t\t// (the isGoRun check is to enable it only during development)\n\t\tAutomigrate: strings.HasPrefix(os.Args[0], os.TempDir()),\n\t})\n\n\tpb.RootCmd.AddCommand(cmd.NewInternalCommand(pb))\n\tpb.RootCmd.AddCommand(cmd.NewWinscCommand(pb))\n\n\tpb.OnServe().BindFunc(func(e *core.ServeEvent) error {\n\t\tscheduler.Setup()\n\t\tworkflow.Setup()\n\t\troutes.BindRouter(e.Router)\n\t\treturn e.Next()\n\t})\n\n\tpb.OnServe().Bind(&hook.Handler[*core.ServeEvent]{\n\t\tFunc: func(e *core.ServeEvent) error {\n\t\t\te.Router.\n\t\t\t\tGET(\"/{path...}\", apis.Static(ui.DistDirFS, false)).\n\t\t\t\tBind(apis.Gzip())\n\t\t\treturn e.Next()\n\t\t},\n\t\tPriority: 999,\n\t})\n\n\tpb.OnServe().BindFunc(func(e *core.ServeEvent) error {\n\t\tslog.Info(\"[CERTIMATE] Visit the website: http://\" + flagHttp)\n\t\treturn e.Next()\n\t})\n\n\tpb.OnTerminate().BindFunc(func(e *core.TerminateEvent) error {\n\t\tworkflow.Teardown()\n\t\treturn e.Next()\n\t})\n\n\tif err := cmd.Serve(pb); err != nil {\n\t\tslog.Error(\"[CERTIMATE] Start failed.\", slog.Any(\"error\", err))\n\t}\n}\n"
},
{
"path": "migrations/1757476800_upgrade_v0.4.0.go",
"content": "package migrations\n\nimport (\n\t\"database/sql\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"regexp\"\n\t\"strings\"\n\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\t\"github.com/samber/lo\"\n\n\tsnapsv03 \"github.com/certimate-go/certimate/migrations/snaps/v0.3\"\n\tsnapsv04 \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\tif err := app.DB().\n\t\t\tNewQuery(\"SELECT (1) FROM _migrations WHERE file={:file} LIMIT 1\").\n\t\t\tBind(dbx.Params{\"file\": \"1757476800_m0.4.0_migrate.go\"}).\n\t\t\tOne(&struct{}{}); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\ttracer := NewTracer(\"v0.4.0\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// update collection `settings`\n\t\t// - delete records: 'notifyChannels', 'notifyTemplates'\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"dy6ccjb60spfy6p\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif _, err := app.DB().NewQuery(\"DELETE FROM settings WHERE name = 'notifyChannels'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"DELETE FROM settings WHERE name = 'notifyTemplates'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\t\t\t}\n\t\t}\n\n\t\t// update collection `acme_accounts`\n\t\t// - add field `acmeAcctUrl`\n\t\t// - add field `acmeDirUrl`\n\t\t// - rename field `key` to `privateKey`\n\t\t// - rename field `resource` to `acmeAccount`\n\t\t// - migrate field `acmeAccount`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"012d7abbod1hwvr\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(5, []byte(`{\n\t\t\t\t\t\"exceptDomains\": null,\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"url2424532088\",\n\t\t\t\t\t\"name\": \"acmeAcctUrl\",\n\t\t\t\t\t\"onlyDomains\": null,\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"url\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(6, []byte(`{\n\t\t\t\t\t\"exceptDomains\": null,\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"url3632694140\",\n\t\t\t\t\t\"name\": \"acmeDirUrl\",\n\t\t\t\t\t\"onlyDomains\": null,\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"url\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(3, []byte(`{\n\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"genxqtii\",\n\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\"name\": \"privateKey\",\n\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(4, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"1aoia909\",\n\t\t\t\t\t\"maxSize\": 2000000,\n\t\t\t\t\t\"name\": \"acmeAccount\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\t\t\t\t\tdeleted := false\n\n\t\t\t\t\tresource := make(map[string]any)\n\t\t\t\t\tif err := record.UnmarshalJSONField(\"acmeAccount\", &resource); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tif _, ok := resource[\"body\"]; ok {\n\t\t\t\t\t\trecord.Set(\"acmeAcctUrl\", resource[\"uri\"].(string))\n\t\t\t\t\t\trecord.Set(\"acmeAccount\", resource[\"body\"].(map[string]any))\n\t\t\t\t\t\tchanged = true\n\t\t\t\t\t}\n\n\t\t\t\t\tca := record.GetString(\"ca\")\n\t\t\t\t\tif strings.Contains(ca, \"#\") {\n\t\t\t\t\t\trecord.Set(\"ca\", strings.Split(ca, \"#\")[0])\n\t\t\t\t\t\tif access, err := app.FindRecordById(\"access\", strings.Split(ca, \"#\")[1]); err != nil {\n\t\t\t\t\t\t\tdeleted = true\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tprovider := access.GetString(\"provider\")\n\t\t\t\t\t\t\tswitch provider {\n\t\t\t\t\t\t\tcase \"buypass\":\n\t\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://api.buypass.com/acme/directory\")\n\t\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\t\tcase \"googletrustservices\":\n\t\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://dv.acme-v02.api.pki.goog/directory\")\n\t\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\t\tcase \"sslcom\":\n\t\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://acme.ssl.com/sslcom-dv-rsa\")\n\t\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\t\tcase \"zerossl\":\n\t\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://acme.zerossl.com/v2/DV90\")\n\t\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\t\tcase \"acmeca\":\n\t\t\t\t\t\t\t\taccessConfig := make(map[string]any)\n\t\t\t\t\t\t\t\taccess.UnmarshalJSONField(\"config\", &accessConfig)\n\t\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", accessConfig[\"endpoint\"].(string))\n\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t} else {\n\t\t\t\t\t\tswitch ca {\n\t\t\t\t\t\tcase \"letsencrypt\":\n\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://acme-v02.api.letsencrypt.org/directory\")\n\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\tcase \"letsencryptstaging\":\n\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://acme-staging-v02.api.letsencrypt.org/directory\")\n\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\tcase \"buypass\":\n\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://api.buypass.com/acme/directory\")\n\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\tcase \"googletrustservices\":\n\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://dv.acme-v02.api.pki.goog/directory\")\n\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\tcase \"sslcom\":\n\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://acme.ssl.com/sslcom-dv-rsa\")\n\t\t\t\t\t\t\tchanged = true\n\n\t\t\t\t\t\tcase \"zerossl\":\n\t\t\t\t\t\t\trecord.Set(\"acmeDirUrl\", \"https://acme.zerossl.com/v2/DV90\")\n\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\n\t\t\t\t\tif deleted {\n\t\t\t\t\t\tif err := app.Delete(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' deleted\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\t\t\t}\n\t\t}\n\n\t\t// update collection `access`\n\t\t// - modify field `config` schema: rename property `defaultReceiver` to `receiver`\n\t\t// - modify field `reserve` candidates\n\t\t// - delete records: 'local', 'buypass'\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"4yzbv8urny5ja1e\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE access SET reserve = 'notif' WHERE reserve = 'notification'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"DELETE FROM access WHERE provider = 'local'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"DELETE FROM access WHERE provider = 'buypass'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tprovider := record.GetString(\"provider\")\n\t\t\t\t\tconfig := make(map[string]any)\n\t\t\t\t\tif err := record.UnmarshalJSONField(\"config\", &config); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tswitch provider {\n\t\t\t\t\tcase \"discordbot\", \"mattermost\", \"slackbot\":\n\t\t\t\t\t\tif _, ok := config[\"defaultChannelId\"]; ok {\n\t\t\t\t\t\t\tconfig[\"channelId\"] = config[\"defaultChannelId\"]\n\t\t\t\t\t\t\tdelete(config, \"defaultChannelId\")\n\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t}\n\n\t\t\t\t\tcase \"email\":\n\t\t\t\t\t\tif _, ok := config[\"defaultSenderAddress\"]; ok {\n\t\t\t\t\t\t\tconfig[\"senderAddress\"] = config[\"defaultSenderAddress\"]\n\t\t\t\t\t\t\tdelete(config, \"defaultSenderAddress\")\n\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif _, ok := config[\"defaultSenderName\"]; ok {\n\t\t\t\t\t\t\tconfig[\"senderName\"] = config[\"defaultSenderName\"]\n\t\t\t\t\t\t\tdelete(config, \"defaultSenderName\")\n\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif _, ok := config[\"defaultReceiverAddress\"]; ok {\n\t\t\t\t\t\t\tconfig[\"receiverAddress\"] = config[\"defaultReceiverAddress\"]\n\t\t\t\t\t\t\tdelete(config, \"defaultReceiverAddress\")\n\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t}\n\n\t\t\t\t\tcase \"telegrambot\":\n\t\t\t\t\t\tif _, ok := config[\"defaultChatId\"]; ok {\n\t\t\t\t\t\t\tconfig[\"chatId\"] = config[\"defaultChatId\"]\n\t\t\t\t\t\t\tdelete(config, \"defaultChatId\")\n\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t}\n\n\t\t\t\t\tcase \"webhook\":\n\t\t\t\t\t\tif _, ok := config[\"defaultDataForDeployment\"]; ok {\n\t\t\t\t\t\t\tif existsData, exists := config[\"data\"]; !exists || existsData == \"\" {\n\t\t\t\t\t\t\t\tconfig[\"data\"] = config[\"defaultDataForDeployment\"]\n\t\t\t\t\t\t\t\tdelete(config, \"defaultDataForDeployment\")\n\t\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif _, ok := config[\"defaultDataForNotification\"]; ok {\n\t\t\t\t\t\t\tif existsData, exists := config[\"data\"]; !exists || existsData == \"\" {\n\t\t\t\t\t\t\t\tconfig[\"data\"] = config[\"defaultDataForNotification\"]\n\t\t\t\t\t\t\t\tdelete(config, \"defaultDataForNotification\")\n\t\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif _, ok := config[\"dataForDeployment\"]; ok {\n\t\t\t\t\t\t\tif existsData, exists := config[\"data\"]; !exists || existsData == \"\" {\n\t\t\t\t\t\t\t\tconfig[\"data\"] = config[\"dataForDeployment\"]\n\t\t\t\t\t\t\t\tdelete(config, \"dataForDeployment\")\n\t\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif _, ok := config[\"dataForNotification\"]; ok {\n\t\t\t\t\t\t\tif existsData, exists := config[\"data\"]; !exists || existsData == \"\" {\n\t\t\t\t\t\t\t\tconfig[\"data\"] = config[\"dataForNotification\"]\n\t\t\t\t\t\t\t\tdelete(config, \"dataForNotification\")\n\t\t\t\t\t\t\t\trecord.Set(\"config\", config)\n\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// update collection `certificate`\n\t\t// - modify field `source` candidates\n\t\t// - rename field `effectAt` to `validityNotBefore`\n\t\t// - rename field `expireAt` to `validityNotAfter`\n\t\t// - rename field `acmeAccountUrl` to `acmeAcctUrl`\n\t\t// - rename field `workflowId` to `workflowRef`\n\t\t// - rename field `workflowRunId` to `workflowRunRef`\n\t\t// - rename field `workflowOutputId`(aka `workflowOutputRef`)\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"4szxr9x43tpj6np\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(1, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"by9hetqi\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"name\": \"source\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\"request\",\n\t\t\t\t\t\t\"upload\"\n\t\t\t\t\t]\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(9, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"v40aqzpd\",\n\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\"name\": \"validityNotBefore\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(10, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"zgpdby2k\",\n\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\"name\": \"validityNotAfter\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(11, []byte(`{\n\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"text2045248758\",\n\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\"name\": \"acmeAcctUrl\",\n\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(15, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": false,\n\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"uvqfamb1\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(16, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": false,\n\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"relation3917999135\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"workflowRunRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tcollection.Fields.RemoveByName(\"workflowOutputId\")\n\t\t\t\tcollection.Fields.RemoveByName(\"workflowOutputRef\")\n\n\t\t\t\tif err := json.Unmarshal([]byte(`{\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_Jx8TXzDCmw`+\"`\"+` ON `+\"`\"+`certificate`+\"`\"+` (`+\"`\"+`workflowRef`+\"`\"+`)\",\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_2cRXqNDyyp`+\"`\"+` ON `+\"`\"+`certificate`+\"`\"+` (`+\"`\"+`workflowRunRef`+\"`\"+`)\",\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_kcKpgAZapk`+\"`\"+` ON `+\"`\"+`certificate`+\"`\"+` (`+\"`\"+`workflowNodeId`+\"`\"+`)\"\n\t\t\t\t\t]\n\t\t\t\t}`), &collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE certificate SET source = 'request' WHERE source = 'workflow'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\t\t\t}\n\t\t}\n\n\t\t// update collection `workflow`\n\t\t// - modify field `trigger` candidates, and cascading migrate field `graphDraft` / `graphContent`\n\t\t// - modify field `lastRunStatus` candidates\n\t\t// - rename field `lastRunRefId` to `lastRunRef`\n\t\t// - rename field `draft` to `graphDraft`\n\t\t// - rename field `content` to `graphContent`\n\t\t// - add field `hasContent`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(3, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"vqoajwjq\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"name\": \"trigger\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\"manual\",\n\t\t\t\t\t\t\"scheduled\"\n\t\t\t\t\t]\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(6, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"g9ohkk5o\",\n\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\"name\": \"graphDraft\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(7, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"awlphkfe\",\n\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\"name\": \"graphContent\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(9, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"bool3832150317\",\n\t\t\t\t\t\"name\": \"hasContent\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"bool\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(10, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": false,\n\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"a23wkj9x\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"lastRunRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(11, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"zivdxh23\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"name\": \"lastRunStatus\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\"pending\",\n\t\t\t\t\t\t\"processing\",\n\t\t\t\t\t\t\"succeeded\",\n\t\t\t\t\t\t\"failed\",\n\t\t\t\t\t\t\"canceled\"\n\t\t\t\t\t]\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow SET trigger = 'scheduled' WHERE trigger = 'auto'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow SET hasContent = TRUE WHERE graphContent IS NOT NULL\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow SET lastRunStatus = 'processing' WHERE lastRunStatus = 'running'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t} else {\n\t\t\t\t\tfor _, record := range records {\n\t\t\t\t\t\tchanged := false\n\n\t\t\t\t\t\tgraphDraft := make(map[string]any)\n\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graphDraft\", &graphDraft); err == nil {\n\t\t\t\t\t\t\tif _, ok := graphDraft[\"config\"]; ok {\n\t\t\t\t\t\t\t\tconfig := graphDraft[\"config\"].(map[string]any)\n\t\t\t\t\t\t\t\tif _, ok := config[\"trigger\"]; ok {\n\t\t\t\t\t\t\t\t\ttrigger := config[\"trigger\"].(string)\n\t\t\t\t\t\t\t\t\tif trigger == \"auto\" {\n\t\t\t\t\t\t\t\t\t\tconfig[\"trigger\"] = \"scheduled\"\n\t\t\t\t\t\t\t\t\t\trecord.Set(\"graphDraft\", graphDraft)\n\t\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tgraphContent := make(map[string]any)\n\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graphContent\", &graphContent); err == nil {\n\t\t\t\t\t\t\tif _, ok := graphContent[\"config\"]; ok {\n\t\t\t\t\t\t\t\tconfig := graphContent[\"config\"].(map[string]any)\n\t\t\t\t\t\t\t\tif _, ok := config[\"trigger\"]; ok {\n\t\t\t\t\t\t\t\t\ttrigger := config[\"trigger\"].(string)\n\t\t\t\t\t\t\t\t\tif trigger == \"auto\" {\n\t\t\t\t\t\t\t\t\t\tconfig[\"trigger\"] = \"scheduled\"\n\t\t\t\t\t\t\t\t\t\trecord.Set(\"graphContent\", graphContent)\n\t\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif changed {\n\t\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// update collection `workflow_run`\n\t\t// - modify field `trigger` candidates, and cascading migrate field `graph`\n\t\t// - modify field `status` candidates\n\t\t// - rename field `detail` to `graph`\n\t\t// - rename field `workflowId` to `workflowRef`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(1, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"m8xfsyyy\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(2, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"qldmh0tw\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"name\": \"status\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\"pending\",\n\t\t\t\t\t\t\"processing\",\n\t\t\t\t\t\t\"succeeded\",\n\t\t\t\t\t\t\"failed\",\n\t\t\t\t\t\t\"canceled\"\n\t\t\t\t\t]\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(3, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"jlroa3fk\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"name\": \"trigger\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\"manual\",\n\t\t\t\t\t\t\"scheduled\"\n\t\t\t\t\t]\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(6, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"json772177811\",\n\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\"name\": \"graph\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := json.Unmarshal([]byte(`{\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_7ZpfjTFsD2`+\"`\"+` ON `+\"`\"+`workflow_run`+\"`\"+` (`+\"`\"+`workflowRef`+\"`\"+`)\"\n\t\t\t\t\t]\n\t\t\t\t}`), &collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_run SET trigger = 'scheduled' WHERE trigger = 'auto'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_run SET status = 'processing' WHERE status = 'running'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t} else {\n\t\t\t\t\tfor _, record := range records {\n\t\t\t\t\t\tchanged := false\n\n\t\t\t\t\t\tgraphContent := make(map[string]any)\n\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graph\", &graphContent); err == nil {\n\t\t\t\t\t\t\tif _, ok := graphContent[\"config\"]; ok {\n\t\t\t\t\t\t\t\tconfig := graphContent[\"config\"].(map[string]any)\n\t\t\t\t\t\t\t\tif _, ok := config[\"trigger\"]; ok {\n\t\t\t\t\t\t\t\t\ttrigger := config[\"trigger\"].(string)\n\t\t\t\t\t\t\t\t\tif trigger == \"auto\" {\n\t\t\t\t\t\t\t\t\t\tconfig[\"trigger\"] = \"scheduled\"\n\t\t\t\t\t\t\t\t\t\trecord.Set(\"graph\", graphContent)\n\t\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif changed {\n\t\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// update collection `workflow_output`\n\t\t// - rename field `workflowId` to `workflowRef`\n\t\t// - rename field `runId` to `runRef`\n\t\t// - rename field `node` to `nodeConfig`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"bqnxb95f2cooowp\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif err := json.Unmarshal([]byte(`{\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_BYoQPsz4my`+\"`\"+` ON `+\"`\"+`workflow_output`+\"`\"+` (`+\"`\"+`workflowRef`+\"`\"+`)\",\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_O9zxLETuxJ`+\"`\"+` ON `+\"`\"+`workflow_output`+\"`\"+` (`+\"`\"+`runRef`+\"`\"+`)\",\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_luac8Ul34G`+\"`\"+` ON `+\"`\"+`workflow_output`+\"`\"+` (`+\"`\"+`nodeId`+\"`\"+`)\"\n\t\t\t\t\t]\n\t\t\t\t}`), &collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(1, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"jka88auc\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(2, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"relation821863227\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"runRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(4, []byte(`{\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"json2239752261\",\n\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\"name\": \"nodeConfig\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\t\t\t}\n\t\t}\n\n\t\t// update collection `workflow_logs`\n\t\t// - modify field `level` type\n\t\t// - rename field `workflowId` to `workflowRef`\n\t\t// - rename field `runId` to `runRef`\n\t\t// - migrate field `message`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"pbc_1682296116\")\n\t\t\tif err != nil {\n\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tif field := collection.Fields.GetByName(\"level\"); field != nil && field.Type() == \"text\" {\n\t\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET level = '-4' WHERE level = 'DEBUG'\").Execute(); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET level = '0' WHERE level = 'INFO'\").Execute(); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET level = '4' WHERE level = 'WARN'\").Execute(); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET level = '8' WHERE level = 'ERROR'\").Execute(); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(7, []byte(`{\n\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\"id\": \"number760395071\",\n\t\t\t\t\t\t\"max\": null,\n\t\t\t\t\t\t\"min\": null,\n\t\t\t\t\t\t\"name\": \"levelTmp\",\n\t\t\t\t\t\t\"onlyInt\": false,\n\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t}`)); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET levelTmp = level\").Execute(); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tcollection.Fields.RemoveById(field.GetId())\n\t\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(6, []byte(`{\n\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\"id\": \"number760395071\",\n\t\t\t\t\t\t\"max\": null,\n\t\t\t\t\t\t\"min\": null,\n\t\t\t\t\t\t\"name\": \"level\",\n\t\t\t\t\t\t\"onlyInt\": false,\n\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t}`)); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(1, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"relation3371272342\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := collection.Fields.AddMarshaledJSONAt(2, []byte(`{\n\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\"id\": \"relation821863227\",\n\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\"name\": \"runRef\",\n\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t}`)); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := json.Unmarshal([]byte(`{\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_IOlpy6XuJ2`+\"`\"+` ON `+\"`\"+`workflow_logs`+\"`\"+` (`+\"`\"+`workflowRef`+\"`\"+`)\",\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_qVlTb2yl7v`+\"`\"+` ON `+\"`\"+`workflow_logs`+\"`\"+` (`+\"`\"+`runRef`+\"`\"+`)\",\n\t\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_UL4tdCXNlA`+\"`\"+` ON `+\"`\"+`workflow_logs`+\"`\"+` (`+\"`\"+`nodeId`+\"`\"+`)\"\n\t\t\t\t\t]\n\t\t\t\t}`), &collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET message = REPLACE(message, 'certificiate', 'certificate') WHERE level = 0\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET message = REPLACE(message, 'ready to apply certificate', 'ready to request certificate') WHERE level = 0\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_logs SET message = REPLACE(message, 'ready to obtain certificate', 'ready to request certificate') WHERE level = 0\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\t\t\t}\n\t\t}\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\tconvertNode := func(root *snapsv03.WorkflowNode) []*snapsv04.WorkflowNode {\n\t\t\t\tlang := lo.\n\t\t\t\t\tIfF(root == nil, func() string { return \"zh\" }).\n\t\t\t\t\tElseIf(regexp.MustCompile(`[\\p{Han}]`).MatchString(root.Name), \"zh\").\n\t\t\t\t\tElse(\"en\")\n\n\t\t\t\tvar deepConvertNode func(node *snapsv03.WorkflowNode) []*snapsv04.WorkflowNode\n\t\t\t\tdeepConvertNode = func(node *snapsv03.WorkflowNode) []*snapsv04.WorkflowNode {\n\t\t\t\t\ttemp := make([]*snapsv04.WorkflowNode, 0)\n\n\t\t\t\t\tcurrent := node\n\t\t\t\t\tfor current != nil {\n\t\t\t\t\t\tcurrent.Config = lo.PickBy(current.Config, func(key string, value any) bool {\n\t\t\t\t\t\t\tstr, ok := value.(string)\n\t\t\t\t\t\t\treturn !ok || str != \"\"\n\t\t\t\t\t\t})\n\n\t\t\t\t\t\tswitch current.Type {\n\t\t\t\t\t\tcase \"start\":\n\t\t\t\t\t\t\ttemp = append(temp, &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"start\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: current.Name,\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t})\n\n\t\t\t\t\t\tcase \"apply\":\n\t\t\t\t\t\t\tif _, ok := current.Config[\"challengeType\"].(string); !ok {\n\t\t\t\t\t\t\t\tcurrent.Config[\"challengeType\"] = \"dns-01\"\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttemp = append(temp, &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"bizApply\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: current.Name,\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t})\n\n\t\t\t\t\t\tcase \"upload\":\n\t\t\t\t\t\t\tif _, ok := current.Config[\"source\"].(string); !ok {\n\t\t\t\t\t\t\t\tcurrent.Config[\"source\"] = \"form\"\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttemp = append(temp, &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"bizUpload\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: current.Name,\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t})\n\n\t\t\t\t\t\tcase \"monitor\":\n\t\t\t\t\t\t\ttemp = append(temp, &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"bizMonitor\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: current.Name,\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t})\n\n\t\t\t\t\t\tcase \"deploy\":\n\t\t\t\t\t\t\tif s, ok := current.Config[\"certificate\"].(string); ok {\n\t\t\t\t\t\t\t\tcurrent.Config[\"certificateOutputNodeId\"] = strings.Split(s, \"#\")[0]\n\t\t\t\t\t\t\t\tdelete(current.Config, \"certificate\")\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttemp = append(temp, &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"bizDeploy\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: current.Name,\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t})\n\n\t\t\t\t\t\tcase \"notify\":\n\t\t\t\t\t\t\tif _, ok := current.Config[\"channel\"].(string); ok {\n\t\t\t\t\t\t\t\tdelete(current.Config, \"channel\")\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttemp = append(temp, &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"bizNotify\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: current.Name,\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t})\n\n\t\t\t\t\t\tcase \"execute_result_branch\":\n\t\t\t\t\t\t\tif len(temp) == 0 {\n\t\t\t\t\t\t\t\tbreak\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttryNode, _ := lo.Last(temp)\n\t\t\t\t\t\t\ttemp = lo.DropRight(temp, 1)\n\n\t\t\t\t\t\t\tbranches := lo.GroupBy(current.Branches, func(b *snapsv03.WorkflowNode) string { return b.Type })\n\t\t\t\t\t\t\tsuccessBranch := lo.IfF(len(branches[\"execute_success\"]) > 0, func() *snapsv03.WorkflowNode {\n\t\t\t\t\t\t\t\treturn branches[\"execute_success\"][0]\n\t\t\t\t\t\t\t}).Else(nil)\n\t\t\t\t\t\t\tfailureBranch := lo.IfF(len(branches[\"execute_failure\"]) > 0, func() *snapsv03.WorkflowNode {\n\t\t\t\t\t\t\t\treturn branches[\"execute_failure\"][0]\n\t\t\t\t\t\t\t}).Else(nil)\n\t\t\t\t\t\t\tsuccessBranchId := lo.If(successBranch != nil, successBranch.Id).Else(core.GenerateDefaultRandomId())\n\t\t\t\t\t\t\tfailureBranchId := lo.If(failureBranch != nil, failureBranch.Id).Else(core.GenerateDefaultRandomId())\n\n\t\t\t\t\t\t\tcatchBlocks := lo.If(failureBranch != nil && failureBranch.Next != nil, deepConvertNode(failureBranch.Next)).Else([]*snapsv04.WorkflowNode{})\n\t\t\t\t\t\t\tcatchBlocks = append(catchBlocks, &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: core.GenerateDefaultRandomId(),\n\t\t\t\t\t\t\t\tType: \"end\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: lo.If(lang == \"en\", \"End\").Else(\"结束\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t})\n\n\t\t\t\t\t\t\ttryCatchNode := &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"tryCatch\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: lo.If(lang == \"en\", \"Try to ...\").Else(\"尝试执行…\"),\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tBlocks: []*snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\tId: successBranchId,\n\t\t\t\t\t\t\t\t\t\tType: \"tryBlock\",\n\t\t\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\t\t\tName: \"\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tBlocks: []*snapsv04.WorkflowNode{tryNode},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\t\tId: failureBranchId,\n\t\t\t\t\t\t\t\t\t\tType: \"catchBlock\",\n\t\t\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\t\t\tName: lo.If(lang == \"en\", \"On failed ...\").Else(\"若执行失败…\"),\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tBlocks: catchBlocks,\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttemp = append(temp, tryCatchNode)\n\t\t\t\t\t\t\tcurrent = successBranch\n\n\t\t\t\t\t\tcase \"branch\":\n\t\t\t\t\t\t\tbranchNode := &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\tId: current.Id,\n\t\t\t\t\t\t\t\tType: \"condition\",\n\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\tName: lo.If(lang == \"en\", \"Parallel\").Else(\"并行\"),\n\t\t\t\t\t\t\t\t\tConfig: current.Config,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tBlocks: lo.Map(current.Branches, func(b *snapsv03.WorkflowNode, _ int) *snapsv04.WorkflowNode {\n\t\t\t\t\t\t\t\t\treturn &snapsv04.WorkflowNode{\n\t\t\t\t\t\t\t\t\t\tId: b.Id,\n\t\t\t\t\t\t\t\t\t\tType: \"branchBlock\",\n\t\t\t\t\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\t\t\t\t\tName: b.Name,\n\t\t\t\t\t\t\t\t\t\t\tConfig: b.Config,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tBlocks: deepConvertNode(b.Next),\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\ttemp = append(temp, branchNode)\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif current != nil {\n\t\t\t\t\t\t\tcurrent = current.Next\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\treturn temp\n\t\t\t\t}\n\n\t\t\t\tnodes := lo.Ternary(root == nil, []*snapsv04.WorkflowNode{\n\t\t\t\t\t{\n\t\t\t\t\t\tId: core.GenerateDefaultRandomId(),\n\t\t\t\t\t\tType: \"start\",\n\t\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\t\tName: lo.If(lang == \"en\", \"Start\").Else(\"开始\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t}, deepConvertNode(root))\n\n\t\t\t\treturn append(nodes, &snapsv04.WorkflowNode{\n\t\t\t\t\tId: core.GenerateDefaultRandomId(),\n\t\t\t\t\tType: \"end\",\n\t\t\t\t\tData: snapsv04.WorkflowNodeData{\n\t\t\t\t\t\tName: lo.If(lang == \"en\", \"End\").Else(\"结束\"),\n\t\t\t\t\t},\n\t\t\t\t})\n\t\t\t}\n\n\t\t\t// update collection `workflow`\n\t\t\t// - migrate field `graphDraft` / `graphContent`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tfor _, record := range records {\n\t\t\t\t\t\t\tchanged := false\n\n\t\t\t\t\t\t\tgraphDraft := make(map[string]any)\n\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graphDraft\", &graphDraft); err == nil {\n\t\t\t\t\t\t\t\tif len(graphDraft) > 0 {\n\t\t\t\t\t\t\t\t\tif _, ok := graphDraft[\"nodes\"]; !ok {\n\t\t\t\t\t\t\t\t\t\tlegacyRootNode := &snapsv03.WorkflowNode{}\n\t\t\t\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graphDraft\", legacyRootNode); err != nil {\n\t\t\t\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\tgraphDraft = make(map[string]any)\n\t\t\t\t\t\t\t\t\t\t\tgraphDraft[\"nodes\"] = convertNode(legacyRootNode)\n\t\t\t\t\t\t\t\t\t\t\trecord.Set(\"graphDraft\", graphDraft)\n\t\t\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tgraphContent := make(map[string]any)\n\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graphContent\", &graphContent); err == nil {\n\t\t\t\t\t\t\t\tif len(graphContent) > 0 {\n\t\t\t\t\t\t\t\t\tif _, ok := graphContent[\"nodes\"]; !ok {\n\t\t\t\t\t\t\t\t\t\tlegacyRootNode := &snapsv03.WorkflowNode{}\n\t\t\t\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graphContent\", legacyRootNode); err != nil {\n\t\t\t\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\tgraphContent = make(map[string]any)\n\t\t\t\t\t\t\t\t\t\t\tgraphContent[\"nodes\"] = convertNode(legacyRootNode)\n\t\t\t\t\t\t\t\t\t\t\trecord.Set(\"graphContent\", graphContent)\n\t\t\t\t\t\t\t\t\t\t\trecord.Set(\"hasContent\", true)\n\t\t\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif changed {\n\t\t\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_run`\n\t\t\t// - migrate field `graph`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\t\tif err != nil {\n\t\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tfor _, record := range records {\n\t\t\t\t\t\t\tchanged := false\n\n\t\t\t\t\t\t\tgraphContent := make(map[string]any)\n\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graph\", &graphContent); err == nil {\n\t\t\t\t\t\t\t\tif len(graphContent) > 0 {\n\t\t\t\t\t\t\t\t\tif _, ok := graphContent[\"nodes\"]; !ok {\n\t\t\t\t\t\t\t\t\t\tlegacyRootNode := &snapsv03.WorkflowNode{}\n\t\t\t\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"graph\", legacyRootNode); err != nil {\n\t\t\t\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\t\tgraphContent = make(map[string]any)\n\t\t\t\t\t\t\t\t\t\t\tgraphContent[\"nodes\"] = convertNode(legacyRootNode)\n\t\t\t\t\t\t\t\t\t\t\trecord.Set(\"graph\", graphContent)\n\t\t\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif changed {\n\t\t\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_output`\n\t\t\t// - migrate field `nodeConfig`\n\t\t\t// - migrate field `outputs`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"bqnxb95f2cooowp\")\n\t\t\t\tif err != nil {\n\t\t\t\t\tif !errors.Is(err, sql.ErrNoRows) {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tfor _, record := range records {\n\t\t\t\t\t\t\tchanged := false\n\n\t\t\t\t\t\t\tnodeConfig := make(map[string]any)\n\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"nodeConfig\", &nodeConfig); err == nil {\n\t\t\t\t\t\t\t\tif _, ok := nodeConfig[\"id\"]; ok {\n\t\t\t\t\t\t\t\t\tif _, ok := nodeConfig[\"type\"]; ok {\n\t\t\t\t\t\t\t\t\t\tif _, ok := nodeConfig[\"config\"]; ok {\n\t\t\t\t\t\t\t\t\t\t\trecord.Set(\"nodeConfig\", nodeConfig[\"config\"])\n\t\t\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\toutputs := make([]map[string]any, 0)\n\t\t\t\t\t\t\tif err := record.UnmarshalJSONField(\"outputs\", &outputs); err == nil {\n\t\t\t\t\t\t\t\tfor i, output := range outputs {\n\t\t\t\t\t\t\t\t\tif _, ok := output[\"label\"]; ok {\n\t\t\t\t\t\t\t\t\t\toutput[\"valueType\"] = \"string\"\n\t\t\t\t\t\t\t\t\t\tdelete(output, \"label\")\n\t\t\t\t\t\t\t\t\t\tdelete(output, \"required\")\n\t\t\t\t\t\t\t\t\t\tdelete(output, \"valueSelector\")\n\n\t\t\t\t\t\t\t\t\t\tif output[\"type\"] == \"certificate\" {\n\t\t\t\t\t\t\t\t\t\t\toutput[\"type\"] = \"ref\"\n\t\t\t\t\t\t\t\t\t\t\toutput[\"value\"] = fmt.Sprintf(\"certificate#%s\", output[\"value\"])\n\t\t\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\t\t\toutputs[i] = output\n\t\t\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\trecord.Set(\"outputs\", outputs)\n\t\t\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif changed {\n\t\t\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// normalize field `nodeId` in collection `workflow`, `workflow_run`, `workflow_output`, `workflow_logs`\n\t\t\tconst ATTEMPTS = 3\n\t\t\tfor i := 1; i <= ATTEMPTS; i++ {\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow SET graphDraft=REPLACE(graphDraft, '\"id\":\"-', '\"id\":\"')`).Execute()\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow SET graphDraft=REPLACE(graphDraft, '\"id\":\"_', '\"id\":\"')`).Execute()\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow SET graphContent=REPLACE(graphContent, '\"id\":\"-', '\"id\":\"')`).Execute()\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow SET graphContent=REPLACE(graphContent, '\"id\":\"_', '\"id\":\"')`).Execute()\n\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow_run SET graph=REPLACE(graph, '\"id\":\"-', '\"id\":\"')`).Execute()\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow_run SET graph=REPLACE(graph, '\"id\":\"_', '\"id\":\"')`).Execute()\n\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow_output SET nodeId=SUBSTR(nodeId, 2) WHERE nodeId LIKE '-%'`).Execute()\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow_output SET nodeId=SUBSTR(nodeId, 2) WHERE nodeId LIKE '\\_%' ESCAPE '\\'`).Execute()\n\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow_logs SET nodeId=SUBSTR(nodeId, 2) WHERE nodeId LIKE '-%'`).Execute()\n\t\t\t\tapp.DB().NewQuery(`UPDATE workflow_logs SET nodeId=SUBSTR(nodeId, 2) WHERE nodeId LIKE '\\_%' ESCAPE '\\'`).Execute()\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1757476801_initialize_v0.4.0.go",
"content": "package migrations\n\nimport (\n\t\"os\"\n\t\"strings\"\n\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\tif err := app.DB().\n\t\t\tNewQuery(\"SELECT (1) FROM _migrations WHERE file={:file} LIMIT 1\").\n\t\t\tBind(dbx.Params{\"file\": \"1757476801_m0.4.0_initialize.go\"}).\n\t\t\tOne(&struct{}{}); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\t// snapshot\n\t\t{\n\t\t\tjsonData := `[\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"geeur58v\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"name\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text2024822322\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"provider\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"iql7jpwx\",\n\t\t\t\t\t\t\t\"maxSize\": 2000000,\n\t\t\t\t\t\t\t\"name\": \"config\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text2859962647\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"reserve\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"lr33hiwg\",\n\t\t\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\t\t\"name\": \"deleted\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate3332085495\",\n\t\t\t\t\t\t\t\"name\": \"updated\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": true,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"4yzbv8urny5ja1e\",\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_wkoST0j` + \"`\" + ` ON ` + \"`\" + `access` + \"`\" + ` (` + \"`\" + `name` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_frh0JT1Aqx` + \"`\" + ` ON ` + \"`\" + `access` + \"`\" + ` (` + \"`\" + `provider` + \"`\" + `)\"\n\t\t\t\t\t],\n\t\t\t\t\t\"name\": \"access\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"1tcmdsdf\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"name\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"f9wyhypi\",\n\t\t\t\t\t\t\t\"maxSize\": 2000000,\n\t\t\t\t\t\t\t\"name\": \"content\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate3332085495\",\n\t\t\t\t\t\t\t\"name\": \"updated\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": true,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"dy6ccjb60spfy6p\",\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE UNIQUE INDEX ` + \"`\" + `idx_RO7X9Vw` + \"`\" + ` ON ` + \"`\" + `settings` + \"`\" + ` (` + \"`\" + `name` + \"`\" + `)\"\n\t\t\t\t\t],\n\t\t\t\t\t\"name\": \"settings\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"fmjfn0yw\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"ca\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"exceptDomains\": null,\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"qqwijqzt\",\n\t\t\t\t\t\t\t\"name\": \"email\",\n\t\t\t\t\t\t\t\"onlyDomains\": null,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"email\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"genxqtii\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"privateKey\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"1aoia909\",\n\t\t\t\t\t\t\t\"maxSize\": 2000000,\n\t\t\t\t\t\t\t\"name\": \"acmeAccount\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"exceptDomains\": null,\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"url2424532088\",\n\t\t\t\t\t\t\t\"name\": \"acmeAcctUrl\",\n\t\t\t\t\t\t\t\"onlyDomains\": null,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"url\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"exceptDomains\": null,\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"url3632694140\",\n\t\t\t\t\t\t\t\"name\": \"acmeDirUrl\",\n\t\t\t\t\t\t\t\"onlyDomains\": null,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"url\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate3332085495\",\n\t\t\t\t\t\t\t\"name\": \"updated\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": true,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"012d7abbod1hwvr\",\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_dQiYzimY7m` + \"`\" + ` ON ` + \"`\" + `acme_accounts` + \"`\" + ` (` + \"`\" + `ca` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_TjyqY6LAGa` + \"`\" + ` ON ` + \"`\" + `acme_accounts` + \"`\" + ` (\\n ` + \"`\" + `ca` + \"`\" + `,\\n ` + \"`\" + `acmeDirUrl` + \"`\" + `\\n)\",\n\t\t\t\t\t\t\"CREATE UNIQUE INDEX ` + \"`\" + `idx_G4brUDgxzc` + \"`\" + ` ON ` + \"`\" + `acme_accounts` + \"`\" + ` (\\n ` + \"`\" + `ca` + \"`\" + `,\\n ` + \"`\" + `acmeDirUrl` + \"`\" + `,\\n ` + \"`\" + `acmeAcctUrl` + \"`\" + `\\n)\"\n\t\t\t\t\t],\n\t\t\t\t\t\"name\": \"acme_accounts\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"8yydhv1h\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"name\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"1buzebwz\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"description\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"vqoajwjq\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"name\": \"trigger\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\t\t\"manual\",\n\t\t\t\t\t\t\t\t\"scheduled\"\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"8ho247wh\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"triggerCron\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"nq7kfdzi\",\n\t\t\t\t\t\t\t\"name\": \"enabled\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"bool\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"g9ohkk5o\",\n\t\t\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\t\t\"name\": \"graphDraft\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"awlphkfe\",\n\t\t\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\t\t\"name\": \"graphContent\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"2rpfz9t3\",\n\t\t\t\t\t\t\t\"name\": \"hasDraft\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"bool\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"bool3832150317\",\n\t\t\t\t\t\t\t\"name\": \"hasContent\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"bool\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": false,\n\t\t\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"a23wkj9x\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"lastRunRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"zivdxh23\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"name\": \"lastRunStatus\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\t\t\"pending\",\n\t\t\t\t\t\t\t\t\"processing\",\n\t\t\t\t\t\t\t\t\"succeeded\",\n\t\t\t\t\t\t\t\t\"failed\",\n\t\t\t\t\t\t\t\t\"canceled\"\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"u9bosu36\",\n\t\t\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\t\t\"name\": \"lastRunTime\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate3332085495\",\n\t\t\t\t\t\t\t\"name\": \"updated\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": true,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\"indexes\": [],\n\t\t\t\t\t\"name\": \"workflow\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"jka88auc\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"relation821863227\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"runRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"z9fgvqkz\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"nodeId\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"json2239752261\",\n\t\t\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\t\t\"name\": \"nodeConfig\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"he4cceqb\",\n\t\t\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\t\t\"name\": \"outputs\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"2yfxbxuf\",\n\t\t\t\t\t\t\t\"name\": \"succeeded\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"bool\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate3332085495\",\n\t\t\t\t\t\t\t\"name\": \"updated\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": true,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"bqnxb95f2cooowp\",\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_BYoQPsz4my` + \"`\" + ` ON ` + \"`\" + `workflow_output` + \"`\" + ` (` + \"`\" + `workflowRef` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_O9zxLETuxJ` + \"`\" + ` ON ` + \"`\" + `workflow_output` + \"`\" + ` (` + \"`\" + `runRef` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_luac8Ul34G` + \"`\" + ` ON ` + \"`\" + `workflow_output` + \"`\" + ` (` + \"`\" + `nodeId` + \"`\" + `)\"\n\t\t\t\t\t],\n\t\t\t\t\t\"name\": \"workflow_output\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"by9hetqi\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"name\": \"source\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\t\t\"request\",\n\t\t\t\t\t\t\t\t\"upload\"\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"fugxf58p\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"subjectAltNames\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text2069360702\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"serialNumber\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"plmambpz\",\n\t\t\t\t\t\t\t\"max\": 100000,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"certificate\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"49qvwxcg\",\n\t\t\t\t\t\t\t\"max\": 100000,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"privateKey\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text2910474005\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"issuerOrg\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"agt7n5bb\",\n\t\t\t\t\t\t\t\"max\": 100000,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"issuerCertificate\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text4164403445\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"keyAlgorithm\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"v40aqzpd\",\n\t\t\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\t\t\"name\": \"validityNotBefore\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"zgpdby2k\",\n\t\t\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\t\t\"name\": \"validityNotAfter\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text2045248758\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"acmeAcctUrl\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"exceptDomains\": null,\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"ayyjy5ve\",\n\t\t\t\t\t\t\t\"name\": \"acmeCertUrl\",\n\t\t\t\t\t\t\t\"onlyDomains\": null,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"url\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"exceptDomains\": null,\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"3x5heo8e\",\n\t\t\t\t\t\t\t\"name\": \"acmeCertStableUrl\",\n\t\t\t\t\t\t\t\"onlyDomains\": null,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"url\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"bool810050391\",\n\t\t\t\t\t\t\t\"name\": \"acmeRenewed\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"bool\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": false,\n\t\t\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"uvqfamb1\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": false,\n\t\t\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"relation3917999135\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"workflowRunRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"uqldzldw\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"workflowNodeId\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"klyf4nlq\",\n\t\t\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\t\t\"name\": \"deleted\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate3332085495\",\n\t\t\t\t\t\t\t\"name\": \"updated\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": true,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"4szxr9x43tpj6np\",\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_Jx8TXzDCmw` + \"`\" + ` ON ` + \"`\" + `certificate` + \"`\" + ` (` + \"`\" + `workflowRef` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_2cRXqNDyyp` + \"`\" + ` ON ` + \"`\" + `certificate` + \"`\" + ` (` + \"`\" + `workflowRunRef` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_kcKpgAZapk` + \"`\" + ` ON ` + \"`\" + `certificate` + \"`\" + ` (` + \"`\" + `workflowNodeId` + \"`\" + `)\"\n\t\t\t\t\t],\n\t\t\t\t\t\"name\": \"certificate\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"m8xfsyyy\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"qldmh0tw\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"name\": \"status\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\t\t\"pending\",\n\t\t\t\t\t\t\t\t\"processing\",\n\t\t\t\t\t\t\t\t\"succeeded\",\n\t\t\t\t\t\t\t\t\"failed\",\n\t\t\t\t\t\t\t\t\"canceled\"\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"jlroa3fk\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"name\": \"trigger\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"select\",\n\t\t\t\t\t\t\t\"values\": [\n\t\t\t\t\t\t\t\t\"manual\",\n\t\t\t\t\t\t\t\t\"scheduled\"\n\t\t\t\t\t\t\t]\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"k9xvtf89\",\n\t\t\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\t\t\"name\": \"startedAt\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"3ikum7mk\",\n\t\t\t\t\t\t\t\"max\": \"\",\n\t\t\t\t\t\t\t\"min\": \"\",\n\t\t\t\t\t\t\t\"name\": \"endedAt\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"date\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"json772177811\",\n\t\t\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\t\t\"name\": \"graph\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"hvebkuxw\",\n\t\t\t\t\t\t\t\"max\": 20000,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"error\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate3332085495\",\n\t\t\t\t\t\t\t\"name\": \"updated\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": true,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_7ZpfjTFsD2` + \"`\" + ` ON ` + \"`\" + `workflow_run` + \"`\" + ` (` + \"`\" + `workflowRef` + \"`\" + `)\"\n\t\t\t\t\t],\n\t\t\t\t\t\"name\": \"workflow_run\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"fields\": [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"[a-z0-9]{15}\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3208210256\",\n\t\t\t\t\t\t\t\"max\": 15,\n\t\t\t\t\t\t\t\"min\": 15,\n\t\t\t\t\t\t\t\"name\": \"id\",\n\t\t\t\t\t\t\t\"pattern\": \"^[a-z0-9]+$\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": true,\n\t\t\t\t\t\t\t\"required\": true,\n\t\t\t\t\t\t\t\"system\": true,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\t\t\"collectionId\": \"tovyif5ax6j62ur\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"relation3371272342\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"workflowRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"cascadeDelete\": true,\n\t\t\t\t\t\t\t\"collectionId\": \"qjp8lygssgwyqyz\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"relation821863227\",\n\t\t\t\t\t\t\t\"maxSelect\": 1,\n\t\t\t\t\t\t\t\"minSelect\": 0,\n\t\t\t\t\t\t\t\"name\": \"runRef\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"relation\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text157423495\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"nodeId\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3227511481\",\n\t\t\t\t\t\t\t\"max\": 0,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"nodeName\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"number2782324286\",\n\t\t\t\t\t\t\t\"max\": null,\n\t\t\t\t\t\t\t\"min\": null,\n\t\t\t\t\t\t\t\"name\": \"timestamp\",\n\t\t\t\t\t\t\t\"onlyInt\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"number760395071\",\n\t\t\t\t\t\t\t\"max\": null,\n\t\t\t\t\t\t\t\"min\": null,\n\t\t\t\t\t\t\t\"name\": \"level\",\n\t\t\t\t\t\t\t\"onlyInt\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"autogeneratePattern\": \"\",\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"text3065852031\",\n\t\t\t\t\t\t\t\"max\": 20000,\n\t\t\t\t\t\t\t\"min\": 0,\n\t\t\t\t\t\t\t\"name\": \"message\",\n\t\t\t\t\t\t\t\"pattern\": \"\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"primaryKey\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"text\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"json2918445923\",\n\t\t\t\t\t\t\t\"maxSize\": 5000000,\n\t\t\t\t\t\t\t\"name\": \"data\",\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"required\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"json\"\n\t\t\t\t\t\t},\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\"hidden\": false,\n\t\t\t\t\t\t\t\"id\": \"autodate2990389176\",\n\t\t\t\t\t\t\t\"name\": \"created\",\n\t\t\t\t\t\t\t\"onCreate\": true,\n\t\t\t\t\t\t\t\"onUpdate\": false,\n\t\t\t\t\t\t\t\"presentable\": false,\n\t\t\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\t\t\"type\": \"autodate\"\n\t\t\t\t\t\t}\n\t\t\t\t\t],\n\t\t\t\t\t\"id\": \"pbc_1682296116\",\n\t\t\t\t\t\"indexes\": [\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_IOlpy6XuJ2` + \"`\" + ` ON ` + \"`\" + `workflow_logs` + \"`\" + ` (` + \"`\" + `workflowRef` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_qVlTb2yl7v` + \"`\" + ` ON ` + \"`\" + `workflow_logs` + \"`\" + ` (` + \"`\" + `runRef` + \"`\" + `)\",\n\t\t\t\t\t\t\"CREATE INDEX ` + \"`\" + `idx_UL4tdCXNlA` + \"`\" + ` ON ` + \"`\" + `workflow_logs` + \"`\" + ` (` + \"`\" + `nodeId` + \"`\" + `)\"\n\t\t\t\t\t],\n\t\t\t\t\t\"name\": \"workflow_logs\",\n\t\t\t\t\t\"system\": false,\n\t\t\t\t\t\"type\": \"base\"\n\t\t\t\t}\n\t\t\t]`\n\n\t\t\tif err := app.ImportCollectionsByMarshaledJSON([]byte(jsonData), false); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\t// initialize superuser\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif len(records) == 0 {\n\t\t\t\tenvUsername := strings.TrimSpace(os.Getenv(\"CERTIMATE_ADMIN_USERNAME\"))\n\t\t\t\tif envUsername == \"\" {\n\t\t\t\t\tenvUsername = \"admin@certimate.fun\"\n\t\t\t\t}\n\n\t\t\t\tenvPassword := strings.TrimSpace(os.Getenv(\"CERTIMATE_ADMIN_PASSWORD\"))\n\t\t\t\tif envPassword == \"\" {\n\t\t\t\t\tenvPassword = \"1234567890\"\n\t\t\t\t}\n\n\t\t\t\trecord := core.NewRecord(collection)\n\t\t\t\trecord.Set(\"email\", envUsername)\n\t\t\t\trecord.Set(\"password\", envPassword)\n\t\t\t\treturn app.Save(record)\n\t\t\t}\n\t\t}\n\n\t\t// clean old migrations\n\t\t{\n\t\t\tmigrations := []string{\n\t\t\t\t\"1739462400_collections_snapshot.go\",\n\t\t\t\t\"1739462401_superusers_initial.go\",\n\t\t\t\t\"1740050400_upgrade.go\",\n\t\t\t\t\"1742209200_upgrade.go\",\n\t\t\t\t\"1742392800_upgrade.go\",\n\t\t\t\t\"1742644800_upgrade.go\",\n\t\t\t\t\"1743264000_upgrade.go\",\n\t\t\t\t\"1744192800_upgrade.go\",\n\t\t\t\t\"1744459000_upgrade.go\",\n\t\t\t\t\"1745308800_upgrade.go\",\n\t\t\t\t\"1745726400_upgrade.go\",\n\t\t\t\t\"1747314000_upgrade.go\",\n\t\t\t\t\"1747389600_upgrade.go\",\n\t\t\t\t\"1748178000_upgrade.go\",\n\t\t\t\t\"1748228400_upgrade.go\",\n\t\t\t\t\"1748959200_upgrade.go\",\n\t\t\t\t\"1750687200_upgrade.go\",\n\t\t\t\t\"1751961600_upgrade.go\",\n\t\t\t\t\"1753272000_v0.4.0_migrate.go\",\n\t\t\t\t\"1755187200_cm0.4.0_migrate.go\",\n\t\t\t\t\"1756296000_cm0.4.0_migrate.go\",\n\t\t\t\t\"1757476800_cm0.4.0_initialize.go\",\n\t\t\t\t\"1757476800_m0.4.0_migrate.go\",\n\t\t\t\t\"1757476801_m0.4.0_initialize.go\",\n\t\t\t\t\"1760486400_m0.4.1.go\",\n\t\t\t\t\"1762142400_m0.4.3.go\",\n\t\t\t\t\"1762516800_m0.4.4.go\",\n\t\t\t\t\"1763373600_m0.4.5.go\",\n\t\t\t\t\"1763640000_m0.4.6.go\",\n\t\t\t}\n\t\t\tfor _, name := range migrations {\n\t\t\t\tapp.DB().NewQuery(\"DELETE FROM _migrations WHERE file='\" + name + \"'\").Execute()\n\t\t\t}\n\t\t}\n\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1760486400_upgrade_v0.4.1.go",
"content": "package migrations\n\nimport (\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\tsnaps \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\tif err := app.DB().\n\t\t\tNewQuery(\"SELECT (1) FROM _migrations WHERE file={:file} LIMIT 1\").\n\t\t\tBind(dbx.Params{\"file\": \"1760486400_m0.4.1.go\"}).\n\t\t\tOne(&struct{}{}); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\ttracer := NewTracer(\"v0.4.1\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\twalker := &snaps.WorkflowGraphWalker{}\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizDeploy\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tswitch nodeCfg[\"provider\"] {\n\t\t\t\tcase \"local\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif nodeCfg[\"providerAccessId\"] != nil {\n\t\t\t\t\t\t\tdelete(nodeCfg, \"providerAccessId\")\n\n\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\n\t\t\t// update collection `workflow`\n\t\t\t// - fix #982\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphDraft\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphContent\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1762142400_upgrade_v0.4.3.go",
"content": "package migrations\n\nimport (\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\tsnaps \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\tif err := app.DB().\n\t\t\tNewQuery(\"SELECT (1) FROM _migrations WHERE file={:file} LIMIT 1\").\n\t\t\tBind(dbx.Params{\"file\": \"1762142400_m0.4.3.go\"}).\n\t\t\tOne(&struct{}{}); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\ttracer := NewTracer(\"v0.4.3\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// update collection `certificate`\n\t\t// - rename field `acmeRenewed` to `isRenewed`\n\t\t// - add field `isRevoked`\n\t\t// - add field `validityInterval`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"4szxr9x43tpj6np\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif err := collection.Fields.AddMarshaledJSONAt(11, []byte(`{\n\t\t\t\t\"hidden\": false,\n\t\t\t\t\"id\": \"number2453290051\",\n\t\t\t\t\"max\": null,\n\t\t\t\t\"min\": null,\n\t\t\t\t\"name\": \"validityInterval\",\n\t\t\t\t\"onlyInt\": false,\n\t\t\t\t\"presentable\": false,\n\t\t\t\t\"required\": false,\n\t\t\t\t\"system\": false,\n\t\t\t\t\"type\": \"number\"\n\t\t\t}`)); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif err := collection.Fields.AddMarshaledJSONAt(14, []byte(`{\n\t\t\t\t\"hidden\": false,\n\t\t\t\t\"id\": \"bool810050391\",\n\t\t\t\t\"name\": \"isRenewed\",\n\t\t\t\t\"presentable\": false,\n\t\t\t\t\"required\": false,\n\t\t\t\t\"system\": false,\n\t\t\t\t\"type\": \"bool\"\n\t\t\t}`)); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif err := collection.Fields.AddMarshaledJSONAt(15, []byte(`{\n\t\t\t\t\"hidden\": false,\n\t\t\t\t\"id\": \"bool3680845581\",\n\t\t\t\t\"name\": \"isRevoked\",\n\t\t\t\t\"presentable\": false,\n\t\t\t\t\"required\": false,\n\t\t\t\t\"system\": false,\n\t\t\t\t\"type\": \"bool\"\n\t\t\t}`)); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif _, err := app.DB().NewQuery(\"UPDATE certificate SET validityInterval = (STRFTIME('%s', validityNotAfter) - STRFTIME('%s', validityNotBefore))\").Execute(); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\t\t}\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\twalker := &snaps.WorkflowGraphWalker{}\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizApply\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tif nodeCfg[\"keySource\"] == nil || nodeCfg[\"keySource\"] == \"\" {\n\t\t\t\t\tnodeCfg[\"keySource\"] = \"auto\"\n\n\t\t\t\t\t_changed = true\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizUpload\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tif nodeCfg[\"source\"] == nil || nodeCfg[\"source\"] == \"\" {\n\t\t\t\t\tnodeCfg[\"source\"] = \"form\"\n\n\t\t\t\t\t_changed = true\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\n\t\t\t// update collection `workflow`\n\t\t\t// - migrate field `graphDraft` / `graphContent`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphDraft\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphContent\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_run`\n\t\t\t// - migrate field `graph`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graph\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1762516800_upgrade_v0.4.4.go",
"content": "package migrations\n\nimport (\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\tif err := app.DB().\n\t\t\tNewQuery(\"SELECT (1) FROM _migrations WHERE file={:file} LIMIT 1\").\n\t\t\tBind(dbx.Params{\"file\": \"1762516800_m0.4.4.go\"}).\n\t\t\tOne(&struct{}{}); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\ttracer := NewTracer(\"v0.4.4\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// update collection `access`\n\t\t// - fix #1027\n\t\t{\n\t\t\tif _, err := app.DB().NewQuery(\"UPDATE access SET provider = 'hostingde' WHERE provider = 'hostingDE'\").Execute(); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\t// update collection `workflow`\n\t\t// - fix #1027\n\t\t{\n\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow SET graphDraft = REPLACE(graphDraft, '\\\"hostingDE\\\"', '\\\"hostingde\\\"')\").Execute(); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow SET graphContent = REPLACE(graphContent, '\\\"hostingDE\\\"', '\\\"hostingde\\\"')\").Execute(); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t}\n\n\t\t// update collection `settings`\n\t\t// - modify field `content` schema of `persistence`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"dy6ccjb60spfy6p\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\trecords, err := app.FindRecordsByFilter(collection, \"name=\\\"persistence\\\"\", \"\", 1, 0)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t} else if len(records) != 0 {\n\t\t\t\trecord := records[0]\n\t\t\t\tchanged := false\n\n\t\t\t\tcontent := make(map[string]any)\n\t\t\t\tif err := record.UnmarshalJSONField(\"content\", &content); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t} else {\n\t\t\t\t\tif _, ok := content[\"expiredCertificatesMaxDaysRetention\"]; ok {\n\t\t\t\t\t\tcontent[\"certificatesRetentionMaxDays\"] = content[\"expiredCertificatesMaxDaysRetention\"]\n\t\t\t\t\t\tdelete(content, \"expiredCertificatesMaxDaysRetention\")\n\n\t\t\t\t\t\trecord.Set(\"content\", content)\n\t\t\t\t\t\tchanged = true\n\t\t\t\t\t}\n\n\t\t\t\t\tif _, ok := content[\"workflowRunsMaxDaysRetention\"]; ok {\n\t\t\t\t\t\tcontent[\"workflowRunsRetentionMaxDays\"] = content[\"workflowRunsMaxDaysRetention\"]\n\t\t\t\t\t\tdelete(content, \"workflowRunsMaxDaysRetention\")\n\n\t\t\t\t\t\trecord.Set(\"content\", content)\n\t\t\t\t\t\tchanged = true\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif changed {\n\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1763373600_upgrade_v0.4.5.go",
"content": "package migrations\n\nimport (\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\tsnaps \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\tif err := app.DB().\n\t\t\tNewQuery(\"SELECT (1) FROM _migrations WHERE file={:file} LIMIT 1\").\n\t\t\tBind(dbx.Params{\"file\": \"1763373600_m0.4.5.go\"}).\n\t\t\tOne(&struct{}{}); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\ttracer := NewTracer(\"v0.4.5\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\twalker := &snaps.WorkflowGraphWalker{}\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizDeploy\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tswitch nodeCfg[\"provider\"] {\n\t\t\t\tcase \"aliyun-waf\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tproviderCfg[\"serviceType\"] = \"cname\"\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"baishan-cdn\":\n\t\t\t\tcase \"ksyun-cdn\":\n\t\t\t\tcase \"rainyun-rcdn\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tif providerCfg[\"certificateId\"] != nil && providerCfg[\"certificateId\"].(string) != \"\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"resourceType\"] = \"certificate\"\n\t\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\t\tproviderCfg[\"resourceType\"] = \"domain\"\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"tencentcloud-ssldeploy\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tproviderCfg[\"resourceProduct\"] = providerCfg[\"resourceType\"]\n\t\t\t\t\t\t\tdelete(providerCfg, \"resourceType\")\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"tencentcloud-sslupdate\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tproviderCfg[\"resourceProducts\"] = providerCfg[\"resourceTypes\"]\n\t\t\t\t\t\t\tdelete(providerCfg, \"resourceTypes\")\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\n\t\t\t// update collection `workflow`\n\t\t\t// - migrate field `graphDraft` / `graphContent`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphDraft\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphContent\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow SET graphDraft = REPLACE(graphDraft, '\\\"matchPattern\\\"', '\\\"domainMatchPattern\\\"')\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow SET graphContent = REPLACE(graphContent, '\\\"matchPattern\\\"', '\\\"domainMatchPattern\\\"')\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_run`\n\t\t\t// - migrate field `graph`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graph\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_run SET graph = REPLACE(graph, '\\\"matchPattern\\\"', '\\\"domainMatchPattern\\\"')\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_output`\n\t\t\t// - migrate field `nodeConfig`\n\t\t\t{\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_output SET nodeConfig = REPLACE(nodeConfig, '\\\"matchPattern\\\"', '\\\"domainMatchPattern\\\"')\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_output SET nodeConfig = REPLACE(nodeConfig, '\\\"resourceType\\\"', '\\\"resourceProduct\\\"') WHERE nodeConfig LIKE '%\\\"provider\\\":\\\"tencentcloud-ssldeploy\\\"%' OR nodeConfig LIKE '%\\\"provider\\\":\\\"tencentcloud-sslupdate\\\"%'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1763640000_upgrade_v0.4.6.go",
"content": "package migrations\n\nimport (\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\tsnaps \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\tif err := app.DB().\n\t\t\tNewQuery(\"SELECT (1) FROM _migrations WHERE file={:file} LIMIT 1\").\n\t\t\tBind(dbx.Params{\"file\": \"1763640000_m0.4.6.go\"}).\n\t\t\tOne(&struct{}{}); err == nil {\n\t\t\treturn nil\n\t\t}\n\n\t\ttracer := NewTracer(\"v0.4.6\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\twalker := &snaps.WorkflowGraphWalker{}\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizDeploy\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tswitch nodeCfg[\"provider\"] {\n\t\t\t\tcase \"1panel-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tif providerCfg[\"websiteId\"] != nil && providerCfg[\"websiteId\"].(string) != \"\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"websiteMatchPattern\"] = \"specified\"\n\t\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"baotapanel-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tif providerCfg[\"siteType\"] == nil || providerCfg[\"siteType\"].(string) == \"other\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"siteType\"] = \"any\"\n\t\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif providerCfg[\"siteNames\"] == nil || providerCfg[\"siteNames\"].(string) == \"\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"siteNames\"] = providerCfg[\"siteName\"]\n\t\t\t\t\t\t\t\tdelete(providerCfg, \"siteName\")\n\t\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\t}\n\n\t\t\t\t\t\t\tif _changed {\n\t\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"baotapanelgo-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tif providerCfg[\"siteNames\"] == nil || providerCfg[\"siteNames\"].(string) == \"\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"siteType\"] = \"php\"\n\t\t\t\t\t\t\t\tproviderCfg[\"siteNames\"] = providerCfg[\"siteName\"]\n\t\t\t\t\t\t\t\tdelete(providerCfg, \"siteName\")\n\t\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"baotawaf-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tif providerCfg[\"siteNames\"] == nil || providerCfg[\"siteNames\"].(string) == \"\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"siteNames\"] = providerCfg[\"siteName\"]\n\t\t\t\t\t\t\t\tdelete(providerCfg, \"siteName\")\n\t\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"ratpanel-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tif providerCfg[\"siteNames\"] == nil || providerCfg[\"siteNames\"].(string) == \"\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"siteNames\"] = providerCfg[\"siteName\"]\n\t\t\t\t\t\t\t\tdelete(providerCfg, \"siteName\")\n\t\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"safeline\":\n\t\t\t\t\t{\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"safeline-site\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\n\t\t\t// update collection `workflow`\n\t\t\t// - migrate field `graphDraft` / `graphContent`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphDraft\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphContent\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_run`\n\t\t\t// - migrate field `graph`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graph\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_output`\n\t\t\t// - migrate field `nodeConfig`\n\t\t\t{\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_output SET nodeConfig = REPLACE(nodeConfig, '\\\"provider\\\":\\\"safeline\\\"', '\\\"provider\\\":\\\"safeline-site\\\"') WHERE nodeConfig LIKE '%\\\"provider\\\":\\\"safeline\\\"%'\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tif _, err := app.DB().NewQuery(\"UPDATE workflow_output SET nodeConfig = REPLACE(nodeConfig, '\\\"siteName\\\":', '\\\"siteNames\\\":')\").Execute(); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1766592000_upgrade_v0.4.11.go",
"content": "package migrations\n\nimport (\n\t\"net\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\tsnaps \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\ttracer := NewTracer(\"v0.4.11\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\twalker := &snaps.WorkflowGraphWalker{}\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizApply\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tif nodeCfg[\"identifier\"] == nil || nodeCfg[\"identifier\"] == \"\" {\n\t\t\t\t\tif nodeCfg[\"domains\"] != nil && nodeCfg[\"domains\"].(string) != \"\" {\n\t\t\t\t\t\tif ip := net.ParseIP(nodeCfg[\"domains\"].(string)); ip != nil {\n\t\t\t\t\t\t\tnodeCfg[\"identifier\"] = \"ip\"\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tnodeCfg[\"identifier\"] = \"domain\"\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizUpload\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tif nodeCfg[\"domains\"] != nil {\n\t\t\t\t\tdelete(nodeCfg, \"domains\")\n\n\t\t\t\t\t_changed = true\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\n\t\t\t// update collection `workflow`\n\t\t\t// - migrate field `graphDraft` / `graphContent`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphDraft\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphContent\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_run`\n\t\t\t// - migrate field `graph`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graph\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// clean old migrations\n\t\t{\n\t\t\tmigrations := []string{\n\t\t\t\t\"1757476800_m0.4.0_migrate.go\",\n\t\t\t\t\"1757476801_m0.4.0_initialize.go\",\n\t\t\t\t\"1760486400_m0.4.1.go\",\n\t\t\t\t\"1762142400_m0.4.3.go\",\n\t\t\t\t\"1762516800_m0.4.4.go\",\n\t\t\t\t\"1763373600_m0.4.5.go\",\n\t\t\t\t\"1763553600_m0.4.6.go\",\n\t\t\t\t\"1763640000_m0.4.6.go\",\n\t\t\t}\n\t\t\tfor _, name := range migrations {\n\t\t\t\tapp.DB().NewQuery(\"DELETE FROM _migrations WHERE file='\" + name + \"'\").Execute()\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1766800800_upgrade_v0.4.12.go",
"content": "package migrations\n\nimport (\n\t\"strings\"\n\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcertx509 \"github.com/certimate-go/certimate/pkg/utils/cert/x509\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\ttracer := NewTracer(\"v0.4.12\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// update collection `certificate`\n\t\t// - update field `subjectAltNames`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"4szxr9x43tpj6np\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tfor _, record := range records {\n\t\t\t\tchanged := false\n\n\t\t\t\tif certX509, err := xcert.ParseCertificateFromPEM(record.GetString(\"certificate\")); err == nil {\n\t\t\t\t\tcertSANs := xcertx509.GetSubjectAltNames(certX509)\n\t\t\t\t\tif strings.Join(certSANs, \";\") != record.GetString(\"subjectAltNames\") {\n\t\t\t\t\t\trecord.Set(\"subjectAltNames\", strings.Join(certSANs, \";\"))\n\t\t\t\t\t\tchanged = true\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif changed {\n\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1767024000_upgrade_v0.4.13.go",
"content": "package migrations\n\nimport (\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\tsnaps \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\ttracer := NewTracer(\"v0.4.13\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\twalker := &snaps.WorkflowGraphWalker{}\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizDeploy\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tswitch nodeCfg[\"provider\"] {\n\t\t\t\tcase \"1panel-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"1panel\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\tcase \"baotapanel-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"baotapanel\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\tcase \"baotapanelgo-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"baotapanelgo\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\tcase \"baotawaf-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"baotawaf\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\tcase \"cdnfly\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tif providerCfg[\"resourceType\"] == \"site\" {\n\t\t\t\t\t\t\t\tproviderCfg[\"resourceType\"] = \"website\"\n\t\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\n\t\t\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\t\t\treturn\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\tcase \"cpanel-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tproviderCfg[\"resourceType\"] = \"website\"\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"cpanel\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\tcase \"netlify-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tproviderCfg[\"resourceType\"] = \"website\"\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"netlify\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\tcase \"ratpanel-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\t\tproviderCfg[\"resourceType\"] = \"website\"\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"ratpanel\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\tcase \"safeline-site\":\n\t\t\t\t\t{\n\t\t\t\t\t\tnodeCfg[\"provider\"] = \"safeline\"\n\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\n\t\t\t// update collection `workflow`\n\t\t\t// - migrate field `graphDraft` / `graphContent`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphDraft\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphContent\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_run`\n\t\t\t// - migrate field `graph`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graph\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1768363200_upgrade_v0.4.14.go",
"content": "package migrations\n\nimport (\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\ttracer := NewTracer(\"v0.4.14\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// update collection `settings`\n\t\t// - modify field `content` schema of `sslProvider`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"dy6ccjb60spfy6p\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\trecords, err := app.FindRecordsByFilter(collection, \"name=\\\"sslProvider\\\"\", \"\", 1, 0)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t} else if len(records) != 0 {\n\t\t\t\trecord := records[0]\n\t\t\t\tchanged := false\n\n\t\t\t\tcontent := make(map[string]any)\n\t\t\t\tif err := record.UnmarshalJSONField(\"content\", &content); err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t} else {\n\t\t\t\t\tif _, ok := content[\"config\"]; ok {\n\t\t\t\t\t\tcontent[\"configs\"] = content[\"config\"]\n\t\t\t\t\t\tdelete(content, \"config\")\n\n\t\t\t\t\t\trecord.Set(\"content\", content)\n\t\t\t\t\t\tchanged = true\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif changed {\n\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/1769313600_upgrade_v0.4.15.go",
"content": "package migrations\n\nimport (\n\t\"encoding/json\"\n\t\"strings\"\n\n\t\"github.com/go-viper/mapstructure/v2\"\n\t\"github.com/pocketbase/dbx\"\n\t\"github.com/pocketbase/pocketbase/core\"\n\tm \"github.com/pocketbase/pocketbase/migrations\"\n\n\tsnaps \"github.com/certimate-go/certimate/migrations/snaps/v0.4\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcertx509 \"github.com/certimate-go/certimate/pkg/utils/cert/x509\"\n)\n\nfunc init() {\n\tm.Register(func(app core.App) error {\n\t\ttracer := NewTracer(\"v0.4.15\")\n\t\ttracer.Printf(\"go ...\")\n\n\t\t// update collection `acme_accounts`\n\t\t// - rebuild indexes\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"012d7abbod1hwvr\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif err := json.Unmarshal([]byte(`{\n\t\t\t\t\"indexes\": [\n\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_dQiYzimY7m`+\"`\"+` ON `+\"`\"+`acme_accounts`+\"`\"+` (`+\"`\"+`ca`+\"`\"+`)\",\n\t\t\t\t\t\"CREATE INDEX `+\"`\"+`idx_TjyqY6LAGa`+\"`\"+` ON `+\"`\"+`acme_accounts`+\"`\"+` (\\n `+\"`\"+`ca`+\"`\"+`,\\n `+\"`\"+`acmeDirUrl`+\"`\"+`\\n)\",\n\t\t\t\t\t\"CREATE UNIQUE INDEX `+\"`\"+`idx_G4brUDgxzc`+\"`\"+` ON `+\"`\"+`acme_accounts`+\"`\"+` (\\n `+\"`\"+`ca`+\"`\"+`,\\n `+\"`\"+`email`+\"`\"+`,\\n `+\"`\"+`acmeAcctUrl`+\"`\"+`,\\n `+\"`\"+`acmeDirUrl`+\"`\"+`\\n)\"\n\t\t\t\t]\n\t\t\t}`), &collection); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\t\t}\n\n\t\t// update collection `certificate`\n\t\t// - update field `subjectAltNames`\n\t\t// - remove field `acmeCertStableUrl`\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"4szxr9x43tpj6np\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tcollection.Fields.RemoveByName(\"acmeCertStableUrl\")\n\n\t\t\tif err := app.Save(collection); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\ttracer.Printf(\"collection '%s' updated\", collection.Name)\n\n\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tfor _, record := range records {\n\t\t\t\tchanged := false\n\n\t\t\t\tif certX509, err := xcert.ParseCertificateFromPEM(record.GetString(\"certificate\")); err == nil {\n\t\t\t\t\tcertSANs := xcertx509.GetSubjectAltNames(certX509)\n\t\t\t\t\tif strings.Join(certSANs, \";\") != record.GetString(\"subjectAltNames\") {\n\t\t\t\t\t\trecord.Set(\"subjectAltNames\", strings.Join(certSANs, \";\"))\n\t\t\t\t\t\tchanged = true\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif changed {\n\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// update collection `workflow_output`\n\t\t// - revert data for #1137\n\t\t{\n\t\t\tcollection, err := app.FindCollectionByNameOrId(\"bqnxb95f2cooowp\")\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tfor _, record := range records {\n\t\t\t\tchanged := false\n\n\t\t\t\trunRecord, _ := app.FindFirstRecordByFilter(\"workflow_run\", \"id={:runId}\", dbx.Params{\"runId\": record.GetString(\"runRef\")})\n\t\t\t\tif runRecord != nil {\n\t\t\t\t\trunGraph := make(map[string]any)\n\t\t\t\t\tif err := runRecord.UnmarshalJSONField(\"graph\", &runGraph); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\tif _, ok := runGraph[\"nodes\"]; ok {\n\t\t\t\t\t\tnodes := make([]*snaps.WorkflowNode, 0)\n\t\t\t\t\t\tif err := mapstructure.Decode(runGraph[\"nodes\"], &nodes); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tnodeMaybeBrokenId := record.GetString(\"nodeId\")\n\n\t\t\t\t\t\tvar findNode func(blocks []*snaps.WorkflowNode) *snaps.WorkflowNode\n\t\t\t\t\t\tfindNode = func(blocks []*snaps.WorkflowNode) *snaps.WorkflowNode {\n\t\t\t\t\t\t\tfor _, node := range blocks {\n\t\t\t\t\t\t\t\tif node.Id == nodeMaybeBrokenId {\n\t\t\t\t\t\t\t\t\treturn node\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tif len(node.Blocks) > 0 {\n\t\t\t\t\t\t\t\t\tif node := findNode(node.Blocks); node != nil {\n\t\t\t\t\t\t\t\t\t\treturn node\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\treturn nil\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif node := findNode(nodes); node != nil {\n\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tvar findNodeEx func(blocks []*snaps.WorkflowNode) *snaps.WorkflowNode\n\t\t\t\t\t\tfindNodeEx = func(blocks []*snaps.WorkflowNode) *snaps.WorkflowNode {\n\t\t\t\t\t\t\tfor _, node := range blocks {\n\t\t\t\t\t\t\t\tconst TRUNCATED_LENGTH = 3 // same as `ATTEMPTS` in '1757476800_upgrade_v0.4.0.go'\n\t\t\t\t\t\t\t\tif strings.HasSuffix(node.Id, nodeMaybeBrokenId) && (len(node.Id)-len(nodeMaybeBrokenId) == TRUNCATED_LENGTH) {\n\t\t\t\t\t\t\t\t\treturn node\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\tif len(node.Blocks) > 0 {\n\t\t\t\t\t\t\t\t\tif node := findNodeEx(node.Blocks); node != nil {\n\t\t\t\t\t\t\t\t\t\treturn node\n\t\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\treturn nil\n\t\t\t\t\t\t}\n\t\t\t\t\t\tif node := findNodeEx(nodes); node != nil {\n\t\t\t\t\t\t\trecord.Set(\"nodeId\", node.Id)\n\t\t\t\t\t\t\tchanged = true\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif changed {\n\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t}\n\n\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\t// adapt to new workflow data structure\n\t\t{\n\t\t\twalker := &snaps.WorkflowGraphWalker{}\n\t\t\twalker.Define(func(node *snaps.WorkflowNode) (_changed bool, _err error) {\n\t\t\t\t_changed = false\n\t\t\t\t_err = nil\n\n\t\t\t\tif node.Type != \"bizDeploy\" {\n\t\t\t\t\treturn\n\t\t\t\t}\n\n\t\t\t\tnodeCfg := node.Data.Config\n\n\t\t\t\tif nodeCfg[\"provider\"] == \"rainyun-rcdn\" {\n\t\t\t\t\tif providerCfg, ok := nodeCfg[\"providerConfig\"].(map[string]any); ok {\n\t\t\t\t\t\tif providerCfg[\"resourceType\"] == \"certificate\" {\n\t\t\t\t\t\t\tdelete(providerCfg, \"resourceType\")\n\t\t\t\t\t\t\tdelete(providerCfg, \"instanceId\")\n\t\t\t\t\t\t\tdelete(providerCfg, \"domainMatchPattern\")\n\t\t\t\t\t\t\tdelete(providerCfg, \"domain\")\n\t\t\t\t\t\t\tnodeCfg[\"provider\"] = \"rainyun-sslcenter\"\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\t\t\t\t\t\t} else {\n\t\t\t\t\t\t\tdelete(providerCfg, \"resourceType\")\n\t\t\t\t\t\t\tdelete(providerCfg, \"certificateId\")\n\t\t\t\t\t\t\tnodeCfg[\"providerConfig\"] = providerCfg\n\t\t\t\t\t\t}\n\t\t\t\t\t\t_changed = true\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn\n\t\t\t})\n\n\t\t\t// update collection `workflow`\n\t\t\t// - migrate field `graphDraft` / `graphContent`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"tovyif5ax6j62ur\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphDraft\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graphContent\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// update collection `workflow_run`\n\t\t\t// - migrate field `graph`\n\t\t\t{\n\t\t\t\tcollection, err := app.FindCollectionByNameOrId(\"qjp8lygssgwyqyz\")\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trecords, err := app.FindAllRecords(collection)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tfor _, record := range records {\n\t\t\t\t\tchanged := false\n\n\t\t\t\t\tif ret, err := walker.Migrate(record, \"graph\"); err != nil {\n\t\t\t\t\t\treturn err\n\t\t\t\t\t} else {\n\t\t\t\t\t\tchanged = changed || ret\n\t\t\t\t\t}\n\n\t\t\t\t\tif changed {\n\t\t\t\t\t\tif err := app.Save(record); err != nil {\n\t\t\t\t\t\t\treturn err\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ttracer.Printf(\"record #%s in collection '%s' updated\", record.Id, collection.Name)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\ttracer.Printf(\"done\")\n\t\treturn nil\n\t}, func(app core.App) error {\n\t\treturn nil\n\t})\n}\n"
},
{
"path": "migrations/snaps/v0.3/workflow.go",
"content": "package snaps\n\n// This is a definition backup of WorkflowNode for v0.3.\ntype WorkflowNode struct {\n\tId string `json:\"id\"`\n\tType string `json:\"type\"`\n\tName string `json:\"name\"`\n\tConfig map[string]any `json:\"config,omitempty\"`\n\tNext *WorkflowNode `json:\"next,omitempty\"`\n\tBranches []*WorkflowNode `json:\"branches,omitempty\"`\n}\n"
},
{
"path": "migrations/snaps/v0.4/workflow.go",
"content": "package snaps\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/go-viper/mapstructure/v2\"\n\t\"github.com/pocketbase/pocketbase/core\"\n)\n\ntype WorkflowGraphWalker struct {\n\tvisitors []WorkflowNodeVisitor\n}\n\ntype WorkflowNodeVisitor func(node *WorkflowNode) (_changed bool, _err error)\n\nfunc (w *WorkflowGraphWalker) Define(visitor WorkflowNodeVisitor) {\n\tif w.visitors == nil {\n\t\tw.visitors = make([]WorkflowNodeVisitor, 0)\n\t}\n\tw.visitors = append(w.visitors, visitor)\n}\n\nfunc (w *WorkflowGraphWalker) Visit(nodes []*WorkflowNode) (_changed bool, _err error) {\n\tchanged := false\n\n\tif w.visitors == nil {\n\t\treturn changed, nil\n\t}\n\n\tfor _, node := range nodes {\n\t\tfor _, visitor := range w.visitors {\n\t\t\tnodeChanged, err := visitor(node)\n\t\t\tif err != nil {\n\t\t\t\treturn changed, err\n\t\t\t}\n\t\t\tif nodeChanged {\n\t\t\t\tchanged = true\n\t\t\t}\n\n\t\t\tif len(node.Blocks) > 0 {\n\t\t\t\tblocksChanged, err := w.Visit(node.Blocks)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn changed, err\n\t\t\t\t}\n\t\t\t\tif blocksChanged {\n\t\t\t\t\tchanged = true\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn changed, nil\n}\n\nfunc (w *WorkflowGraphWalker) Migrate(record *core.Record, field string) (_changed bool, _err error) {\n\tf := record.Collection().Fields.GetByName(field)\n\tif f == nil {\n\t\treturn false, fmt.Errorf(\"field '%s' not found\", field)\n\t}\n\n\tif record.GetRaw(field) != nil {\n\t\tgraph := make(map[string]any)\n\t\tif err := record.UnmarshalJSONField(field, &graph); err != nil {\n\t\t\treturn false, err\n\t\t}\n\n\t\tif _, ok := graph[\"nodes\"]; ok {\n\t\t\tnodes := make([]*WorkflowNode, 0)\n\t\t\tif err := mapstructure.Decode(graph[\"nodes\"], &nodes); err != nil {\n\t\t\t\treturn false, err\n\t\t\t}\n\n\t\t\tnodesChanged, err := w.Visit(nodes)\n\t\t\tif err != nil {\n\t\t\t\treturn false, err\n\t\t\t} else if nodesChanged {\n\t\t\t\tgraph[\"nodes\"] = nodes\n\t\t\t\trecord.Set(field, graph)\n\t\t\t\treturn true, nil\n\t\t\t}\n\t\t}\n\t}\n\n\treturn false, nil\n}\n\n// This is a definition copy of WorkflowNode.\n// see: /internal/domain/workflow.go\ntype WorkflowNode struct {\n\tId string `json:\"id\"`\n\tType string `json:\"type\"`\n\tData WorkflowNodeData `json:\"data\"`\n\tBlocks WorkflowNodeBlocks `json:\"blocks,omitempty,omitzero\"`\n}\n\n// This is a definition copy of []*WorkflowNode.\n// see: /internal/domain/workflow.go\ntype WorkflowNodeBlocks []*WorkflowNode\n\n// This is a definition copy of WorkflowNodeData.\n// see: /internal/domain/workflow.go\ntype WorkflowNodeData struct {\n\tName string `json:\"name\"`\n\tDisabled bool `json:\"disabled,omitempty,omitzero\"`\n\tConfig WorkflowNodeConfig `json:\"config,omitempty,omitzero\"`\n}\n\n// This is a definition copy of WorkflowNodeConfig.\n// see: /internal/domain/workflow.go\ntype WorkflowNodeConfig map[string]any\n\nfunc (g WorkflowNodeBlocks) GetNodeById(nodeId string) (*WorkflowNode, bool) {\n\treturn g.getNodeInBlocksById(g, nodeId)\n}\n\nfunc (g WorkflowNodeBlocks) getNodeInBlocksById(blocks WorkflowNodeBlocks, nodeId string) (*WorkflowNode, bool) {\n\tfor _, node := range blocks {\n\t\tif node.Id == nodeId {\n\t\t\treturn node, true\n\t\t}\n\n\t\tif len(node.Blocks) > 0 {\n\t\t\tif found, ok := g.getNodeInBlocksById(node.Blocks, nodeId); ok {\n\t\t\t\treturn found, true\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil, false\n}\n"
},
{
"path": "migrations/tracer.go",
"content": "package migrations\n\nimport (\n\t\"fmt\"\n\t\"log/slog\"\n)\n\ntype Tracer struct {\n\tlogger *slog.Logger\n\tflag string\n}\n\nfunc NewTracer(flag string) *Tracer {\n\treturn &Tracer{\n\t\tlogger: slog.Default(),\n\t\tflag: flag,\n\t}\n}\n\nfunc (l *Tracer) Printf(format string, args ...any) {\n\tl.logger.Info(\"[CERTIMATE] migration \" + l.flag + \": \" + fmt.Sprintf(format, args...))\n}\n"
},
{
"path": "pkg/core/certifier/challenger.go",
"content": "package certifier\n\nimport (\n\t\"github.com/go-acme/lego/v4/challenge\"\n)\n\ntype ACMEChallenger = challenge.Provider\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/35cn/35cn.go",
"content": "package west35cn\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/com35\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tUsername string `json:\"username\"`\n\tApiPassword string `json:\"apiPassword\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := com35.NewDefaultConfig()\n\tproviderConfig.Username = config.Username\n\tproviderConfig.Password = config.ApiPassword\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := com35.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/51dnscom/51dnscom.go",
"content": "package dnscom\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/51dnscom/internal\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tproviderConfig.APISecret = config.ApiSecret\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/51dnscom/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\n\tdnscomsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/51dnscom\"\n)\n\nconst (\n\tenvNamespace = \"51DNSCOM_\"\n\tEnvAPIKey = envNamespace + \"API_KEY\"\n\tEnvAPISecret = envNamespace + \"API_SECRET\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tAPIKey string\n\tAPISecret string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *dnscomsdk.Client\n\n\trecordCache map[string]dnsRecordCacheEntry // Key: ChallengeToken\n\trecordCacheMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvAPIKey, EnvAPISecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"51dnscom: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.APIKey = values[EnvAPIKey]\n\tconfig.APISecret = values[EnvAPISecret]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"51dnscom: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient, err := dnscomsdk.NewClient(config.APIKey, config.APISecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"51dnscom: %w\", err)\n\t} else {\n\t\tclient.SetTimeout(config.HTTPTimeout)\n\t}\n\n\treturn &DNSProvider{\n\t\tconfig: config,\n\t\tclient: client,\n\t\trecordCache: make(map[string]dnsRecordCacheEntry),\n\t\trecordCacheMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"51dnscom: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\tsubDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"51dnscom: %w\", err)\n\t}\n\n\tzone, err := d.findZone(dns01.UnFqdn(authZone))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"51dnscom: error when list zones: %w\", err)\n\t}\n\n\t// REF: https://www.51dns.com/document/api/4/12.html\n\trequest := &dnscomsdk.RecordCreateRequest{\n\t\tDomainID: lo.ToPtr(zone.DomainID.String()),\n\t\tType: lo.ToPtr(\"TXT\"),\n\t\tHost: lo.ToPtr(subDomain),\n\t\tValue: lo.ToPtr(info.Value),\n\t\tTTL: lo.ToPtr(int32(d.config.TTL)),\n\t}\n\tresponse, err := d.client.RecordCreate(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"51dnscom: error when create record: %w\", err)\n\t}\n\n\td.recordCacheMu.Lock()\n\td.recordCache[token] = dnsRecordCacheEntry{DomainID: zone.DomainID.String(), RecordID: response.Data.RecordID.String()}\n\td.recordCacheMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\td.recordCacheMu.Lock()\n\trecord, ok := d.recordCache[token]\n\td.recordCacheMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"51dnscom: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\t// REF: https://www.51dns.com/document/api/4/27.html\n\trequest := &dnscomsdk.RecordRemoveRequest{\n\t\tDomainID: lo.ToPtr(record.DomainID),\n\t\tRecordID: lo.ToPtr(record.RecordID),\n\t}\n\tif _, err := d.client.RecordRemove(request); err != nil {\n\t\treturn fmt.Errorf(\"51dnscom: error when delete record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n\ntype dnsRecordCacheEntry struct {\n\tDomainID string\n\tRecordID string\n}\n\nfunc (d *DNSProvider) findZone(zoneName string) (*dnscomsdk.DomainRecord, error) {\n\tpage := 1\n\tpageSize := 10\n\tfor {\n\t\t// REF: https://www.51dns.com/document/api/74/88.html\n\t\trequest := &dnscomsdk.DomainListRequest{\n\t\t\tPage: lo.ToPtr(int32(page)),\n\t\t\tPageSize: lo.ToPtr(int32(pageSize)),\n\t\t}\n\t\tresponse, err := d.client.DomainList(request)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif response.Data == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range response.Data.Data {\n\t\t\tif domainItem.Domain == zoneName {\n\t\t\t\treturn domainItem, nil\n\t\t\t}\n\t\t}\n\n\t\tif len(response.Data.Data) < pageSize || response.Data.PageCount <= int32(page) {\n\t\t\tbreak\n\t\t}\n\n\t\tpage++\n\t}\n\n\treturn nil, fmt.Errorf(\"could not find zone '%s'\", zoneName)\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/acmedns/acmedns.go",
"content": "package acmedns\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/acmedns\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tCredentials string `json:\"credentials\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\ttempfile, err := os.CreateTemp(\"\", \"certimate.acmedns_*.tmp\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create temp credentials file: %w\", err)\n\t} else {\n\t\tif _, err := tempfile.Write([]byte(config.Credentials)); err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to write temp credentials file: %w\", err)\n\t\t}\n\n\t\ttempfile.Close()\n\t}\n\n\tproviderConfig := acmedns.NewDefaultConfig()\n\tproviderConfig.APIBase = config.ServerUrl\n\tproviderConfig.StoragePath = tempfile.Name()\n\n\tprovider, err := acmedns.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/acmehttpreq/acmehttpreq.go",
"content": "package acmehttpreq\n\nimport (\n\t\"errors\"\n\t\"net/url\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/httpreq\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tEndpoint string `json:\"endpoint\"`\n\tMode string `json:\"mode\"`\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tendpoint, _ := url.Parse(config.Endpoint)\n\tproviderConfig := httpreq.NewDefaultConfig()\n\tproviderConfig.Endpoint = endpoint\n\tproviderConfig.Mode = config.Mode\n\tproviderConfig.Username = config.Username\n\tproviderConfig.Password = config.Password\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\n\tprovider, err := httpreq.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/akamai-edgedns/akamai_edgedns.go",
"content": "package akamaiedgedns\n\nimport (\n\t\"time\"\n\n\t\"github.com/akamai/AkamaiOPEN-edgegrid-golang/v11/pkg/edgegrid\"\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/providers/dns/edgedns\"\n)\n\ntype ChallengerConfig struct {\n\tHost string\n\tClientToken string\n\tClientSecret string\n\tAccessToken string\n\tDnsPropagationTimeout int\n\tDnsTTL int\n}\n\nfunc NewChallenger(config *ChallengerConfig) (challenge.Provider, error) {\n\tedgegridConfig := &edgegrid.Config{\n\t\tHost: config.Host,\n\t\tClientToken: config.ClientToken,\n\t\tClientSecret: config.ClientSecret,\n\t\tAccessToken: config.AccessToken,\n\t\tMaxBody: 131072,\n\t\tHeaderToSign: []string{\n\t\t\t\"X-Akamai-ACS-Action\",\n\t\t\t\"X-Akamai-ACS-Auth-Data\",\n\t\t\t\"X-Akamai-ACS-Auth-Sign\",\n\t\t},\n\t}\n\n\tproviderConfig := edgedns.NewDefaultConfig()\n\tproviderConfig.Config = edgegridConfig\n\tif config.DnsPropagationTimeout > 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL > 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := edgedns.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/aliyun/aliyun.go",
"content": "package aliyun\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/alidns\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := alidns.NewDefaultConfig()\n\tproviderConfig.APIKey = config.AccessKeyId\n\tproviderConfig.SecretKey = config.AccessKeySecret\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := alidns.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/aliyun-esa/aliyun_esa.go",
"content": "package aliyunesa\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/aliesa\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\tRegion string `json:\"region\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := aliesa.NewDefaultConfig()\n\tproviderConfig.APIKey = config.AccessKeyId\n\tproviderConfig.SecretKey = config.AccessKeySecret\n\tproviderConfig.RegionID = config.Region\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := aliesa.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/arvancloud/arvancloud.go",
"content": "package arvancloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/arvancloud\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := arvancloud.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := arvancloud.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/aws-route53/aws-route53.go",
"content": "package awsroute53\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/route53\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\tRegion string `json:\"region\"`\n\tHostedZoneId string `json:\"hostedZoneId,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := route53.NewDefaultConfig()\n\tproviderConfig.AccessKeyID = config.AccessKeyId\n\tproviderConfig.SecretAccessKey = config.SecretAccessKey\n\tproviderConfig.Region = config.Region\n\tif config.HostedZoneId != \"\" {\n\t\tproviderConfig.HostedZoneID = config.HostedZoneId\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := route53.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/azure-dns/azure-dns.go",
"content": "package azuredns\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/azuredns\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\tazenv \"github.com/certimate-go/certimate/pkg/sdk3rd/azure/env\"\n)\n\ntype ChallengerConfig struct {\n\tTenantId string `json:\"tenantId\"`\n\tClientId string `json:\"clientId\"`\n\tClientSecret string `json:\"clientSecret\"`\n\tSubscriptionId string `json:\"subscriptionId,omitempty\"`\n\tResourceGroupName string `json:\"resourceGroupName,omitempty\"`\n\tCloudName string `json:\"cloudName,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := azuredns.NewDefaultConfig()\n\tproviderConfig.AuthMethod = \"env\"\n\tproviderConfig.TenantID = config.TenantId\n\tproviderConfig.ClientID = config.ClientId\n\tproviderConfig.ClientSecret = config.ClientSecret\n\tproviderConfig.SubscriptionID = config.SubscriptionId\n\tproviderConfig.ResourceGroup = config.ResourceGroupName\n\tif config.CloudName != \"\" {\n\t\tenv, err := azenv.GetCloudEnvConfiguration(config.CloudName)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tproviderConfig.Environment = env\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := azuredns.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/baiducloud/baiducloud.go",
"content": "package baiducloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/baiducloud\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := baiducloud.NewDefaultConfig()\n\tproviderConfig.AccessKeyID = config.AccessKeyId\n\tproviderConfig.SecretAccessKey = config.SecretAccessKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := baiducloud.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/bookmyname/bookmyname.go",
"content": "package bookmyname\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/bookmyname\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tUsername string `json:\"username\"`\n\tPassword string `json:\"password\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := bookmyname.NewDefaultConfig()\n\tproviderConfig.Username = config.Username\n\tproviderConfig.Password = config.Password\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := bookmyname.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/bunny/bunny.go",
"content": "package bunny\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/bunny\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := bunny.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := bunny.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/cloudflare/cloudflare.go",
"content": "package cloudflare\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/cloudflare\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tDnsApiToken string `json:\"dnsApiToken\"`\n\tZoneApiToken string `json:\"zoneApiToken,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := cloudflare.NewDefaultConfig()\n\tproviderConfig.AuthToken = config.DnsApiToken\n\tproviderConfig.ZoneToken = config.ZoneApiToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := cloudflare.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/cloudns/cloudns.go",
"content": "package cloudns\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/cloudns\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAuthId string `json:\"authId\"`\n\tAuthPassword string `json:\"authPassword\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := cloudns.NewDefaultConfig()\n\tproviderConfig.AuthID = config.AuthId\n\tproviderConfig.AuthPassword = config.AuthPassword\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := cloudns.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/cmcccloud/cmcccloud.go",
"content": "package cmcccloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/cmcccloud/internal\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.AccessKey = config.AccessKeyId\n\tproviderConfig.SecretKey = config.AccessKeySecret\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/cmcccloud/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkclouddns\"\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkclouddns/model\"\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/config\"\n)\n\nconst (\n\tenvNamespace = \"CMCCCLOUD_\"\n\n\tEnvAccessKey = envNamespace + \"ACCESS_KEY\"\n\tEnvSecretKey = envNamespace + \"SECRET_KEY\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvReadTimeout = envNamespace + \"READ_TIMEOUT\"\n\tEnvConnectTimeout = envNamespace + \"CONNECT_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tAccessKey string\n\tSecretKey string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tReadTimeout int\n\tConnectTimeout int\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *ecloudsdkclouddns.Client\n\n\trecordIDs map[string]string // Key: ChallengeToken; Value: RecordID\n\trecordIDsMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tReadTimeout: env.GetOrDefaultInt(EnvReadTimeout, 30),\n\t\tConnectTimeout: env.GetOrDefaultInt(EnvConnectTimeout, 30),\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, 600),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 10*time.Minute),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvAccessKey, EnvSecretKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"cmccecloud: %w\", err)\n\t}\n\n\tcfg := NewDefaultConfig()\n\tcfg.AccessKey = values[EnvAccessKey]\n\tcfg.SecretKey = values[EnvSecretKey]\n\n\treturn NewDNSProviderConfig(cfg)\n}\n\nfunc NewDNSProviderConfig(cfg *Config) (*DNSProvider, error) {\n\tif cfg == nil {\n\t\treturn nil, errors.New(\"cmccecloud: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient := ecloudsdkclouddns.NewClient(&config.Config{\n\t\tAccessKey: cfg.AccessKey,\n\t\tSecretKey: cfg.SecretKey,\n\t\t// 资源池常量见: https://ecloud.10086.cn/op-help-center/doc/article/54462\n\t\t// 默认全局\n\t\tPoolId: \"CIDC-CORE-00\",\n\t\tReadTimeOut: cfg.ReadTimeout,\n\t\tConnectTimeout: cfg.ConnectTimeout,\n\t})\n\n\treturn &DNSProvider{\n\t\tconfig: cfg,\n\t\tclient: client,\n\t\trecordIDs: make(map[string]string),\n\t\trecordIDsMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tzoneName, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"cmccecloud: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\tsubDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, zoneName)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"cmccecloud: %w\", err)\n\t}\n\n\trequest := &model.CreateRecordOpenapiRequest{\n\t\tCreateRecordOpenapiBody: &model.CreateRecordOpenapiBody{\n\t\t\tLineId: \"0\", // 默认线路\n\t\t\tRr: subDomain,\n\t\t\tDomainName: dns01.UnFqdn(zoneName),\n\t\t\tDescription: \"certimate acme\",\n\t\t\tType: model.CreateRecordOpenapiBodyTypeEnumTxt,\n\t\t\tValue: info.Value,\n\t\t\tTtl: lo.ToPtr(int32(d.config.TTL)),\n\t\t},\n\t}\n\tresponse, err := d.client.CreateRecordOpenapi(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"cmccecloud: error when create record: %w\", err)\n\t} else if response.State != model.CreateRecordOpenapiResponseStateEnumOk {\n\t\treturn fmt.Errorf(\"cmccecloud: failed to create record: unexpected response state: '%s', errcode: '%s', errmsg: '%s'\", response.State, response.ErrorCode, response.ErrorMessage)\n\t}\n\n\td.recordIDsMu.Lock()\n\td.recordIDs[token] = response.Body.RecordId\n\td.recordIDsMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\td.recordIDsMu.Lock()\n\trecordID, ok := d.recordIDs[token]\n\td.recordIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"cmccecloud: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\trequest := &model.DeleteRecordOpenapiRequest{\n\t\tDeleteRecordOpenapiBody: &model.DeleteRecordOpenapiBody{\n\t\t\tRecordIdList: []string{recordID},\n\t\t},\n\t}\n\tresponse, err := d.client.DeleteRecordOpenapi(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"cmccecloud: error when delete record: %w\", err)\n\t} else if response.State != model.DeleteRecordOpenapiResponseStateEnumOk {\n\t\treturn fmt.Errorf(\"cmccecloud: failed to delete record, unexpected response state: '%s', errcode: '%s', errmsg: '%s'\", response.State, response.ErrorCode, response.ErrorMessage)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/constellix/constellix.go",
"content": "package cloudns\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/constellix\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tSecretKey string `json:\"secretKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := constellix.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tproviderConfig.SecretKey = config.SecretKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := constellix.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/cpanel/cpanel.go",
"content": "package cpanel\n\nimport (\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/cpanel\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n)\n\ntype ChallengerConfig struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tUsername string `json:\"username\"`\n\tApiToken string `json:\"apiToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := cpanel.NewDefaultConfig()\n\tproviderConfig.Mode = \"cpanel\"\n\tproviderConfig.BaseURL = config.ServerUrl\n\tproviderConfig.Username = config.Username\n\tproviderConfig.Token = config.ApiToken\n\tif config.AllowInsecureConnections {\n\t\ttransport := xhttp.NewDefaultTransport()\n\t\ttransport.DisableKeepAlives = true\n\t\ttransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}\n\t\tproviderConfig.HTTPClient.Transport = transport\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := cpanel.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ctcccloud/ctcccloud.go",
"content": "package ctcccloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/ctcccloud/internal\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.AccessKeyId = config.AccessKeyId\n\tproviderConfig.SecretAccessKey = config.SecretAccessKey\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ctcccloud/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\n\tctyundns \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/dns\"\n)\n\nconst (\n\tenvNamespace = \"CTYUNSMARTDNS_\"\n\n\tEnvAccessKeyID = envNamespace + \"ACCESS_KEY_ID\"\n\tEnvSecretAccessKey = envNamespace + \"SECRET_ACCESS_KEY\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tAccessKeyId string\n\tSecretAccessKey string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tclient *ctyundns.Client\n\tconfig *Config\n\n\trecordIDs map[string]int32 // Key: ChallengeToken; Value: RecordID\n\trecordIDsMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, 600),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 10*time.Minute),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvAccessKeyID, EnvSecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"ctyun: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.AccessKeyId = values[EnvAccessKeyID]\n\tconfig.SecretAccessKey = values[EnvSecretAccessKey]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"ctyun: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient, err := ctyundns.NewClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"ctyun: %w\", err)\n\t} else {\n\t\tclient.SetTimeout(config.HTTPTimeout)\n\t}\n\n\treturn &DNSProvider{\n\t\tclient: client,\n\t\tconfig: config,\n\t\trecordIDs: make(map[string]int32),\n\t\trecordIDsMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ctyun: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\tsubDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ctyun: %w\", err)\n\t}\n\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=122&api=11259&data=181&isNormal=1&vid=259\n\trequest := &ctyundns.AddRecordRequest{\n\t\tDomain: lo.ToPtr(dns01.UnFqdn(authZone)),\n\t\tHost: lo.ToPtr(subDomain),\n\t\tType: lo.ToPtr(\"TXT\"),\n\t\tLineCode: lo.ToPtr(\"Default\"),\n\t\tValue: lo.ToPtr(info.Value),\n\t\tState: lo.ToPtr(int32(1)),\n\t\tTTL: lo.ToPtr(int32(d.config.TTL)),\n\t}\n\tresponse, err := d.client.AddRecord(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ctyun: error when create record: %w\", err)\n\t}\n\n\td.recordIDsMu.Lock()\n\td.recordIDs[token] = response.ReturnObj.RecordId\n\td.recordIDsMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\td.recordIDsMu.Lock()\n\trecordID, ok := d.recordIDs[token]\n\td.recordIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"tencentcloud-eo: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=122&api=11262&data=181&isNormal=1&vid=259\n\trequest := &ctyundns.DeleteRecordRequest{\n\t\tRecordId: lo.ToPtr(recordID),\n\t}\n\tif _, err := d.client.DeleteRecord(request); err != nil {\n\t\treturn fmt.Errorf(\"ctyun: error when delete record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/desec/desec.go",
"content": "package desec\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/desec\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tToken string `json:\"token\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := desec.NewDefaultConfig()\n\tproviderConfig.Token = config.Token\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := desec.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/digitalocean/digitalocean.go",
"content": "package namedotcom\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/digitalocean\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessToken string `json:\"accessToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := digitalocean.NewDefaultConfig()\n\tproviderConfig.AuthToken = config.AccessToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := digitalocean.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/dnsexit/dnsexit.go",
"content": "package dnsexit\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/dnsexit\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := dnsexit.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := dnsexit.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/dnsla/dnsla.go",
"content": "package dnsla\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/dnsla/internal\"\n)\n\ntype ChallengerConfig struct {\n\tApiId string `json:\"apiId\"`\n\tApiSecret string `json:\"apiSecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.APIId = config.ApiId\n\tproviderConfig.APISecret = config.ApiSecret\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/dnsla/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\n\tdnslasdk \"github.com/certimate-go/certimate/pkg/sdk3rd/dnsla\"\n)\n\nconst (\n\tenvNamespace = \"DNSLA_\"\n\n\tEnvAPIId = envNamespace + \"API_ID\"\n\tEnvAPISecret = envNamespace + \"API_SECRET\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tAPIId string\n\tAPISecret string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *dnslasdk.Client\n\n\trecordIDs map[string]string // Key: ChallengeToken; Value: RecordID\n\trecordIDsMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, 300),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvAPIId, EnvAPISecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"dnsla: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.APIId = values[EnvAPIId]\n\tconfig.APISecret = values[EnvAPISecret]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"dnsla: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient, err := dnslasdk.NewClient(config.APIId, config.APISecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"dnsla: %w\", err)\n\t} else {\n\t\tclient.SetTimeout(config.HTTPTimeout)\n\t}\n\n\treturn &DNSProvider{\n\t\tconfig: config,\n\t\tclient: client,\n\t\trecordIDs: make(map[string]string),\n\t\trecordIDsMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dnsla: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\tsubDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dnsla: %w\", err)\n\t}\n\n\tzone, err := d.findZone(dns01.UnFqdn(authZone))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dnsla: error when list zones: %w\", err)\n\t}\n\n\t// REF: https://www.dnsla.cn/docs/ApiDoc\n\trequest := &dnslasdk.CreateRecordRequest{\n\t\tDomainId: lo.ToPtr(zone.Id),\n\t\tType: lo.ToPtr(int32(16)),\n\t\tHost: lo.ToPtr(subDomain),\n\t\tData: lo.ToPtr(info.Value),\n\t\tTtl: lo.ToPtr(int32(d.config.TTL)),\n\t}\n\tresponse, err := d.client.CreateRecord(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dnsla: error when create record: %w\", err)\n\t}\n\n\td.recordIDsMu.Lock()\n\td.recordIDs[token] = response.Data.Id\n\td.recordIDsMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\td.recordIDsMu.Lock()\n\trecordID, ok := d.recordIDs[token]\n\td.recordIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"dnsla: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\t// REF: https://www.dnsla.cn/docs/ApiDoc\n\tif _, err := d.client.DeleteRecord(recordID); err != nil {\n\t\treturn fmt.Errorf(\"dnsla: error when delete record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n\nfunc (d *DNSProvider) findZone(zoneName string) (*dnslasdk.DomainRecord, error) {\n\tpageIndex := 1\n\tpageSize := 100\n\tfor {\n\t\t// REF: https://www.dnsla.cn/docs/ApiDoc\n\t\trequest := &dnslasdk.ListDomainsRequest{\n\t\t\tPageIndex: lo.ToPtr(int32(pageIndex)),\n\t\t\tPageSize: lo.ToPtr(int32(pageSize)),\n\t\t}\n\t\tresponse, err := d.client.ListDomains(request)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif response.Data == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range response.Data.Results {\n\t\t\tif strings.TrimRight(domainItem.Domain, \".\") == zoneName || strings.TrimRight(domainItem.DisplayDomain, \".\") == zoneName {\n\t\t\t\treturn domainItem, nil\n\t\t\t}\n\t\t}\n\n\t\tif len(response.Data.Results) < pageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tpageIndex++\n\t}\n\n\treturn nil, fmt.Errorf(\"could not find zone '%s'\", zoneName)\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/dnsmadeeasy/dnsmadeeasy.go",
"content": "package dnsmadeeasy\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/dnsmadeeasy\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := dnsmadeeasy.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tproviderConfig.APISecret = config.ApiSecret\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := dnsmadeeasy.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/duckdns/duckdns.go",
"content": "package namedotcom\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/duckdns\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tToken string `json:\"token\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := duckdns.NewDefaultConfig()\n\tproviderConfig.Token = config.Token\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\n\tprovider, err := duckdns.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/dynu/dynu.go",
"content": "package dynu\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/dynu\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := dynu.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := dynu.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/dynv6/dynv6.go",
"content": "package dynv6\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/dynv6/internal\"\n)\n\ntype ChallengerConfig struct {\n\tHttpToken string `json:\"httpToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.HTTPToken = config.HttpToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/dynv6/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\n\tdynv6sdk \"github.com/certimate-go/certimate/pkg/sdk3rd/dynv6\"\n)\n\nconst (\n\tenvNamespace = \"DYNV6_\"\n\n\tEnvHTTPToken = envNamespace + \"HTTP_TOKEN\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tHTTPToken string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *dynv6sdk.Client\n\n\tzoneIDs map[string]int64 // Key: ZoneName; Value: ZoneID\n\tzoneIDsMu sync.Mutex\n\trecordIDs map[string]int64 // Key: ChallengeToken; Value: RecordID\n\trecordIDsMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvHTTPToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"dynv6: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.HTTPToken = values[EnvHTTPToken]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"dynv6: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient, err := dynv6sdk.NewClient(config.HTTPToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"dnsexit: %w\", err)\n\t} else {\n\t\tclient.SetTimeout(config.HTTPTimeout)\n\t}\n\n\treturn &DNSProvider{\n\t\tconfig: config,\n\t\tclient: client,\n\t\tzoneIDs: make(map[string]int64),\n\t\tzoneIDsMu: sync.Mutex{},\n\t\trecordIDs: make(map[string]int64),\n\t\trecordIDsMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dynv6: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\tsubDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dynv6: %w\", err)\n\t}\n\n\tzone, err := d.findZone(dns01.UnFqdn(authZone))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dynv6: error when list zones: %w\", err)\n\t}\n\n\t// REF: https://dynv6.github.io/api-spec/#tag/records/operation/addRecord\n\tresponse, err := d.client.AddRecord(zone.ID, &dynv6sdk.AddRecordRequest{\n\t\tType: lo.ToPtr(\"TXT\"),\n\t\tName: lo.ToPtr(subDomain),\n\t\tData: lo.ToPtr(info.Value),\n\t})\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dynv6: error when create record: %w\", err)\n\t}\n\n\td.zoneIDsMu.Lock()\n\td.zoneIDs[zone.Name] = zone.ID\n\td.zoneIDsMu.Unlock()\n\n\td.recordIDsMu.Lock()\n\td.recordIDs[token] = response.ID\n\td.recordIDsMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"dynv6: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\td.zoneIDsMu.Lock()\n\tzoneId, ok := d.zoneIDs[dns01.UnFqdn(authZone)]\n\td.zoneIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"dynv6: unknown zone ID for '%s'\", dns01.UnFqdn(authZone))\n\t}\n\n\td.recordIDsMu.Lock()\n\trecordId, ok := d.recordIDs[token]\n\td.recordIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"dynv6: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\tif _, err := d.client.DeleteRecord(zoneId, recordId); err != nil {\n\t\treturn fmt.Errorf(\"dynv6: error when delete record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n\nfunc (d *DNSProvider) findZone(zoneName string) (*dynv6sdk.ZoneRecord, error) {\n\t// REF: https://dynv6.github.io/api-spec/#tag/zones/operation/findZones\n\tzones, err := d.client.ListZones()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tfor _, zone := range *zones {\n\t\tif zone.Name == zoneName {\n\t\t\treturn zone, nil\n\t\t}\n\t}\n\n\treturn nil, fmt.Errorf(\"could not find zone: '%s'\", zoneName)\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/gandinet/gandinet.go",
"content": "package gandinet\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/gandiv5\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tPersonalAccessToken string `json:\"personalAccessToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := gandiv5.NewDefaultConfig()\n\tproviderConfig.PersonalAccessToken = config.PersonalAccessToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := gandiv5.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/gcore/gcore.go",
"content": "package gcore\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/gcore\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiToken string `json:\"apiToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := gcore.NewDefaultConfig()\n\tproviderConfig.APIToken = config.ApiToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := gcore.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/gname/gname.go",
"content": "package gname\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/gname/internal\"\n)\n\ntype ChallengerConfig struct {\n\tAppId string `json:\"appId\"`\n\tAppKey string `json:\"appKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.AppID = config.AppId\n\tproviderConfig.AppKey = config.AppKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/gname/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\n\tgnamesdk \"github.com/certimate-go/certimate/pkg/sdk3rd/gname\"\n)\n\nconst (\n\tenvNamespace = \"GNAME_\"\n\n\tEnvAppID = envNamespace + \"APP_ID\"\n\tEnvAppKey = envNamespace + \"APP_KEY\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tAppID string\n\tAppKey string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *gnamesdk.Client\n\n\trecordIDs map[string]int64 // Key: ChallengeToken; Value: RecordID\n\trecordIDsMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, 300),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 5*time.Minute),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvAppID, EnvAppKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"gname: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.AppID = values[EnvAppID]\n\tconfig.AppKey = values[EnvAppKey]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"gname: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient, err := gnamesdk.NewClient(config.AppID, config.AppKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"gname: %w\", err)\n\t} else {\n\t\tclient.SetTimeout(config.HTTPTimeout)\n\t}\n\n\treturn &DNSProvider{\n\t\tconfig: config,\n\t\tclient: client,\n\t\trecordIDs: make(map[string]int64),\n\t\trecordIDsMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"gname: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\tsubDomain, err := dns01.ExtractSubDomain(info.EffectiveFQDN, authZone)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"gname: %w\", err)\n\t}\n\n\t// REF: https://www.gname.vip/domain/api/dns/add\n\trequest := &gnamesdk.AddDomainResolutionRequest{\n\t\tZoneName: lo.ToPtr(dns01.UnFqdn(authZone)),\n\t\tRecordType: lo.ToPtr(\"TXT\"),\n\t\tRecordName: lo.ToPtr(subDomain),\n\t\tRecordValue: lo.ToPtr(info.Value),\n\t\tTTL: lo.ToPtr(int32(d.config.TTL)),\n\t}\n\tresponse, err := d.client.AddDomainResolution(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"gname: error when create record: %w\", err)\n\t}\n\n\td.recordIDsMu.Lock()\n\td.recordIDs[token], _ = response.Data.Int64()\n\td.recordIDsMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"gname: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\td.recordIDsMu.Lock()\n\trecordID, ok := d.recordIDs[token]\n\td.recordIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"gname: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\t// REF: https://www.gname.vip/domain/api/dns/del\n\trequest := &gnamesdk.DeleteDomainResolutionRequest{\n\t\tZoneName: lo.ToPtr(dns01.UnFqdn(authZone)),\n\t\tRecordID: lo.ToPtr(recordID),\n\t}\n\t_, err = d.client.DeleteDomainResolution(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"gname: error when delete record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/godaddy/godaddy.go",
"content": "package godaddy\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/godaddy\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := godaddy.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tproviderConfig.APISecret = config.ApiSecret\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := godaddy.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/hetzner/hetzner.go",
"content": "package hetzner\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/hetzner\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiToken string `json:\"apiToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := hetzner.NewDefaultConfig()\n\tproviderConfig.APIToken = config.ApiToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := hetzner.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/hostingde/hostingde.go",
"content": "package hostingde\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/hostingde\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := hostingde.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := hostingde.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/hostinger/hostinger.go",
"content": "package hostinger\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/hostinger\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiToken string `json:\"apiToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := hostinger.NewDefaultConfig()\n\tproviderConfig.APIToken = config.ApiToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := hostinger.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/huaweicloud/huaweicloud.go",
"content": "package huaweicloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\thwc \"github.com/go-acme/lego/v4/providers/dns/huaweicloud\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\tRegion string `json:\"region\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tregion := config.Region\n\tif region == \"\" {\n\t\t// 华为云的 SDK 要求必须传一个区域,实际上 DNS 服务用不到,但不传会报错\n\t\tregion = \"cn-north-1\"\n\t}\n\n\tproviderConfig := hwc.NewDefaultConfig()\n\tproviderConfig.AccessKeyID = config.AccessKeyId\n\tproviderConfig.SecretAccessKey = config.SecretAccessKey\n\tproviderConfig.Region = region\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = int32(config.DnsTTL)\n\t}\n\n\tprovider, err := hwc.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/infomaniak/infomaniak.go",
"content": "package infomaniak\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/infomaniak\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessToken string `json:\"accessToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := infomaniak.NewDefaultConfig()\n\tproviderConfig.AccessToken = config.AccessToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := infomaniak.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ionos/ionos.go",
"content": "package ionos\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/ionos\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKeyPublicPrefix string `json:\"apiKeyPublicPrefix\"`\n\tApiKeySecret string `json:\"apiKeySecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := ionos.NewDefaultConfig()\n\tproviderConfig.APIKey = fmt.Sprintf(\"%s.%s\", config.ApiKeyPublicPrefix, config.ApiKeySecret)\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := ionos.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/jdcloud/jdcloud.go",
"content": "package jdcloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/jdcloud\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\tRegionId string `json:\"regionId\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tregionId := config.RegionId\n\tif regionId == \"\" {\n\t\t// 京东云的 SDK 要求必须传一个区域,实际上 DNS 服务用不到,但不传会报错\n\t\tregionId = \"cn-north-1\"\n\t}\n\n\tproviderConfig := jdcloud.NewDefaultConfig()\n\tproviderConfig.AccessKeyID = config.AccessKeyId\n\tproviderConfig.AccessKeySecret = config.AccessKeySecret\n\tproviderConfig.RegionID = regionId\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := jdcloud.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/linode/linode.go",
"content": "package linode\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/linode\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessToken string `json:\"accessToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := linode.NewDefaultConfig()\n\tproviderConfig.Token = config.AccessToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := linode.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/namecheap/namecheap.go",
"content": "package namedotcom\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/namecheap\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tUsername string `json:\"username\"`\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := namecheap.NewDefaultConfig()\n\tproviderConfig.APIUser = config.Username\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := namecheap.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/namedotcom/namedotcom.go",
"content": "package namedotcom\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/namedotcom\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tUsername string `json:\"username\"`\n\tApiToken string `json:\"apiToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := namedotcom.NewDefaultConfig()\n\tproviderConfig.Username = config.Username\n\tproviderConfig.APIToken = config.ApiToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := namedotcom.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/namesilo/namesilo.go",
"content": "package namesilo\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/namesilo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := namesilo.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := namesilo.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/netcup/netcup.go",
"content": "package netcup\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/netcup\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tCustomerNumber string `json:\"customerNumber\"`\n\tApiKey string `json:\"apiKey\"`\n\tApiPassword string `json:\"apiPassword\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := netcup.NewDefaultConfig()\n\tproviderConfig.Customer = config.CustomerNumber\n\tproviderConfig.Key = config.ApiKey\n\tproviderConfig.Password = config.ApiPassword\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := netcup.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/netlify/netlify.go",
"content": "package netcup\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/netlify\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiToken string `json:\"apiToken\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := netlify.NewDefaultConfig()\n\tproviderConfig.Token = config.ApiToken\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := netlify.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ns1/ns1.go",
"content": "package ns1\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/ns1\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := ns1.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := ns1.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ovhcloud/consts.go",
"content": "package ovhcloud\n\nconst (\n\tAUTH_METHOD_APPLICATION = \"application\"\n\tAUTH_METHOD_OAUTH2 = \"oauth2\"\n)\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ovhcloud/ovhcloud.go",
"content": "package ovhcloud\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/ovh\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tEndpoint string `json:\"endpoint\"`\n\tAuthMethod string `json:\"authMethod\"`\n\tApplicationKey string `json:\"applicationKey,omitempty\"`\n\tApplicationSecret string `json:\"applicationSecret,omitempty\"`\n\tConsumerKey string `json:\"consumerKey,omitempty\"`\n\tClientId string `json:\"clientId,omitempty\"`\n\tClientSecret string `json:\"clientSecret,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := ovh.NewDefaultConfig()\n\tproviderConfig.APIEndpoint = config.Endpoint\n\tswitch config.AuthMethod {\n\tcase AUTH_METHOD_APPLICATION:\n\t\tproviderConfig.ApplicationKey = config.ApplicationKey\n\t\tproviderConfig.ApplicationSecret = config.ApplicationSecret\n\t\tproviderConfig.ConsumerKey = config.ConsumerKey\n\tcase AUTH_METHOD_OAUTH2:\n\t\tproviderConfig.OAuth2Config = &ovh.OAuth2Config{\n\t\t\tClientID: config.ClientId,\n\t\t\tClientSecret: config.ClientSecret,\n\t\t}\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported auth method '%s'\", config.AuthMethod)\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := ovh.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/porkbun/porkbun.go",
"content": "package porkbun\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/porkbun\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tSecretApiKey string `json:\"secretApiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := porkbun.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tproviderConfig.SecretAPIKey = config.SecretApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := porkbun.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/powerdns/powerdns.go",
"content": "package powerdns\n\nimport (\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"net/url\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/pdns\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n)\n\ntype ChallengerConfig struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiKey string `json:\"apiKey\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tserverUrl, _ := url.Parse(config.ServerUrl)\n\tproviderConfig := pdns.NewDefaultConfig()\n\tproviderConfig.Host = serverUrl\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.AllowInsecureConnections {\n\t\ttransport := xhttp.NewDefaultTransport()\n\t\ttransport.DisableKeepAlives = true\n\t\ttransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}\n\t\tproviderConfig.HTTPClient.Transport = transport\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := pdns.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/qingcloud/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\n\tqingcloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/qingcloud/dns\"\n)\n\nconst (\n\tenvNamespace = \"QINGCLOUD_\"\n\n\tEnvAccessKey = envNamespace + \"ACCESS_KEY\"\n\tEnvAccessSecret = envNamespace + \"ACCESS_SECRET\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tAccessKey string\n\tAccessSecret string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *qingcloudsdk.Client\n\n\trecordIDs map[string]*int64 // Key: ChallengeToken; Value: RecordID\n\trecordIDsMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, dns01.DefaultTTL),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, dns01.DefaultPropagationTimeout),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvAccessKey, EnvAccessSecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"qingcloud: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.AccessKey = values[EnvAccessKey]\n\tconfig.AccessSecret = values[EnvAccessSecret]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"qingcloud: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient, err := qingcloudsdk.NewClient(config.AccessKey, config.AccessSecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"qingcloud: %w\", err)\n\t} else {\n\t\tclient.SetTimeout(config.HTTPTimeout)\n\t}\n\n\treturn &DNSProvider{\n\t\tconfig: config,\n\t\tclient: client,\n\t\trecordIDs: make(map[string]*int64),\n\t\trecordIDsMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"qingcloud: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\t// REF: https://docsv4.qingcloud.com/user_guide/development_docs/api/api_list/dns/record/#_createrecord\n\trequest := &qingcloudsdk.CreateRecordRequest{\n\t\tZoneName: lo.ToPtr(authZone),\n\t\tDomainName: lo.ToPtr(info.EffectiveFQDN),\n\t\tViewId: lo.ToPtr(int32(0)),\n\t\tType: lo.ToPtr(\"TXT\"),\n\t\tTtl: lo.ToPtr(int32(d.config.TTL)),\n\t\tRecords: []*qingcloudsdk.CreateRecordRequestRecord{\n\t\t\t{\n\t\t\t\tValues: []*qingcloudsdk.CreateRecordRequestRecordValue{\n\t\t\t\t\t{\n\t\t\t\t\t\tValue: lo.ToPtr(info.Value),\n\t\t\t\t\t\tStatus: lo.ToPtr(int32(1)),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tWeight: lo.ToPtr(int32(0)),\n\t\t\t},\n\t\t},\n\t\tMode: lo.ToPtr(int32(1)),\n\t\tAutoMerge: lo.ToPtr(int32(1)),\n\t}\n\tresponse, err := d.client.CreateRecord(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"qingcloud: error when create record: %w\", err)\n\t}\n\n\td.recordIDsMu.Lock()\n\td.recordIDs[token] = response.DomainRecordId\n\td.recordIDsMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\td.recordIDsMu.Lock()\n\trecordID, ok := d.recordIDs[token]\n\td.recordIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"qingcloud: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\t// REF: https://docsv4.qingcloud.com/user_guide/development_docs/api/api_list/dns/record/#_deleterecord\n\tif _, err := d.client.DeleteRecord([]*int64{recordID}); err != nil {\n\t\treturn fmt.Errorf(\"qingcloud: error when delete record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/qingcloud/qingcloud.go",
"content": "package qingcloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/qingcloud/internal\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"apiPassword\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.AccessKey = config.AccessKeyId\n\tproviderConfig.AccessSecret = config.SecretAccessKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/rainyun/rainyun.go",
"content": "package rainyun\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/rainyun\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := rainyun.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := rainyun.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/rfc2136/rfc2136.go",
"content": "package rfc2136\n\nimport (\n\t\"errors\"\n\t\"net\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/rfc2136\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tHost string `json:\"host\"`\n\tPort int32 `json:\"port\"`\n\tTsigAlgorithm string `json:\"tsigAlgorithm,omitempty\"`\n\tTsigKey string `json:\"tsigKey,omitempty\"`\n\tTsigSecret string `json:\"tsigSecret,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tif config.Port == 0 {\n\t\tconfig.Port = 53\n\t}\n\n\tif config.TsigAlgorithm == \"\" {\n\t\tconfig.TsigAlgorithm = \"hmac-sha1.\"\n\t}\n\n\tproviderConfig := rfc2136.NewDefaultConfig()\n\tproviderConfig.Nameserver = net.JoinHostPort(config.Host, strconv.Itoa(int(config.Port)))\n\tproviderConfig.TSIGAlgorithm = config.TsigAlgorithm\n\tproviderConfig.TSIGKey = config.TsigKey\n\tproviderConfig.TSIGSecret = config.TsigSecret\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := rfc2136.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/spaceship/spaceship.go",
"content": "package spaceship\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/spaceship\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tApiSecret string `json:\"apiSecret\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := spaceship.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tproviderConfig.APISecret = config.ApiSecret\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := spaceship.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/technitiumdns/technitiumdns.go",
"content": "package technitiumdns\n\nimport (\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/technitium\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n)\n\ntype ChallengerConfig struct {\n\tServerUrl string `json:\"serverUrl\"`\n\tApiToken string `json:\"apiToken\"`\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := technitium.NewDefaultConfig()\n\tproviderConfig.BaseURL = config.ServerUrl\n\tproviderConfig.APIToken = config.ApiToken\n\tif config.AllowInsecureConnections {\n\t\ttransport := xhttp.NewDefaultTransport()\n\t\ttransport.DisableKeepAlives = true\n\t\ttransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}\n\t\tproviderConfig.HTTPClient.Transport = transport\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := technitium.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/tencentcloud/tencentcloud.go",
"content": "package tencentcloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/tencentcloud\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tSecretId string `json:\"secretId\"`\n\tSecretKey string `json:\"secretKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := tencentcloud.NewDefaultConfig()\n\tproviderConfig.SecretID = config.SecretId\n\tproviderConfig.SecretKey = config.SecretKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := tencentcloud.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/tencentcloud-eo/tencentcloud_eo.go",
"content": "package tencentcloudeo\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/edgeone\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tSecretId string `json:\"secretId\"`\n\tSecretKey string `json:\"secretKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := edgeone.NewDefaultConfig()\n\tproviderConfig.SecretID = config.SecretId\n\tproviderConfig.SecretKey = config.SecretKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := edgeone.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/todaynic/todaynic.go",
"content": "package todaynic\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/todaynic\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tUserId string `json:\"userId\"`\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := todaynic.NewDefaultConfig()\n\tproviderConfig.AuthUserID = config.UserId\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := todaynic.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ucloud/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/udnr\"\n)\n\nconst (\n\tenvNamespace = \"UCLOUDUDNR_\"\n\n\tEnvPublicKey = envNamespace + \"PUBLIC_KEY\"\n\tEnvPrivateKey = envNamespace + \"PRIVATE_KEY\"\n\tEnvProjectId = envNamespace + \"PROJECT_ID\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tPrivateKey string\n\tPublicKey string\n\tProjectId string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *udnr.UDNRClient\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, 600),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 10*time.Minute),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvPrivateKey, EnvPublicKey, EnvProjectId)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"ucloud: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.PrivateKey = values[EnvPrivateKey]\n\tconfig.PublicKey = values[EnvPublicKey]\n\tconfig.ProjectId = values[EnvProjectId]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"ucloud: the configuration of the DNS provider is nil\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.Timeout = config.HTTPTimeout\n\tcfg.ProjectId = config.ProjectId\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = config.PrivateKey\n\tcredential.PublicKey = config.PublicKey\n\tclient := udnr.NewClient(&cfg, &credential)\n\n\treturn &DNSProvider{\n\t\tconfig: config,\n\t\tclient: client,\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ucloud: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\t// REF: https://docs.ucloud.cn/api/udnr-api/udnr_domain_dns_add\n\trequest := d.client.NewAddDomainDNSRequest()\n\trequest.Dn = ucloud.String(dns01.UnFqdn(authZone))\n\trequest.DnsType = ucloud.String(\"TXT\")\n\trequest.RecordName = ucloud.String(dns01.UnFqdn(info.EffectiveFQDN))\n\trequest.Content = ucloud.String(info.Value)\n\trequest.TTL = ucloud.String(fmt.Sprintf(\"%d\", d.config.TTL))\n\tif _, err := d.client.AddDomainDNS(request); err != nil {\n\t\treturn fmt.Errorf(\"ucloud: error when create record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ucloud: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\t// REF: https://docs.ucloud.cn/api/udnr-api/udnr_domain_dns_query\n\trequest := d.client.NewQueryDomainDNSRequest()\n\trequest.Dn = ucloud.String(dns01.UnFqdn(authZone))\n\tresponse, err := d.client.QueryDomainDNS(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ucloud: error when list records: %w\", err)\n\t}\n\n\t// REF: https://docs.ucloud.cn/api/udnr-api/udnr_delete_dns_record\n\tfor _, record := range response.Data {\n\t\tif record.DnsType == \"TXT\" && record.RecordName == dns01.UnFqdn(info.EffectiveFQDN) && record.Content == info.Value {\n\t\t\tdelreq := d.client.NewDeleteDomainDNSRequest()\n\t\t\tdelreq.Dn = ucloud.String(dns01.UnFqdn(authZone))\n\t\t\tdelreq.DnsType = ucloud.String(record.DnsType)\n\t\t\tdelreq.RecordName = ucloud.String(record.RecordName)\n\t\t\tdelreq.Content = ucloud.String(record.Content)\n\t\t\t_, err := d.client.DeleteDomainDNS(delreq)\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"ucloud: error when delete record: %w\", err)\n\t\t\t}\n\t\t\tbreak\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/ucloud/ucloud.go",
"content": "package ucloud\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/ucloud/internal\"\n)\n\ntype ChallengerConfig struct {\n\tPrivateKey string `json:\"privateKey\"`\n\tPublicKey string `json:\"publicKey\"`\n\tProjectId string `json:\"projectId,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"config is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.PrivateKey = config.PrivateKey\n\tproviderConfig.PublicKey = config.PublicKey\n\tproviderConfig.ProjectId = config.ProjectId\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/vercel/vercel.go",
"content": "package vercel\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/vercel\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiAccessToken string `json:\"apiAccessToken\"`\n\tTeamId string `json:\"teamId,omitempty\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := vercel.NewDefaultConfig()\n\tproviderConfig.AuthToken = config.ApiAccessToken\n\tproviderConfig.TeamID = config.TeamId\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := vercel.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/volcengine/volcengine.go",
"content": "package volcengine\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/volcengine\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tAccessKeyId string `json:\"accessKeyId\"`\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := volcengine.NewDefaultConfig()\n\tproviderConfig.AccessKey = config.AccessKeyId\n\tproviderConfig.SecretKey = config.SecretAccessKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := volcengine.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/vultr/vultr.go",
"content": "package vultr\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/vultr\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tApiKey string `json:\"apiKey\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := vultr.NewDefaultConfig()\n\tproviderConfig.APIKey = config.ApiKey\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := vultr.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/westcn/westcn.go",
"content": "package westcn\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/providers/dns/westcn\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\tUsername string `json:\"username\"`\n\tApiPassword string `json:\"apiPassword\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := westcn.NewDefaultConfig()\n\tproviderConfig.Username = config.Username\n\tproviderConfig.Password = config.ApiPassword\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := westcn.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/xinnet/internal/lego.go",
"content": "package internal\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-acme/lego/v4/challenge\"\n\t\"github.com/go-acme/lego/v4/challenge/dns01\"\n\t\"github.com/go-acme/lego/v4/platform/config/env\"\n\t\"github.com/samber/lo\"\n\n\txinnetsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/xinnet\"\n)\n\nconst (\n\tenvNamespace = \"XINNET_\"\n\n\tEnvAgentId = envNamespace + \"AGENT_ID\"\n\tEnvAppSecret = envNamespace + \"APP_SECRET\"\n\n\tEnvTTL = envNamespace + \"TTL\"\n\tEnvPropagationTimeout = envNamespace + \"PROPAGATION_TIMEOUT\"\n\tEnvPollingInterval = envNamespace + \"POLLING_INTERVAL\"\n\tEnvHTTPTimeout = envNamespace + \"HTTP_TIMEOUT\"\n)\n\nvar _ challenge.ProviderTimeout = (*DNSProvider)(nil)\n\ntype Config struct {\n\tAgentID string\n\tAppSecret string\n\n\tPropagationTimeout time.Duration\n\tPollingInterval time.Duration\n\tTTL int\n\tHTTPTimeout time.Duration\n}\n\ntype DNSProvider struct {\n\tconfig *Config\n\tclient *xinnetsdk.Client\n\n\trecordIDs map[string]*int64 // Key: ChallengeToken; Value: RecordID\n\trecordIDsMu sync.Mutex\n}\n\nfunc NewDefaultConfig() *Config {\n\treturn &Config{\n\t\tTTL: env.GetOrDefaultInt(EnvTTL, 600),\n\t\tPropagationTimeout: env.GetOrDefaultSecond(EnvPropagationTimeout, 10*time.Minute),\n\t\tPollingInterval: env.GetOrDefaultSecond(EnvPollingInterval, dns01.DefaultPollingInterval),\n\t\tHTTPTimeout: env.GetOrDefaultSecond(EnvHTTPTimeout, 30*time.Second),\n\t}\n}\n\nfunc NewDNSProvider() (*DNSProvider, error) {\n\tvalues, err := env.Get(EnvAgentId, EnvAppSecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"xinnet: %w\", err)\n\t}\n\n\tconfig := NewDefaultConfig()\n\tconfig.AgentID = values[EnvAgentId]\n\tconfig.AppSecret = values[EnvAppSecret]\n\n\treturn NewDNSProviderConfig(config)\n}\n\nfunc NewDNSProviderConfig(config *Config) (*DNSProvider, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"xinnet: the configuration of the DNS provider is nil\")\n\t}\n\n\tclient, err := xinnetsdk.NewClient(config.AgentID, config.AppSecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"xinnet: %w\", err)\n\t} else {\n\t\tclient.SetTimeout(config.HTTPTimeout)\n\t}\n\n\treturn &DNSProvider{\n\t\tconfig: config,\n\t\tclient: client,\n\t\trecordIDs: make(map[string]*int64),\n\t\trecordIDsMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *DNSProvider) Present(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"xinnet: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\t// REF: https://apidoc.xin.cn/doc-7283900\n\trequest := &xinnetsdk.DnsCreateRequest{\n\t\tDomainName: lo.ToPtr(dns01.UnFqdn(authZone)),\n\t\tRecordName: lo.ToPtr(dns01.UnFqdn(info.EffectiveFQDN)),\n\t\tType: lo.ToPtr(\"TXT\"),\n\t\tValue: lo.ToPtr(info.Value),\n\t\tLine: lo.ToPtr(\"默认\"),\n\t\tTtl: lo.ToPtr(int32(d.config.TTL)),\n\t}\n\tresponse, err := d.client.DnsCreate(request)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"xinnet: error when create record: %w\", err)\n\t}\n\n\td.recordIDsMu.Lock()\n\td.recordIDs[token] = response.Data\n\td.recordIDsMu.Unlock()\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {\n\tinfo := dns01.GetChallengeInfo(domain, keyAuth)\n\n\tauthZone, err := dns01.FindZoneByFqdn(info.EffectiveFQDN)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"xinnet: could not find zone for domain %q: %w\", domain, err)\n\t}\n\n\td.recordIDsMu.Lock()\n\trecordID, ok := d.recordIDs[token]\n\td.recordIDsMu.Unlock()\n\tif !ok {\n\t\treturn fmt.Errorf(\"xinnet: unknown record ID for '%s'\", info.EffectiveFQDN)\n\t}\n\n\t// REF: https://apidoc.xin.cn/doc-7283901\n\trequest := &xinnetsdk.DnsDeleteRequest{\n\t\tDomainName: lo.ToPtr(dns01.UnFqdn(authZone)),\n\t\tRecordId: recordID,\n\t}\n\tif _, err := d.client.DnsDelete(request); err != nil {\n\t\treturn fmt.Errorf(\"xinnet: error when delete record: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *DNSProvider) Timeout() (timeout, interval time.Duration) {\n\treturn d.config.PropagationTimeout, d.config.PollingInterval\n}\n"
},
{
"path": "pkg/core/certifier/challengers/dns01/xinnet/xinnet.go",
"content": "package xinnet\n\nimport (\n\t\"errors\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier/challengers/dns01/xinnet/internal\"\n)\n\ntype ChallengerConfig struct {\n\tAgentId string `json:\"agentId\"`\n\tApiPassword string `json:\"apiPassword\"`\n\tDnsPropagationTimeout int `json:\"dnsPropagationTimeout,omitempty\"`\n\tDnsTTL int `json:\"dnsTTL,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tproviderConfig := internal.NewDefaultConfig()\n\tproviderConfig.AgentID = config.AgentId\n\tproviderConfig.AppSecret = config.ApiPassword\n\tif config.DnsPropagationTimeout != 0 {\n\t\tproviderConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second\n\t}\n\tif config.DnsTTL != 0 {\n\t\tproviderConfig.TTL = config.DnsTTL\n\t}\n\n\tprovider, err := internal.NewDNSProviderConfig(providerConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/http01/local/local.go",
"content": "package local\n\nimport (\n\t\"errors\"\n\n\t\"github.com/go-acme/lego/v4/providers/http/webroot\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\t// 网站根目录路径。\n\tWebRootPath string `json:\"webRootPath\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tprovider, err := webroot.NewHTTPProvider(config.WebRootPath)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn provider, nil\n}\n"
},
{
"path": "pkg/core/certifier/challengers/http01/s3/s3.go",
"content": "package s3\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/go-acme/lego/v4/challenge/http01\"\n\n\t\"github.com/certimate-go/certimate/internal/tools/s3\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n)\n\ntype ChallengerConfig struct {\n\t// S3 Endpoint。\n\tEndpoint string `json:\"endpoint\"`\n\t// S3 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// S3 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// S3 签名版本。\n\t// 可取值 \"v2\"、\"v4\"。\n\t// 零值时默认值 \"v4\"。\n\tSignatureVersion string `json:\"signatureVersion,omitempty\"`\n\t// 是否使用路径风格。\n\tUsePathStyle bool `json:\"usePathStyle,omitempty\"`\n\t// 存储区域。\n\tRegion string `json:\"region\"`\n\t// 存储桶名。\n\tBucket string `json:\"bucket\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tclient, err := createS3Client(*config)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"s3: failed to create S3 client: %w\", err)\n\t}\n\n\tprovider := &provider{client: client, bucket: config.Bucket}\n\treturn provider, nil\n}\n\ntype provider struct {\n\tclient *s3.Client\n\tbucket string\n}\n\nfunc (p *provider) Present(domain, token, keyAuth string) error {\n\tobjectKey := strings.Trim(http01.ChallengePath(token), \"/\")\n\tif err := p.client.PutObjectString(context.Background(), p.bucket, objectKey, keyAuth); err != nil {\n\t\treturn fmt.Errorf(\"s3: failed to upload token to s3: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (p *provider) CleanUp(domain, token, keyAuth string) error {\n\tobjectKey := strings.Trim(http01.ChallengePath(token), \"/\")\n\tif err := p.client.RemoveObject(context.Background(), p.bucket, objectKey); err != nil {\n\t\treturn fmt.Errorf(\"s3: could not remove file in s3 bucket after HTTP challenge: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createS3Client(config ChallengerConfig) (*s3.Client, error) {\n\tclientCfg := s3.NewDefaultConfig()\n\tclientCfg.Endpoint = config.Endpoint\n\tclientCfg.AccessKey = config.AccessKey\n\tclientCfg.SecretKey = config.SecretKey\n\tclientCfg.SignatureVersion = config.SignatureVersion\n\tclientCfg.UsePathStyle = config.UsePathStyle\n\tclientCfg.Region = config.Region\n\tclientCfg.SkipTlsVerify = config.AllowInsecureConnections\n\n\tclient, err := s3.NewClient(clientCfg)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, err\n}\n"
},
{
"path": "pkg/core/certifier/challengers/http01/ssh/ssh.go",
"content": "package ssh\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\t\"path/filepath\"\n\n\t\"github.com/go-acme/lego/v4/challenge/http01\"\n\n\t\"github.com/certimate-go/certimate/internal/tools/ssh\"\n\t\"github.com/certimate-go/certimate/pkg/core/certifier\"\n\txssh \"github.com/certimate-go/certimate/pkg/utils/ssh\"\n)\n\ntype ServerConfig struct {\n\t// SSH 主机。\n\t// 零值时默认值 \"localhost\"。\n\tSshHost string `json:\"sshHost,omitempty\"`\n\t// SSH 端口。\n\t// 零值时默认值 22。\n\tSshPort int32 `json:\"sshPort,omitempty\"`\n\t// SSH 认证方式。\n\t// 可取值 \"none\"、\"password\"、\"key\"。\n\t// 零值时根据有无密码或私钥字段决定。\n\tSshAuthMethod string `json:\"sshAuthMethod,omitempty\"`\n\t// SSH 登录用户名。\n\t// 零值时默认值 \"root\"。\n\tSshUsername string `json:\"sshUsername,omitempty\"`\n\t// SSH 登录密码。\n\tSshPassword string `json:\"sshPassword,omitempty\"`\n\t// SSH 登录私钥。\n\tSshKey string `json:\"sshKey,omitempty\"`\n\t// SSH 登录私钥口令。\n\tSshKeyPassphrase string `json:\"sshKeyPassphrase,omitempty\"`\n}\n\ntype ChallengerConfig struct {\n\tServerConfig\n\n\t// 跳板机配置数组。\n\tJumpServers []ServerConfig `json:\"jumpServers,omitempty\"`\n\t// 是否回退使用 SCP。\n\tUseSCP bool `json:\"useSCP,omitempty\"`\n\t// 网站根目录路径。\n\tWebRootPath string `json:\"webRootPath\"`\n}\n\nfunc NewChallenger(config *ChallengerConfig) (certifier.ACMEChallenger, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the acme challenge provider is nil\")\n\t}\n\n\tprovider := &provider{config: config}\n\treturn provider, nil\n}\n\ntype provider struct {\n\tconfig *ChallengerConfig\n}\n\nfunc (p *provider) Present(domain, token, keyAuth string) error {\n\tclient, err := createSshClient(*p.config)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ssh: failed to create SSH client: %w\", err)\n\t}\n\n\tdefer client.Close()\n\n\tchallengeFilePath := filepath.Join(p.config.WebRootPath, http01.ChallengePath(token))\n\tif err := xssh.WriteRemoteString(client.GetClient(), challengeFilePath, keyAuth, p.config.UseSCP); err != nil {\n\t\treturn fmt.Errorf(\"failed to write file in webroot for HTTP challenge: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (p *provider) CleanUp(domain, token, keyAuth string) error {\n\tclient, err := createSshClient(*p.config)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"ssh: failed to create SSH client: %w\", err)\n\t}\n\n\tdefer client.Close()\n\n\t// 删除质询文件\n\tchallengeFilePath := filepath.Join(p.config.WebRootPath, http01.ChallengePath(token))\n\txssh.RemoveRemote(client.GetClient(), challengeFilePath, p.config.UseSCP)\n\n\treturn nil\n}\n\nfunc createSshClient(config ChallengerConfig) (*ssh.Client, error) {\n\tclientCfg := ssh.NewDefaultConfig()\n\tclientCfg.Host = config.SshHost\n\tclientCfg.Port = int(config.SshPort)\n\tclientCfg.AuthMethod = ssh.AuthMethodType(config.SshAuthMethod)\n\tclientCfg.Username = config.SshUsername\n\tclientCfg.Password = config.SshPassword\n\tclientCfg.Key = config.SshKey\n\tclientCfg.KeyPassphrase = config.SshKeyPassphrase\n\tfor _, jumpServer := range config.JumpServers {\n\t\tjumpServerCfg := ssh.NewServerConfig()\n\t\tjumpServerCfg.Host = jumpServer.SshHost\n\t\tjumpServerCfg.Port = int(jumpServer.SshPort)\n\t\tjumpServerCfg.AuthMethod = ssh.AuthMethodType(jumpServer.SshAuthMethod)\n\t\tjumpServerCfg.Username = jumpServer.SshUsername\n\t\tjumpServerCfg.Password = jumpServer.SshPassword\n\t\tjumpServerCfg.Key = jumpServer.SshKey\n\t\tjumpServerCfg.KeyPassphrase = jumpServer.SshKeyPassphrase\n\t\tclientCfg.JumpServers = append(clientCfg.JumpServers, *jumpServerCfg)\n\t}\n\n\tclient, err := ssh.NewClient(clientCfg)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/errors.go",
"content": "package certmgr\n\nimport (\n\t\"errors\"\n)\n\nvar (\n\tErrNotImplemented = errors.New(\"not implemented function\")\n\tErrUnsupported = errors.ErrUnsupported\n)\n"
},
{
"path": "pkg/core/certmgr/provider.go",
"content": "package certmgr\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n)\n\n// 表示定义 SSL 证书管理器的抽象类型接口。\n// 云服务商通常会提供 SSL 证书管理服务,可供用户集中管理证书。\ntype Provider interface {\n\t// 设置日志记录器。\n\t//\n\t// 入参:\n\t// - logger:日志记录器实例。\n\tSetLogger(logger *slog.Logger)\n\n\t// 上传证书。\n\t//\n\t// 入参:\n\t// - ctx:上下文。\n\t// - certPEM:证书 PEM 内容。\n\t// - privkeyPEM:私钥 PEM 内容。\n\t//\n\t// 出参:\n\t// - res:上传结果。\n\t// - err: 错误。\n\tUpload(ctx context.Context, certPEM, privkeyPEM string) (_res *UploadResult, _err error)\n\n\t// 更新证书。\n\t//\n\t// 入参:\n\t// - ctx:上下文。\n\t// - certIdOrName:证书 ID 或名称,即云服务商处的证书标识符。\n\t// - certPEM:证书 PEM 内容。\n\t// - privkeyPEM:私钥 PEM 内容。\n\t//\n\t// 出参:\n\t// - res:操作结果。\n\t// - err: 错误。\n\tReplace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (_res *OperateResult, _err error)\n}\n\n// 表示 SSL 证书管理操作结果的数据结构。\ntype OperateResult struct {\n\tExtendedData map[string]any `json:\"extendedData,omitempty\"`\n}\n\n// 表示 SSL 证书管理上传结果的数据结构,包含上传后的证书 ID、名称和其他数据。\ntype UploadResult struct {\n\tOperateResult\n\tCertId string `json:\"certId,omitempty\"`\n\tCertName string `json:\"certName,omitempty\"`\n\tExtendedData map[string]any `json:\"extendedData,omitempty\"`\n}\n"
},
{
"path": "pkg/core/certmgr/providers/1panel/1panel.go",
"content": "package onepanelssl\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tonepanelsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/1panel\"\n\tonepanelsdk2 \"github.com/certimate-go/certimate/pkg/sdk3rd/1panel/v2\"\n)\n\ntype CertmgrConfig struct {\n\t// 1Panel 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 1Panel 版本。\n\tApiVersion string `json:\"apiVersion\"`\n\t// 1Panel 接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 子节点名称。\n\t// 选填。\n\tNodeName string `json:\"nodeName,omitempty\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient any\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections, config.NodeName)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 避免重复上传\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM, privkeyPEM); err != nil {\n\t\treturn nil, err\n\t} else if upok {\n\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\treturn upres, nil\n\t}\n\n\t// 生成新证书名(需符合 1Panel 命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 上传证书\n\tswitch sdkClient := c.sdkClient.(type) {\n\tcase *onepanelsdk.Client:\n\t\t{\n\t\t\twebsiteSSLUploadReq := &onepanelsdk.WebsiteSSLUploadRequest{\n\t\t\t\tType: \"paste\",\n\t\t\t\tDescription: certName,\n\t\t\t\tCertificate: certPEM,\n\t\t\t\tPrivateKey: privkeyPEM,\n\t\t\t}\n\t\t\twebsiteSSLUploadResp, err := sdkClient.WebsiteSSLUploadWithContext(ctx, websiteSSLUploadReq)\n\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLUpload'\", slog.Any(\"request\", websiteSSLUploadReq), slog.Any(\"response\", websiteSSLUploadResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLUpload': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase *onepanelsdk2.Client:\n\t\t{\n\t\t\twebsiteSSLUploadReq := &onepanelsdk2.WebsiteSSLUploadRequest{\n\t\t\t\tType: \"paste\",\n\t\t\t\tDescription: certName,\n\t\t\t\tCertificate: certPEM,\n\t\t\t\tPrivateKey: privkeyPEM,\n\t\t\t}\n\t\t\twebsiteSSLUploadResp, err := sdkClient.WebsiteSSLUploadWithContext(ctx, websiteSSLUploadReq)\n\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLUpload'\", slog.Any(\"request\", websiteSSLUploadReq), slog.Any(\"response\", websiteSSLUploadResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLUpload': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\tpanic(\"unreachable\")\n\t}\n\n\t// 获取刚刚上传证书 ID\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM, privkeyPEM); err != nil {\n\t\treturn nil, err\n\t} else if !upok {\n\t\treturn nil, fmt.Errorf(\"could not find ssl certificate, may be upload failed\")\n\t} else {\n\t\treturn upres, nil\n\t}\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\tsslId, err := strconv.ParseInt(certIdOrName, 10, 64)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tswitch sdkClient := c.sdkClient.(type) {\n\tcase *onepanelsdk.Client:\n\t\t{\n\t\t\t// 获取证书详情\n\t\t\twebsiteSSLGetResp, err := sdkClient.WebsiteSSLGetWithContext(ctx, sslId)\n\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLGet'\", slog.Int64(\"sslId\", sslId), slog.Any(\"response\", websiteSSLGetResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLGet': %w\", err)\n\t\t\t}\n\n\t\t\t// 更新证书\n\t\t\twebsiteSSLUploadReq := &onepanelsdk.WebsiteSSLUploadRequest{\n\t\t\t\tSSLID: sslId,\n\t\t\t\tType: \"paste\",\n\t\t\t\tDescription: websiteSSLGetResp.Data.Description,\n\t\t\t\tCertificate: certPEM,\n\t\t\t\tPrivateKey: privkeyPEM,\n\t\t\t}\n\t\t\twebsiteSSLUploadResp, err := sdkClient.WebsiteSSLUploadWithContext(ctx, websiteSSLUploadReq)\n\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLUpload'\", slog.Any(\"request\", websiteSSLUploadReq), slog.Any(\"response\", websiteSSLUploadResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLUpload': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase *onepanelsdk2.Client:\n\t\t{\n\t\t\t// 获取证书详情\n\t\t\twebsiteSSLGetResp, err := sdkClient.WebsiteSSLGetWithContext(ctx, sslId)\n\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLGet'\", slog.Any(\"sslId\", sslId), slog.Any(\"response\", websiteSSLGetResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLGet': %w\", err)\n\t\t\t}\n\n\t\t\t// 更新证书\n\t\t\twebsiteSSLUploadReq := &onepanelsdk2.WebsiteSSLUploadRequest{\n\t\t\t\tSSLID: sslId,\n\t\t\t\tType: \"paste\",\n\t\t\t\tDescription: websiteSSLGetResp.Data.Description,\n\t\t\t\tCertificate: certPEM,\n\t\t\t\tPrivateKey: privkeyPEM,\n\t\t\t}\n\t\t\twebsiteSSLUploadResp, err := sdkClient.WebsiteSSLUploadWithContext(ctx, websiteSSLUploadReq)\n\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLUpload'\", slog.Any(\"request\", websiteSSLUploadReq), slog.Any(\"response\", websiteSSLUploadResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLUpload': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\tpanic(\"unreachable\")\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nfunc (c *Certmgr) tryGetResultIfCertExists(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, bool, error) {\n\tswitch sdkClient := c.sdkClient.(type) {\n\tcase *onepanelsdk.Client:\n\t\t{\n\t\t\tsearchWebsiteSSLPage := 1\n\t\t\tsearchWebsiteSSLPageSize := 100\n\t\t\tfor {\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn nil, false, ctx.Err()\n\t\t\t\tdefault:\n\t\t\t\t}\n\n\t\t\t\twebsiteSSLSearchReq := &onepanelsdk.WebsiteSSLSearchRequest{\n\t\t\t\t\tPage: int32(searchWebsiteSSLPage),\n\t\t\t\t\tPageSize: int32(searchWebsiteSSLPageSize),\n\t\t\t\t}\n\t\t\t\twebsiteSSLSearchResp, err := sdkClient.WebsiteSSLSearchWithContext(ctx, websiteSSLSearchReq)\n\t\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLSearch'\", slog.Any(\"request\", websiteSSLSearchReq), slog.Any(\"response\", websiteSSLSearchResp))\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLSearch': %w\", err)\n\t\t\t\t}\n\n\t\t\t\tif websiteSSLSearchResp.Data == nil {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tfor _, sslItem := range websiteSSLSearchResp.Data.Items {\n\t\t\t\t\toldCertPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(sslItem.PEM, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\toldPrivkeyPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(sslItem.PrivateKey, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\tnewCertPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(certPEM, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\tnewPrivkeyPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(privkeyPEM, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\tif oldCertPEM == newCertPEM && oldPrivkeyPEM == newPrivkeyPEM {\n\t\t\t\t\t\t// 如果已存在相同证书,直接返回\n\t\t\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\t\t\tCertId: fmt.Sprintf(\"%d\", sslItem.ID),\n\t\t\t\t\t\t\tCertName: sslItem.Description,\n\t\t\t\t\t\t}, true, nil\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif len(websiteSSLSearchResp.Data.Items) < int(websiteSSLSearchResp.Data.Total) {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tsearchWebsiteSSLPage++\n\t\t\t}\n\t\t}\n\n\tcase *onepanelsdk2.Client:\n\t\t{\n\t\t\tsearchWebsiteSSLPage := 1\n\t\t\tsearchWebsiteSSLPageSize := 100\n\t\t\tfor {\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn nil, false, ctx.Err()\n\t\t\t\tdefault:\n\t\t\t\t}\n\n\t\t\t\twebsiteSSLSearchReq := &onepanelsdk2.WebsiteSSLSearchRequest{\n\t\t\t\t\tOrder: \"null\",\n\t\t\t\t\tOrderBy: \"expire_date\",\n\t\t\t\t\tPage: int32(searchWebsiteSSLPage),\n\t\t\t\t\tPageSize: int32(searchWebsiteSSLPageSize),\n\t\t\t\t}\n\t\t\t\twebsiteSSLSearchResp, err := sdkClient.WebsiteSSLSearchWithContext(ctx, websiteSSLSearchReq)\n\t\t\t\tc.logger.Debug(\"sdk request '1panel.WebsiteSSLSearch'\", slog.Any(\"request\", websiteSSLSearchReq), slog.Any(\"response\", websiteSSLSearchResp))\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSSLSearch': %w\", err)\n\t\t\t\t}\n\n\t\t\t\tif websiteSSLSearchResp.Data == nil {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tfor _, sslItem := range websiteSSLSearchResp.Data.Items {\n\t\t\t\t\toldCertPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(sslItem.PEM, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\toldPrivkeyPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(sslItem.PrivateKey, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\tnewCertPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(certPEM, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\tnewPrivkeyPEM := strings.TrimSpace(strings.ReplaceAll(strings.ReplaceAll(privkeyPEM, \"\\r\", \"\"), \"\\n\", \"\"))\n\t\t\t\t\tif oldCertPEM == newCertPEM && oldPrivkeyPEM == newPrivkeyPEM {\n\t\t\t\t\t\t// 如果已存在相同证书,直接返回\n\t\t\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\t\t\tCertId: fmt.Sprintf(\"%d\", sslItem.ID),\n\t\t\t\t\t\t\tCertName: sslItem.Description,\n\t\t\t\t\t\t}, true, nil\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif len(websiteSSLSearchResp.Data.Items) < int(websiteSSLSearchResp.Data.Total) {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tsearchWebsiteSSLPage++\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\tpanic(\"unreachable\")\n\t}\n\n\treturn nil, false, nil\n}\n\nconst (\n\tsdkVersionV1 = \"v1\"\n\tsdkVersionV2 = \"v2\"\n)\n\nfunc createSDKClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool, nodeName string) (any, error) {\n\tif apiVersion == sdkVersionV1 {\n\t\tclient, err := onepanelsdk.NewClient(serverUrl, apiKey)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t} else if apiVersion == sdkVersionV2 {\n\t\tvar client *onepanelsdk2.Client\n\t\tvar err error\n\n\t\tif nodeName == \"\" {\n\t\t\tclient, err = onepanelsdk2.NewClient(serverUrl, apiKey)\n\t\t} else {\n\t\t\tclient, err = onepanelsdk2.NewClientWithNode(serverUrl, apiKey, nodeName)\n\t\t}\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t}\n\n\treturn nil, errors.New(\"1panel: invalid api version\")\n}\n"
},
{
"path": "pkg/core/certmgr/providers/1panel/1panel_test.go",
"content": "package onepanelssl_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/1panel\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiVersion string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"1PANEL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiVersion, argsPrefix+\"APIVERSION\", \"v1\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./1panel_test.go -args \\\n\t--1PANEL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--1PANEL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--1PANEL_SERVERURL=\"http://127.0.0.1:20410\" \\\n\t--1PANEL_APIVERSION=\"v1\" \\\n\t--1PANEL_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIVERSION: %v\", fApiVersion),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiVersion: fApiVersion,\n\t\t\tApiKey: fApiKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aliyun-cas/aliyun_cas.go",
"content": "package aliyuncas\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\talicas \"github.com/alibabacloud-go/cas-20200407/v4/client\"\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CasClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listusercertificateorder\n\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail\n\tlistUserCertificateOrderPage := 1\n\tlistUserCertificateOrderLimit := 50\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistUserCertificateOrderReq := &alicas.ListUserCertificateOrderRequest{\n\t\t\tResourceGroupId: lo.EmptyableToPtr(c.config.ResourceGroupId),\n\t\t\tCurrentPage: tea.Int64(int64(listUserCertificateOrderPage)),\n\t\t\tShowSize: tea.Int64(int64(listUserCertificateOrderLimit)),\n\t\t\tOrderType: tea.String(\"CERT\"),\n\t\t}\n\t\tlistUserCertificateOrderResp, err := c.sdkClient.ListUserCertificateOrderWithContext(ctx, listUserCertificateOrderReq, &dara.RuntimeOptions{})\n\t\tc.logger.Debug(\"sdk request 'cas.ListUserCertificateOrder'\", slog.Any(\"request\", listUserCertificateOrderReq), slog.Any(\"response\", listUserCertificateOrderResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cas.ListUserCertificateOrder': %w\", err)\n\t\t}\n\n\t\tif listUserCertificateOrderResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range listUserCertificateOrderResp.Body.CertificateOrderList {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, tea.StringValue(certItem.CommonName)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书序列号\n\t\t\t// 注意阿里云 CAS 会在序列号前补零,需去除后再比较\n\t\t\toldCertSN := strings.TrimLeft(tea.StringValue(certItem.SerialNo), \"0\")\n\t\t\tnewCertSN := strings.TrimLeft(certX509.SerialNumber.Text(16), \"0\")\n\t\t\tif !strings.EqualFold(newCertSN, oldCertSN) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tgetUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{\n\t\t\t\tCertId: certItem.CertificateId,\n\t\t\t}\n\t\t\tgetUserCertificateDetailResp, err := c.sdkClient.GetUserCertificateDetailWithContext(ctx, getUserCertificateDetailReq, &dara.RuntimeOptions{})\n\t\t\tc.logger.Debug(\"sdk request 'cas.GetUserCertificateDetail'\", slog.Any(\"request\", getUserCertificateDetailReq), slog.Any(\"response\", getUserCertificateDetailResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cas.GetUserCertificateDetail': %w\", err)\n\t\t\t} else {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, tea.StringValue(getUserCertificateDetailResp.Body.Cert)) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: fmt.Sprintf(\"%d\", tea.Int64Value(certItem.CertificateId)),\n\t\t\t\tCertName: *certItem.Name,\n\t\t\t\tExtendedData: map[string]any{\n\t\t\t\t\t\"InstanceId\": tea.StringValue(getUserCertificateDetailResp.Body.InstanceId),\n\t\t\t\t\t\"CertIdentifier\": tea.StringValue(getUserCertificateDetailResp.Body.CertIdentifier),\n\t\t\t\t},\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(listUserCertificateOrderResp.Body.CertificateOrderList) < listUserCertificateOrderLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tlistUserCertificateOrderPage++\n\t}\n\n\t// 生成新证书名(需符合阿里云命名规则)\n\tcertName := fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())\n\n\t// 上传新证书\n\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-uploadusercertificate\n\tuploadUserCertificateReq := &alicas.UploadUserCertificateRequest{\n\t\tResourceGroupId: lo.EmptyableToPtr(c.config.ResourceGroupId),\n\t\tName: tea.String(certName),\n\t\tCert: tea.String(certPEM),\n\t\tKey: tea.String(privkeyPEM),\n\t}\n\tuploadUserCertificateResp, err := c.sdkClient.UploadUserCertificateWithContext(ctx, uploadUserCertificateReq, &dara.RuntimeOptions{})\n\tc.logger.Debug(\"sdk request 'cas.UploadUserCertificate'\", slog.Any(\"request\", uploadUserCertificateReq), slog.Any(\"response\", uploadUserCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cas.UploadUserCertificate': %w\", err)\n\t}\n\n\t// 获取证书详情\n\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail\n\tgetUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{\n\t\tCertId: uploadUserCertificateResp.Body.CertId,\n\t\tCertFilter: tea.Bool(true),\n\t}\n\tgetUserCertificateDetailResp, err := c.sdkClient.GetUserCertificateDetailWithContext(ctx, getUserCertificateDetailReq, &dara.RuntimeOptions{})\n\tc.logger.Debug(\"sdk request 'cas.GetUserCertificateDetail'\", slog.Any(\"request\", getUserCertificateDetailReq), slog.Any(\"response\", getUserCertificateDetailResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cas.GetUserCertificateDetail': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", tea.Int64Value(getUserCertificateDetailResp.Body.Id)),\n\t\tCertName: certName,\n\t\tExtendedData: map[string]any{\n\t\t\t\"InstanceId\": tea.StringValue(getUserCertificateDetailResp.Body.InstanceId),\n\t\t\t\"CertIdentifier\": tea.StringValue(getUserCertificateDetailResp.Body.CertIdentifier),\n\t\t},\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.CasClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/cas\n\tvar endpoint string\n\tswitch region {\n\tcase \"\", \"cn-hangzhou\":\n\t\tendpoint = \"cas.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"cas.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tEndpoint: tea.String(endpoint),\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t}\n\n\tclient, err := internal.NewCasClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aliyun-cas/aliyun_cas_test.go",
"content": "package aliyuncas_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNCAS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_cas_test.go -args \\\n\t--ALIYUNCAS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNCAS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNCAS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNCAS_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNCAS_REGION=\"cn-hangzhou\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aliyun-cas/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\talicas \"github.com/alibabacloud-go/cas-20200407/v4/client\"\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/cas-20200407/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype CasClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewCasClient(config *openapiutil.Config) (*CasClient, error) {\n\tclient := new(CasClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *CasClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *CasClient) GetUserCertificateDetailWithContext(ctx context.Context, request *alicas.GetUserCertificateDetailRequest, runtime *dara.RuntimeOptions) (_result *alicas.GetUserCertificateDetailResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertFilter) {\n\t\tquery[\"CertFilter\"] = request.CertFilter\n\t}\n\n\tif !dara.IsNil(request.CertId) {\n\t\tquery[\"CertId\"] = request.CertId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"GetUserCertificateDetail\"),\n\t\tVersion: dara.String(\"2020-04-07\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicas.GetUserCertificateDetailResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *CasClient) ListUserCertificateOrderWithContext(ctx context.Context, request *alicas.ListUserCertificateOrderRequest, runtime *dara.RuntimeOptions) (_result *alicas.ListUserCertificateOrderResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CurrentPage) {\n\t\tquery[\"CurrentPage\"] = request.CurrentPage\n\t}\n\n\tif !dara.IsNil(request.Keyword) {\n\t\tquery[\"Keyword\"] = request.Keyword\n\t}\n\n\tif !dara.IsNil(request.OrderType) {\n\t\tquery[\"OrderType\"] = request.OrderType\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.ShowSize) {\n\t\tquery[\"ShowSize\"] = request.ShowSize\n\t}\n\n\tif !dara.IsNil(request.Status) {\n\t\tquery[\"Status\"] = request.Status\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ListUserCertificateOrder\"),\n\t\tVersion: dara.String(\"2020-04-07\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicas.ListUserCertificateOrderResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *CasClient) UploadUserCertificateWithContext(ctx context.Context, request *alicas.UploadUserCertificateRequest, runtime *dara.RuntimeOptions) (_result *alicas.UploadUserCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.Cert) {\n\t\tquery[\"Cert\"] = request.Cert\n\t}\n\n\tif !dara.IsNil(request.EncryptCert) {\n\t\tquery[\"EncryptCert\"] = request.EncryptCert\n\t}\n\n\tif !dara.IsNil(request.EncryptPrivateKey) {\n\t\tquery[\"EncryptPrivateKey\"] = request.EncryptPrivateKey\n\t}\n\n\tif !dara.IsNil(request.Key) {\n\t\tquery[\"Key\"] = request.Key\n\t}\n\n\tif !dara.IsNil(request.Name) {\n\t\tquery[\"Name\"] = request.Name\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.SignCert) {\n\t\tquery[\"SignCert\"] = request.SignCert\n\t}\n\n\tif !dara.IsNil(request.SignPrivateKey) {\n\t\tquery[\"SignPrivateKey\"] = request.SignPrivateKey\n\t}\n\n\tif !dara.IsNil(request.Tags) {\n\t\tquery[\"Tags\"] = request.Tags\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"UploadUserCertificate\"),\n\t\tVersion: dara.String(\"2020-04-07\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicas.UploadUserCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aliyun-slb/aliyun_slb.go",
"content": "package aliyunslb\n\nimport (\n\t\"context\"\n\t\"crypto/sha1\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"regexp\"\n\t\"strings\"\n\t\"time\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\talislb \"github.com/alibabacloud-go/slb-20140515/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-slb/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.SlbClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates\n\tdescribeServerCertificatesReq := &alislb.DescribeServerCertificatesRequest{\n\t\tResourceGroupId: lo.EmptyableToPtr(c.config.ResourceGroupId),\n\t\tRegionId: tea.String(c.config.Region),\n\t}\n\tdescribeServerCertificatesResp, err := c.sdkClient.DescribeServerCertificatesWithContext(ctx, describeServerCertificatesReq, &dara.RuntimeOptions{})\n\tc.logger.Debug(\"sdk request 'slb.DescribeServerCertificates'\", slog.Any(\"request\", describeServerCertificatesReq), slog.Any(\"response\", describeServerCertificatesResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'slb.DescribeServerCertificates': %w\", err)\n\t}\n\n\tif describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil {\n\t\tfingerprintSha256 := sha256.Sum256(certX509.Raw)\n\t\tfingerprintSha256Hex := hex.EncodeToString(fingerprintSha256[:])\n\t\tfingerprintSha1 := sha1.Sum(certX509.Raw)\n\t\tfingerprintSha1Hex := hex.EncodeToString(fingerprintSha1[:])\n\t\tfor _, certItem := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate {\n\t\t\tif tea.Int32Value(certItem.IsAliCloudCertificate) != 0 {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, tea.StringValue(certItem.CommonName)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书 SHA-1 或 SHA-256 摘要\n\t\t\toldFingerprint := strings.ReplaceAll(tea.StringValue(certItem.Fingerprint), \":\", \"\")\n\t\t\tif !strings.EqualFold(fingerprintSha256Hex, oldFingerprint) && !strings.EqualFold(fingerprintSha1Hex, oldFingerprint) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: *certItem.ServerCertificateId,\n\t\t\t\tCertName: *certItem.ServerCertificateName,\n\t\t\t}, nil\n\t\t}\n\t}\n\n\t// 生成新证书名(需符合阿里云命名规则)\n\tcertName := fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())\n\n\t// 去除证书和私钥内容中的空白行,以符合阿里云 API 要求\n\t// REF: https://github.com/certimate-go/certimate/issues/326\n\tre := regexp.MustCompile(`(?m)^\\s*$\\n?`)\n\tcertPEM = strings.TrimSpace(re.ReplaceAllString(certPEM, \"\"))\n\tprivkeyPEM = strings.TrimSpace(re.ReplaceAllString(privkeyPEM, \"\"))\n\n\t// 上传新证书\n\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate\n\tuploadServerCertificateReq := &alislb.UploadServerCertificateRequest{\n\t\tResourceGroupId: lo.EmptyableToPtr(c.config.ResourceGroupId),\n\t\tRegionId: tea.String(c.config.Region),\n\t\tServerCertificateName: tea.String(certName),\n\t\tServerCertificate: tea.String(certPEM),\n\t\tPrivateKey: tea.String(privkeyPEM),\n\t}\n\tuploadServerCertificateResp, err := c.sdkClient.UploadServerCertificateWithContext(ctx, uploadServerCertificateReq, &dara.RuntimeOptions{})\n\tc.logger.Debug(\"sdk request 'slb.UploadServerCertificate'\", slog.Any(\"request\", uploadServerCertificateReq), slog.Any(\"response\", uploadServerCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'slb.UploadServerCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: *uploadServerCertificateResp.Body.ServerCertificateId,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.SlbClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/Slb\n\tvar endpoint string\n\tswitch region {\n\tcase \"\",\n\t\t\"cn-hangzhou\",\n\t\t\"cn-hangzhou-finance\",\n\t\t\"cn-shanghai-finance-1\",\n\t\t\"cn-shenzhen-finance-1\":\n\t\tendpoint = \"slb.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"slb.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tEndpoint: tea.String(endpoint),\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t}\n\n\tclient, err := internal.NewSlbClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aliyun-slb/aliyun_slb_test.go",
"content": "package aliyunslb_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-slb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNSLB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_slb_test.go -args \\\n\t--ALIYUNSLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNSLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNSLB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNSLB_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNSLB_REGION=\"cn-hangzhou\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aliyun-slb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\talislb \"github.com/alibabacloud-go/slb-20140515/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/slb-20140515/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype SlbClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewSlbClient(config *openapi.Config) (*SlbClient, error) {\n\tclient := new(SlbClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *SlbClient) Init(config *openapi.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *SlbClient) DescribeServerCertificatesWithContext(ctx context.Context, request *alislb.DescribeServerCertificatesRequest, runtime *dara.RuntimeOptions) (_result *alislb.DescribeServerCertificatesResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\tif !dara.IsNil(request.ServerCertificateId) {\n\t\tquery[\"ServerCertificateId\"] = request.ServerCertificateId\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeServerCertificates\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.DescribeServerCertificatesResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *SlbClient) UploadServerCertificateWithContext(ctx context.Context, request *alislb.UploadServerCertificateRequest, runtime *dara.RuntimeOptions) (_result *alislb.UploadServerCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.AliCloudCertificateId) {\n\t\tquery[\"AliCloudCertificateId\"] = request.AliCloudCertificateId\n\t}\n\n\tif !dara.IsNil(request.AliCloudCertificateName) {\n\t\tquery[\"AliCloudCertificateName\"] = request.AliCloudCertificateName\n\t}\n\n\tif !dara.IsNil(request.AliCloudCertificateRegionId) {\n\t\tquery[\"AliCloudCertificateRegionId\"] = request.AliCloudCertificateRegionId\n\t}\n\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.PrivateKey) {\n\t\tquery[\"PrivateKey\"] = request.PrivateKey\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\tif !dara.IsNil(request.ServerCertificate) {\n\t\tquery[\"ServerCertificate\"] = request.ServerCertificate\n\t}\n\n\tif !dara.IsNil(request.ServerCertificateName) {\n\t\tquery[\"ServerCertificateName\"] = request.ServerCertificateName\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"UploadServerCertificate\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.UploadServerCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aws-acm/aws_acm.go",
"content": "package awsacm\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\taws \"github.com/aws/aws-sdk-go-v2/aws\"\n\tawscfg \"github.com/aws/aws-sdk-go-v2/config\"\n\tawscred \"github.com/aws/aws-sdk-go-v2/credentials\"\n\tawsacm \"github.com/aws/aws-sdk-go-v2/service/acm\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// AWS AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// AWS SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// AWS 区域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *awsacm.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 获取证书列表,避免重复上传\n\t// REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_ListCertificates.html\n\t// REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_GetCertificate.html\n\tlistCertificatesNextToken := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCertificatesReq := &awsacm.ListCertificatesInput{\n\t\t\tNextToken: listCertificatesNextToken,\n\t\t\tMaxItems: aws.Int32(1000),\n\t\t}\n\t\tlistCertificatesResp, err := c.sdkClient.ListCertificates(ctx, listCertificatesReq)\n\t\tc.logger.Debug(\"sdk request 'acm.ListCertificates'\", slog.Any(\"request\", listCertificatesReq), slog.Any(\"response\", listCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'acm.ListCertificates': %w\", err)\n\t\t}\n\n\t\tfor _, certItem := range listCertificatesResp.CertificateSummaryList {\n\t\t\t// 对比证书有效期\n\t\t\tif certItem.NotBefore == nil || !certItem.NotBefore.Equal(certX509.NotBefore) {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif certItem.NotAfter == nil || !certItem.NotAfter.Equal(certX509.NotAfter) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书多域名\n\t\t\tif !strings.EqualFold(strings.Join(certX509.DNSNames, \",\"), strings.Join(certItem.SubjectAlternativeNameSummaries, \",\")) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tgetCertificateReq := &awsacm.GetCertificateInput{\n\t\t\t\tCertificateArn: certItem.CertificateArn,\n\t\t\t}\n\t\t\tgetCertificateResp, err := c.sdkClient.GetCertificate(ctx, getCertificateReq)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'acm.GetCertificate': %w\", err)\n\t\t\t} else {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, aws.ToString(getCertificateResp.Certificate)) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: *certItem.CertificateArn,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(listCertificatesResp.CertificateSummaryList) == 0 || listCertificatesResp.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCertificatesNextToken = listCertificatesResp.NextToken\n\t}\n\n\t// 导入证书\n\t// REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_ImportCertificate.html\n\timportCertificateReq := &awsacm.ImportCertificateInput{\n\t\tCertificate: ([]byte)(serverCertPEM),\n\t\tCertificateChain: ([]byte)(intermediaCertPEM),\n\t\tPrivateKey: ([]byte)(privkeyPEM),\n\t}\n\timportCertificateResp, err := c.sdkClient.ImportCertificate(ctx, importCertificateReq)\n\tc.logger.Debug(\"sdk request 'acm.ImportCertificate'\", slog.Any(\"request\", importCertificateReq), slog.Any(\"response\", importCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'acm.ImportCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: aws.ToString(importCertificateResp.CertificateArn),\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 导入证书\n\t// REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_ImportCertificate.html\n\timportCertificateReq := &awsacm.ImportCertificateInput{\n\t\tCertificateArn: aws.String(certIdOrName),\n\t\tCertificate: ([]byte)(serverCertPEM),\n\t\tCertificateChain: ([]byte)(intermediaCertPEM),\n\t\tPrivateKey: ([]byte)(privkeyPEM),\n\t}\n\timportCertificateResp, err := c.sdkClient.ImportCertificate(ctx, importCertificateReq)\n\tc.logger.Debug(\"sdk request 'acm.ImportCertificate'\", slog.Any(\"request\", importCertificateReq), slog.Any(\"response\", importCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'acm.ImportCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*awsacm.Client, error) {\n\tcfg, err := awscfg.LoadDefaultConfig(context.Background())\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := awsacm.NewFromConfig(cfg, func(o *awsacm.Options) {\n\t\to.Region = region\n\t\to.Credentials = aws.NewCredentialsCache(awscred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, \"\"))\n\t})\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/aws-iam/aws_iam.go",
"content": "package awsiam\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\taws \"github.com/aws/aws-sdk-go-v2/aws\"\n\tawscfg \"github.com/aws/aws-sdk-go-v2/config\"\n\tawscred \"github.com/aws/aws-sdk-go-v2/credentials\"\n\tawsiam \"github.com/aws/aws-sdk-go-v2/service/iam\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// AWS AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// AWS SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// AWS 区域。\n\tRegion string `json:\"region\"`\n\t// IAM 证书路径。\n\t// 选填。\n\tCertificatePath string `json:\"certificatePath,omitempty\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *awsiam.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 获取证书列表,避免重复上传\n\t// REF: https://docs.aws.amazon.com/en_us/IAM/latest/APIReference/API_ListServerCertificates.html\n\t// REF: https://docs.aws.amazon.com/en_us/IAM/latest/APIReference/API_GetServerCertificate.html\n\tlistServerCertificatesMarker := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistServerCertificatesReq := &awsiam.ListServerCertificatesInput{\n\t\t\tMarker: listServerCertificatesMarker,\n\t\t\tMaxItems: aws.Int32(1000),\n\t\t}\n\t\tif c.config.CertificatePath != \"\" {\n\t\t\tlistServerCertificatesReq.PathPrefix = aws.String(c.config.CertificatePath)\n\t\t}\n\t\tlistServerCertificatesResp, err := c.sdkClient.ListServerCertificates(ctx, listServerCertificatesReq)\n\t\tc.logger.Debug(\"sdk request 'iam.ListServerCertificates'\", slog.Any(\"request\", listServerCertificatesReq), slog.Any(\"response\", listServerCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'iam.ListServerCertificates': %w\", err)\n\t\t}\n\n\t\tfor _, certItem := range listServerCertificatesResp.ServerCertificateMetadataList {\n\t\t\t// 对比证书路径\n\t\t\tif c.config.CertificatePath != \"\" && aws.ToString(certItem.Path) != c.config.CertificatePath {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\tif certItem.Expiration == nil || !certItem.Expiration.Equal(certX509.NotAfter) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tgetServerCertificateReq := &awsiam.GetServerCertificateInput{\n\t\t\t\tServerCertificateName: certItem.ServerCertificateName,\n\t\t\t}\n\t\t\tgetServerCertificateResp, err := c.sdkClient.GetServerCertificate(ctx, getServerCertificateReq)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'iam.GetServerCertificate': %w\", err)\n\t\t\t} else {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, aws.ToString(getServerCertificateResp.ServerCertificate.CertificateBody)) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: aws.ToString(certItem.ServerCertificateId),\n\t\t\t\tCertName: aws.ToString(certItem.ServerCertificateName),\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(listServerCertificatesResp.ServerCertificateMetadataList) == 0 || listServerCertificatesResp.Marker == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistServerCertificatesMarker = listServerCertificatesResp.Marker\n\t}\n\n\t// 生成新证书名(需符合 AWS IAM 命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 导入证书\n\t// REF: https://docs.aws.amazon.com/en_us/IAM/latest/APIReference/API_UploadServerCertificate.html\n\tuploadServerCertificateReq := &awsiam.UploadServerCertificateInput{\n\t\tServerCertificateName: aws.String(certName),\n\t\tPath: aws.String(c.config.CertificatePath),\n\t\tCertificateBody: aws.String(serverCertPEM),\n\t\tCertificateChain: aws.String(intermediaCertPEM),\n\t\tPrivateKey: aws.String(privkeyPEM),\n\t}\n\tif c.config.CertificatePath == \"\" {\n\t\tuploadServerCertificateReq.Path = aws.String(\"/\")\n\t}\n\tuploadServerCertificateResp, err := c.sdkClient.UploadServerCertificate(ctx, uploadServerCertificateReq)\n\tc.logger.Debug(\"sdk request 'iam.UploadServerCertificate'\", slog.Any(\"request\", uploadServerCertificateReq), slog.Any(\"response\", uploadServerCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'iam.UploadServerCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: aws.ToString(uploadServerCertificateResp.ServerCertificateMetadata.ServerCertificateId),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*awsiam.Client, error) {\n\tcfg, err := awscfg.LoadDefaultConfig(context.Background())\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := awsiam.NewFromConfig(cfg, func(o *awsiam.Options) {\n\t\to.Region = region\n\t\to.Credentials = aws.NewCredentialsCache(awscred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, \"\"))\n\t})\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/azure-keyvault/azure_keyvault.go",
"content": "package azurekeyvault\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/Azure/azure-sdk-for-go/sdk/azcore\"\n\t\"github.com/Azure/azure-sdk-for-go/sdk/azcore/to\"\n\t\"github.com/Azure/azure-sdk-for-go/sdk/azidentity\"\n\t\"github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azcertificates\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tazenv \"github.com/certimate-go/certimate/pkg/sdk3rd/azure/env\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// Azure TenantId。\n\tTenantId string `json:\"tenantId\"`\n\t// Azure ClientId。\n\tClientId string `json:\"clientId\"`\n\t// Azure ClientSecret。\n\tClientSecret string `json:\"clientSecret\"`\n\t// Azure 主权云环境。\n\tCloudName string `json:\"cloudName,omitempty\"`\n\t// Key Vault 名称。\n\tKeyVaultName string `json:\"keyvaultName\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *azcertificates.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.CloudName, config.TenantId, config.ClientId, config.ClientSecret, config.KeyVaultName)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 生成 Azure 业务参数\n\tcertCN := certX509.Subject.CommonName\n\tcertSN := certX509.SerialNumber.Text(16)\n\n\t// 获取证书列表,避免重复上传\n\t// REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/get-certificates/get-certificates\n\tlistCertificatesPager := c.sdkClient.NewListCertificatePropertiesPager(&azcertificates.ListCertificatePropertiesOptions{})\n\tfor listCertificatesPager.More() {\n\t\tpage, err := listCertificatesPager.NextPage(ctx)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'keyvault.GetCertificates': %w\", err)\n\t\t}\n\n\t\tfor _, certItem := range page.Value {\n\t\t\t// 对比证书有效期\n\t\t\tif certItem.Attributes == nil {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif certItem.Attributes.NotBefore == nil || !certItem.Attributes.NotBefore.Equal(certX509.NotBefore) {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif certItem.Attributes.Expires == nil || !certItem.Attributes.Expires.Equal(certX509.NotAfter) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比 Tag 中的通用名称\n\t\t\tif v, ok := certItem.Tags[kvTagCertCN]; !ok || v == nil {\n\t\t\t\tcontinue\n\t\t\t} else if *v != certCN {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比 Tag 中的序列号\n\t\t\tif v, ok := certItem.Tags[kvTagCertSN]; !ok || v == nil {\n\t\t\t\tcontinue\n\t\t\t} else if *v != certSN {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tgetCertificateResp, err := c.sdkClient.GetCertificate(ctx, certItem.ID.Name(), certItem.ID.Version(), nil)\n\t\t\tc.logger.Debug(\"sdk request 'keyvault.GetCertificate'\", slog.String(\"request.certificateName\", certItem.ID.Name()), slog.String(\"request.certificateVersion\", certItem.ID.Version()), slog.Any(\"response\", getCertificateResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'keyvault.GetCertificate': %w\", err)\n\t\t\t} else {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, string(getCertificateResp.CER)) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: string(*certItem.ID),\n\t\t\t\tCertName: certItem.ID.Name(),\n\t\t\t}, nil\n\t\t}\n\t}\n\n\t// 生成新证书名(需符合 Azure 命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// Azure Key Vault 不支持导入带有 Certificate Chain 的 PEM 证书。\n\t// Issue Link: https://github.com/Azure/azure-cli/issues/19017\n\t// 暂时的解决方法是,将 PEM 证书转换成 PFX 格式,然后再导入。\n\tcertPFX, err := xcert.TransformCertificateFromPEMToPFX(certPEM, privkeyPEM, \"\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to transform certificate from PEM to PFX: %w\", err)\n\t}\n\n\t// 导入证书\n\t// REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate\n\timportCertificateParams := azcertificates.ImportCertificateParameters{\n\t\tBase64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(certPFX)),\n\t\tCertificatePolicy: &azcertificates.CertificatePolicy{\n\t\t\tSecretProperties: &azcertificates.SecretProperties{\n\t\t\t\tContentType: to.Ptr(\"application/x-pkcs12\"),\n\t\t\t},\n\t\t},\n\t\tTags: map[string]*string{\n\t\t\tkvTagCertCN: to.Ptr(certCN),\n\t\t\tkvTagCertSN: to.Ptr(certSN),\n\t\t},\n\t}\n\timportCertificateResp, err := c.sdkClient.ImportCertificate(ctx, certName, importCertificateParams, nil)\n\tc.logger.Debug(\"sdk request 'keyvault.ImportCertificate'\", slog.String(\"request.certificateName\", certName), slog.Any(\"request.parameters\", importCertificateParams), slog.Any(\"response\", importCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'keyvault.ImportCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: string(*importCertificateResp.ID),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 转换证书格式\n\tcertPFX, err := xcert.TransformCertificateFromPEMToPFX(certPEM, privkeyPEM, \"\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to transform certificate from PEM to PFX: %w\", err)\n\t}\n\n\t// 获取证书\n\t// REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/get-certificate/get-certificate\n\tgetCertificateResp, err := c.sdkClient.GetCertificate(ctx, certIdOrName, \"\", nil)\n\tc.logger.Debug(\"sdk request 'keyvault.GetCertificate'\", slog.String(\"request.certificateName\", certIdOrName), slog.Any(\"response\", getCertificateResp))\n\tif err != nil {\n\t\tvar respErr *azcore.ResponseError\n\t\tif !errors.As(err, &respErr) || (respErr.ErrorCode != \"ResourceNotFound\" && respErr.ErrorCode != \"CertificateNotFound\") {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'keyvault.GetCertificate': %w\", err)\n\t\t}\n\t} else {\n\t\t// 如果已存在相同证书,直接返回\n\t\tif xcert.EqualCertificatesFromPEM(certPEM, string(getCertificateResp.CER)) {\n\t\t\treturn &certmgr.OperateResult{}, nil\n\t\t}\n\t}\n\n\t// 导入证书\n\t// REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate\n\timportCertificateParams := azcertificates.ImportCertificateParameters{\n\t\tBase64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(certPFX)),\n\t\tCertificatePolicy: &azcertificates.CertificatePolicy{\n\t\t\tSecretProperties: &azcertificates.SecretProperties{\n\t\t\t\tContentType: to.Ptr(\"application/x-pkcs12\"),\n\t\t\t},\n\t\t},\n\t\tTags: map[string]*string{\n\t\t\tkvTagCertCN: to.Ptr(certX509.Subject.CommonName),\n\t\t\tkvTagCertSN: to.Ptr(certX509.SerialNumber.Text(16)),\n\t\t},\n\t}\n\timportCertificateResp, err := c.sdkClient.ImportCertificate(ctx, certIdOrName, importCertificateParams, nil)\n\tc.logger.Debug(\"sdk request 'keyvault.ImportCertificate'\", slog.String(\"request.certificateName\", certIdOrName), slog.Any(\"request.parameters\", importCertificateParams), slog.Any(\"response\", importCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'keyvault.ImportCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nconst (\n\tkvTagCertCN = \"certimate/cert-cn\"\n\tkvTagCertSN = \"certimate/cert-sn\"\n)\n\nfunc createSDKClient(cloudName, tenantId, clientId, clientSecret, keyvaultName string) (*azcertificates.Client, error) {\n\tenv, err := azenv.GetCloudEnvConfiguration(cloudName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclientOptions := azcore.ClientOptions{Cloud: env}\n\tcredential, err := azidentity.NewClientSecretCredential(tenantId, clientId, clientSecret,\n\t\t&azidentity.ClientSecretCredentialOptions{ClientOptions: clientOptions})\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tendpoint := fmt.Sprintf(\"https://%s.vault.azure.net\", keyvaultName)\n\tif azenv.IsUSGovernmentEnv(cloudName) {\n\t\tendpoint = fmt.Sprintf(\"https://%s.vault.usgovcloudapi.net\", keyvaultName)\n\t} else if azenv.IsChinaEnv(cloudName) {\n\t\tendpoint = fmt.Sprintf(\"https://%s.vault.azure.cn\", keyvaultName)\n\t}\n\n\tclient, err := azcertificates.NewClient(endpoint, credential, nil)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/azure-keyvault/azure_keyvault_test.go",
"content": "package azurekeyvault_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/azure-keyvault\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfTenantId string\n\tfClientId string\n\tfClientSecret string\n\tfCloudName string\n\tfKeyVaultName string\n)\n\nfunc init() {\n\targsPrefix := \"AZUREKEYVAULT_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fTenantId, argsPrefix+\"TENANTID\", \"\", \"\")\n\tflag.StringVar(&fClientId, argsPrefix+\"CLIENTID\", \"\", \"\")\n\tflag.StringVar(&fClientSecret, argsPrefix+\"CLIENTSECRET\", \"\", \"\")\n\tflag.StringVar(&fCloudName, argsPrefix+\"CLOUDNAME\", \"\", \"\")\n\tflag.StringVar(&fKeyVaultName, argsPrefix+\"KEYVAULTNAME\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./azure_keyvault_test.go -args \\\n\t--AZUREKEYVAULT_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--AZUREKEYVAULT_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--AZUREKEYVAULT_TENANTID=\"your-tenant-id\" \\\n\t--AZUREKEYVAULT_CLIENTID=\"your-app-registration-client-id\" \\\n\t--AZUREKEYVAULT_CLIENTSECRET=\"your-app-registration-client-secret\" \\\n\t--AZUREKEYVAULT_CLOUDNAME=\"china\" \\\n\t--AZUREKEYVAULT_KEYVAULTNAME=\"your-keyvault-name\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"TENANTID: %v\", fTenantId),\n\t\t\tfmt.Sprintf(\"CLIENTID: %v\", fClientId),\n\t\t\tfmt.Sprintf(\"CLIENTSECRET: %v\", fClientSecret),\n\t\t\tfmt.Sprintf(\"CLOUDNAME: %v\", fCloudName),\n\t\t\tfmt.Sprintf(\"KEYVAULTNAME: %v\", fKeyVaultName),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tTenantId: fTenantId,\n\t\t\tClientId: fClientId,\n\t\t\tClientSecret: fClientSecret,\n\t\t\tCloudName: fCloudName,\n\t\t\tKeyVaultName: fKeyVaultName,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/baiducloud-cert/baiducloud_cert.go",
"content": "package baiducloudcert\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tbaiducert \"github.com/certimate-go/certimate/pkg/sdk3rd/baiducloud/cert\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 百度智能云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 百度智能云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *baiducert.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查看证书列表\n\t// REF: https://cloud.baidu.com/doc/Reference/s/Gjwvz27xu#35-%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E5%88%97%E8%A1%A8%E8%AF%A6%E6%83%85\n\tlistCertDetail, err := c.sdkClient.ListCertDetail()\n\tc.logger.Debug(\"sdk request 'cert.ListCertDetail'\", slog.Any(\"response\", listCertDetail))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cert.ListCertDetail': %w\", err)\n\t} else {\n\t\tfor _, certItem := range listCertDetail.Certs {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, certItem.CertCommonName) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\toldCertNotBefore, _ := time.Parse(\"2006-01-02T15:04:05Z\", certItem.CertStartTime)\n\t\t\toldCertNotAfter, _ := time.Parse(\"2006-01-02T15:04:05Z\", certItem.CertStopTime)\n\t\t\tif !certX509.NotBefore.Equal(oldCertNotBefore) || !certX509.NotAfter.Equal(oldCertNotAfter) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书多域名\n\t\t\tif certItem.CertDNSNames != strings.Join(certX509.DNSNames, \",\") {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tgetCertDetailResp, err := c.sdkClient.GetCertRawData(certItem.CertId)\n\t\t\tc.logger.Debug(\"sdk request 'cert.GetCertRawData'\", slog.Any(\"certId\", certItem.CertId), slog.Any(\"response\", getCertDetailResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cert.GetCertRawData': %w\", err)\n\t\t\t} else {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, getCertDetailResp.CertServerData) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: certItem.CertId,\n\t\t\t\tCertName: certItem.CertName,\n\t\t\t}, nil\n\t\t}\n\t}\n\n\t// 创建证书\n\t// REF: https://cloud.baidu.com/doc/Reference/s/Gjwvz27xu#31-%E5%88%9B%E5%BB%BA%E8%AF%81%E4%B9%A6\n\tcreateCertReq := &baiducert.CreateCertArgs{}\n\tcreateCertReq.CertName = fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\tcreateCertReq.CertServerData = certPEM\n\tcreateCertReq.CertPrivateData = privkeyPEM\n\tcreateCertResp, err := c.sdkClient.CreateCert(createCertReq)\n\tc.logger.Debug(\"sdk request 'cert.CreateCert'\", slog.Any(\"request\", createCertReq), slog.Any(\"response\", createCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cert.CreateCert': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: createCertResp.CertId,\n\t\tCertName: createCertResp.CertName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*baiducert.Client, error) {\n\tclient, err := baiducert.NewClient(accessKeyId, secretAccessKey, \"\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/baiducloud-cert/baiducloud_cert_test.go",
"content": "package baiducloudcert_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/baiducloud-cert\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n)\n\nfunc init() {\n\targsPrefix := \"BAIDUCLOUDCERT_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baiducloud_cert_test.go -args \\\n\t--BAIDUCLOUDCERT_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAIDUCLOUDCERT_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAIDUCLOUDCERT_ACCESSKEYID=\"your-access-key-id\" \\\n\t--BAIDUCLOUDCERT_SECRETACCESSKEY=\"your-access-key-secret\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/baishan-cdn/baishan_cdn.go",
"content": "package baishancdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"regexp\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tbaishansdk \"github.com/certimate-go/certimate/pkg/sdk3rd/baishan\"\n)\n\ntype CertmgrConfig struct {\n\t// 白山云 API Token。\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *baishansdk.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 生成新证书名(需符合白山云命名规则)\n\tcertName := fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())\n\n\t// 新增证书\n\t// REF: https://portal.baishancloud.com/track/document/downloadPdf/1441\n\tcertId := \"\"\n\tuploadDomainCertificateReq := &baishansdk.UploadDomainCertificateRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCertificate: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tuploadDomainCertificateResp, err := d.sdkClient.UploadDomainCertificateWithContext(ctx, uploadDomainCertificateReq)\n\td.logger.Debug(\"sdk request 'baishan.UploadDomainCertificate'\", slog.Any(\"request\", uploadDomainCertificateReq), slog.Any(\"response\", uploadDomainCertificateResp))\n\tif err != nil {\n\t\tif uploadDomainCertificateResp != nil {\n\t\t\tif uploadDomainCertificateResp.GetCode() == 400699 && strings.Contains(uploadDomainCertificateResp.GetMessage(), \"this certificate is exists\") {\n\t\t\t\t// 证书已存在,忽略新增证书接口错误\n\t\t\t\tre := regexp.MustCompile(`\\d+`)\n\t\t\t\tcertId = re.FindString(uploadDomainCertificateResp.GetMessage())\n\t\t\t}\n\t\t}\n\n\t\tif certId == \"\" {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'baishan.SetDomainCertificate': %w\", err)\n\t\t}\n\t} else {\n\t\tcertId = uploadDomainCertificateResp.Data.CertId.String()\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: certId,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (d *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\t// 替换证书\n\t// REF: https://portal.baishancloud.com/track/document/downloadPdf/1441\n\tuploadDomainCertificateReq := &baishansdk.UploadDomainCertificateRequest{\n\t\tCertificateId: lo.ToPtr(certIdOrName),\n\t\tName: lo.ToPtr(fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())),\n\t\tCertificate: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tuploadDomainCertificateResp, err := d.sdkClient.UploadDomainCertificateWithContext(ctx, uploadDomainCertificateReq)\n\td.logger.Debug(\"sdk request 'baishan.UploadDomainCertificate'\", slog.Any(\"request\", uploadDomainCertificateReq), slog.Any(\"response\", uploadDomainCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'baishan.UploadDomainCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nfunc createSDKClient(apiToken string) (*baishansdk.Client, error) {\n\treturn baishansdk.NewClient(apiToken)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/baishan-cdn/baishan_cdn_test.go",
"content": "package baishancdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/baishan-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiToken string\n)\n\nfunc init() {\n\targsPrefix := \"BAISHANCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baishan_cdn_test.go -args \\\n\t--BAISHANCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAISHANCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAISHANCDN_APITOKEN=\"your-api-token\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tApiToken: fApiToken,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/byteplus-cdn/byteplus_cdn.go",
"content": "package bytepluscdn\n\nimport (\n\t\"context\"\n\t\"crypto/sha1\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\tbytepluscdn \"github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// BytePlus AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// BytePlus SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *bytepluscdn.CDN\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient := bytepluscdn.NewInstance()\n\tclient.Client.SetAccessKey(config.AccessKey)\n\tclient.Client.SetSecretKey(config.SecretKey)\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-listcertinfo\n\tlistCertInfoPageNum := 1\n\tlistCertInfoPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCertInfoReq := &bytepluscdn.ListCertInfoRequest{\n\t\t\tPageNum: bytepluscdn.GetInt64Ptr(int64(listCertInfoPageNum)),\n\t\t\tPageSize: bytepluscdn.GetInt64Ptr(int64(listCertInfoPageSize)),\n\t\t\tSource: bytepluscdn.GetStrPtr(\"cert_center\"),\n\t\t}\n\t\tlistCertInfoResp, err := c.sdkClient.ListCertInfo(listCertInfoReq)\n\t\tc.logger.Debug(\"sdk request 'cdn.ListCertInfo'\", slog.Any(\"request\", listCertInfoReq), slog.Any(\"response\", listCertInfoResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.ListCertInfo': %w\", err)\n\t\t}\n\n\t\tfor _, certItem := range listCertInfoResp.Result.CertInfo {\n\t\t\t// 对比证书 SHA-1 摘要\n\t\t\tfingerprintSha1 := sha1.Sum(certX509.Raw)\n\t\t\tif !strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certItem.CertFingerprint.Sha1) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书 SHA-256 摘要\n\t\t\tfingerprintSha256 := sha256.Sum256(certX509.Raw)\n\t\t\tif !strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certItem.CertFingerprint.Sha256) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: certItem.CertId,\n\t\t\t\tCertName: certItem.Desc,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(listCertInfoResp.Result.CertInfo) < listCertInfoPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCertInfoPageNum++\n\t}\n\n\t// 生成新证书名(需符合 BytePlus 命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 上传新证书\n\t// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-addcertificate\n\taddCertificateReq := &bytepluscdn.AddCertificateRequest{\n\t\tCertificate: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t\tSource: bytepluscdn.GetStrPtr(\"cert_center\"),\n\t\tDesc: bytepluscdn.GetStrPtr(certName),\n\t}\n\taddCertificateResp, err := c.sdkClient.AddCertificate(addCertificateReq)\n\tc.logger.Debug(\"sdk request 'cdn.AddCertificate'\", slog.Any(\"request\", addCertificateReq), slog.Any(\"response\", addCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.AddCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: addCertificateResp.Result.CertId,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-ao/ctcccloud_ao.go",
"content": "package ctcccloudao\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tctyunao \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/ao\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunao.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询用户名下证书列表,避免重复上传\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=113&api=13175&data=174&isNormal=1&vid=167\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=113&api=13015&data=174&isNormal=1&vid=167\n\tlistCertPage := 1\n\tlistCertPerPage := 1000\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCertsReq := &ctyunao.ListCertsRequest{\n\t\t\tPage: lo.ToPtr(int32(listCertPage)),\n\t\t\tPerPage: lo.ToPtr(int32(listCertPerPage)),\n\t\t\tUsageMode: lo.ToPtr(int32(0)),\n\t\t}\n\t\tlistCertsResp, err := c.sdkClient.ListCertsWithContext(ctx, listCertsReq)\n\t\tc.logger.Debug(\"sdk request 'ao.ListCerts'\", slog.Any(\"request\", listCertsReq), slog.Any(\"response\", listCertsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ao.ListCerts': %w\", err)\n\t\t}\n\n\t\tif listCertsResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range listCertsResp.ReturnObj.Results {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, certItem.CN) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书扩展名称\n\t\t\tif !slices.Equal(certX509.DNSNames, certItem.SANs) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\tif !certX509.NotBefore.Equal(time.Unix(certItem.IssueTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t} else if !certX509.NotAfter.Equal(time.Unix(certItem.ExpiresTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tqueryCertReq := &ctyunao.QueryCertRequest{\n\t\t\t\tId: lo.ToPtr(certItem.Id),\n\t\t\t}\n\t\t\tqueryCertResp, err := c.sdkClient.QueryCertWithContext(ctx, queryCertReq)\n\t\t\tc.logger.Debug(\"sdk request 'ao.QueryCert'\", slog.Any(\"request\", queryCertReq), slog.Any(\"response\", queryCertResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ao.QueryCert': %w\", err)\n\t\t\t} else if queryCertResp.ReturnObj != nil && queryCertResp.ReturnObj.Result != nil {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, queryCertResp.ReturnObj.Result.Certs) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: fmt.Sprintf(\"%d\", queryCertResp.ReturnObj.Result.Id),\n\t\t\t\tCertName: queryCertResp.ReturnObj.Result.Name,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(listCertsResp.ReturnObj.Results) < listCertPerPage {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCertPage++\n\t}\n\n\t// 生成新证书名(需符合天翼云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建证书\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=113&api=13014&data=174&isNormal=1&vid=167\n\tcreateCertReq := &ctyunao.CreateCertRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCerts: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tcreateCertResp, err := c.sdkClient.CreateCertWithContext(ctx, createCertReq)\n\tc.logger.Debug(\"sdk request 'ao.CreateCert'\", slog.Any(\"request\", createCertReq), slog.Any(\"response\", createCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ao.CreateCert': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", createCertResp.ReturnObj.Id),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunao.Client, error) {\n\treturn ctyunao.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-ao/ctcccloud_ao_test.go",
"content": "package ctcccloudao_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-ao\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDAO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_ao_test.go -args \\\n\t--CTCCCLOUDAO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDAO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDAO_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDAO_SECRETACCESSKEY=\"your-secret-access-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-cdn/ctcccloud_cdn.go",
"content": "package ctcccloudcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tctyuncdn \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/cdn\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyuncdn.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=10901&data=161&isNormal=1&vid=154\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=10899&data=161&isNormal=1&vid=154\n\tqueryCertListPage := 1\n\tqueryCertListPerPage := 1000\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tqueryCertListReq := &ctyuncdn.QueryCertListRequest{\n\t\t\tPage: lo.ToPtr(int32(queryCertListPage)),\n\t\t\tPerPage: lo.ToPtr(int32(queryCertListPerPage)),\n\t\t\tUsageMode: lo.ToPtr(int32(0)),\n\t\t}\n\t\tqueryCertListResp, err := c.sdkClient.QueryCertListWithContext(ctx, queryCertListReq)\n\t\tc.logger.Debug(\"sdk request 'cdn.QueryCertList'\", slog.Any(\"request\", queryCertListReq), slog.Any(\"response\", queryCertListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.QueryCertList': %w\", err)\n\t\t}\n\n\t\tif queryCertListResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range queryCertListResp.ReturnObj.Results {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, certItem.CN) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书扩展名称\n\t\t\tif !slices.Equal(certX509.DNSNames, certItem.SANs) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\tif !certX509.NotBefore.Equal(time.Unix(certItem.IssueTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t} else if !certX509.NotAfter.Equal(time.Unix(certItem.ExpiresTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tqueryCertDetailReq := &ctyuncdn.QueryCertDetailRequest{\n\t\t\t\tId: lo.ToPtr(certItem.Id),\n\t\t\t}\n\t\t\tqueryCertDetailResp, err := c.sdkClient.QueryCertDetailWithContext(ctx, queryCertDetailReq)\n\t\t\tc.logger.Debug(\"sdk request 'cdn.QueryCertDetail'\", slog.Any(\"request\", queryCertDetailReq), slog.Any(\"response\", queryCertDetailResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.QueryCertDetail': %w\", err)\n\t\t\t} else if queryCertDetailResp.ReturnObj != nil && queryCertDetailResp.ReturnObj.Result != nil {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, queryCertDetailResp.ReturnObj.Result.Certs) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: fmt.Sprintf(\"%d\", queryCertDetailResp.ReturnObj.Result.Id),\n\t\t\t\tCertName: queryCertDetailResp.ReturnObj.Result.Name,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(queryCertListResp.ReturnObj.Results) < queryCertListPerPage {\n\t\t\tbreak\n\t\t}\n\n\t\tqueryCertListPage++\n\t}\n\n\t// 生成新证书名(需符合天翼云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建证书\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=10893&data=161&isNormal=1&vid=154\n\tcreateCertReq := &ctyuncdn.CreateCertRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCerts: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tcreateCertResp, err := c.sdkClient.CreateCertWithContext(ctx, createCertReq)\n\tc.logger.Debug(\"sdk request 'cdn.CreateCert'\", slog.Any(\"request\", createCertReq), slog.Any(\"response\", createCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.CreateCert': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", createCertResp.ReturnObj.Id),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyuncdn.Client, error) {\n\treturn ctyuncdn.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-cdn/ctcccloud_cdn_test.go",
"content": "package ctcccloudcdn_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_cdn_test.go -args \\\n\t--CTCCCLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDCDN_SECRETACCESSKEY=\"your-secret-access-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-cms/ctcccloud_cms.go",
"content": "package ctcccloudcms\n\nimport (\n\t\"context\"\n\t\"crypto/sha1\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tctyuncms \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/cms\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyuncms.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 避免重复上传\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM); err != nil {\n\t\treturn nil, err\n\t} else if upok {\n\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\treturn upres, nil\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 生成新证书名(需符合天翼云命名规则)\n\tcertName := fmt.Sprintf(\"cm%d\", time.Now().Unix())\n\n\t// 上传证书\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=152&api=17243&data=204&isNormal=1&vid=283\n\tuploadCertificateReq := &ctyuncms.UploadCertificateRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCertificate: lo.ToPtr(serverCertPEM),\n\t\tCertificateChain: lo.ToPtr(intermediaCertPEM),\n\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\tEncryptionStandard: lo.ToPtr(\"INTERNATIONAL\"),\n\t}\n\tuploadCertificateResp, err := c.sdkClient.UploadCertificateWithContext(ctx, uploadCertificateReq)\n\tc.logger.Debug(\"sdk request 'cms.UploadCertificate'\", slog.Any(\"request\", uploadCertificateReq), slog.Any(\"response\", uploadCertificateResp))\n\tif err != nil {\n\t\tif uploadCertificateResp != nil && uploadCertificateResp.GetError() == \"CCMS_100000067\" {\n\t\t\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM); err != nil {\n\t\t\t\treturn nil, err\n\t\t\t} else if !upok {\n\t\t\t\treturn nil, errors.New(\"ctyun cms: no certificate found\")\n\t\t\t} else {\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn upres, nil\n\t\t\t}\n\t\t}\n\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cms.UploadCertificate': %w\", err)\n\t}\n\n\t// 获取刚刚上传证书 ID\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM); err != nil {\n\t\treturn nil, err\n\t} else if !upok {\n\t\treturn nil, fmt.Errorf(\"could not find ssl certificate, may be upload failed\")\n\t} else {\n\t\treturn upres, nil\n\t}\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc (c *Certmgr) tryGetResultIfCertExists(ctx context.Context, certPEM string) (*certmgr.UploadResult, bool, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, false, err\n\t}\n\n\t// 查询用户证书列表\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=152&api=17233&data=204&isNormal=1&vid=283\n\tgetCertificateListPageNum := 1\n\tgetCertificateListPageSize := 10\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, false, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetCertificateListReq := &ctyuncms.GetCertificateListRequest{\n\t\t\tPageNum: lo.ToPtr(int32(getCertificateListPageNum)),\n\t\t\tPageSize: lo.ToPtr(int32(getCertificateListPageSize)),\n\t\t\tKeyword: lo.ToPtr(certX509.Subject.CommonName),\n\t\t\tOrigin: lo.ToPtr(\"UPLOAD\"),\n\t\t}\n\t\tgetCertificateListResp, err := c.sdkClient.GetCertificateListWithContext(ctx, getCertificateListReq)\n\t\tc.logger.Debug(\"sdk request 'cms.GetCertificateList'\", slog.Any(\"request\", getCertificateListReq), slog.Any(\"response\", getCertificateListResp))\n\t\tif err != nil {\n\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request 'cms.GetCertificateList': %w\", err)\n\t\t}\n\n\t\tif getCertificateListResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range getCertificateListResp.ReturnObj.List {\n\t\t\t// 对比证书名称\n\t\t\tif !strings.EqualFold(strings.Join(certX509.DNSNames, \",\"), certItem.DomainName) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\toldCertNotBefore, _ := time.Parse(\"2006-01-02T15:04:05Z\", certItem.IssueTime)\n\t\t\toldCertNotAfter, _ := time.Parse(\"2006-01-02T15:04:05Z\", certItem.ExpireTime)\n\t\t\tif !certX509.NotBefore.Equal(oldCertNotBefore) {\n\t\t\t\tcontinue\n\t\t\t} else if !certX509.NotAfter.Equal(oldCertNotAfter) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书指纹\n\t\t\tfingerprint := sha1.Sum(certX509.Raw)\n\t\t\tfingerprintHex := hex.EncodeToString(fingerprint[:])\n\t\t\tif !strings.EqualFold(fingerprintHex, certItem.Fingerprint) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: certItem.Id,\n\t\t\t\tCertName: certItem.Name,\n\t\t\t}, true, nil\n\t\t}\n\n\t\tif len(getCertificateListResp.ReturnObj.List) < getCertificateListPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tgetCertificateListPageNum++\n\t}\n\n\treturn nil, false, nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyuncms.Client, error) {\n\treturn ctyuncms.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-cms/ctcccloud_cms_test.go",
"content": "package ctcccloudcms_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-cms\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDCMS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_cms_test.go -args \\\n\t--CTCCCLOUDCMS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDCMS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDCMS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDCMS_SECRETACCESSKEY=\"your-secret-access-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-elb/ctcccloud_elb.go",
"content": "package ctcccloudelb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/pocketbase/pocketbase/tools/security\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tctyunelb \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/elb\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 天翼云资源池 ID。\n\tRegionId string `json:\"regionId\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunelb.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 查询证书列表,避免重复上传\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=24&api=5692&data=88&isNormal=1&vid=82\n\tlistCertificatesReq := &ctyunelb.ListCertificatesRequest{\n\t\tRegionID: lo.ToPtr(c.config.RegionId),\n\t}\n\tlistCertificatesResp, err := c.sdkClient.ListCertificatesWithContext(ctx, listCertificatesReq)\n\tc.logger.Debug(\"sdk request 'elb.ListCertificates'\", slog.Any(\"request\", listCertificatesReq), slog.Any(\"response\", listCertificatesResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'elb.ListCertificates': %w\", err)\n\t} else {\n\t\tfor _, certItem := range listCertificatesResp.ReturnObj {\n\t\t\t// 如果已存在相同证书,直接返回\n\t\t\tif xcert.EqualCertificatesFromPEM(certPEM, certItem.Certificate) {\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\tCertId: certItem.ID,\n\t\t\t\t\tCertName: certItem.Name,\n\t\t\t\t}, nil\n\t\t\t}\n\t\t}\n\t}\n\n\t// 生成新证书名(需符合天翼云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建证书\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=24&api=5685&data=88&isNormal=1&vid=82\n\tcreateCertificateReq := &ctyunelb.CreateCertificateRequest{\n\t\tClientToken: lo.ToPtr(security.RandomString(32)),\n\t\tRegionID: lo.ToPtr(c.config.RegionId),\n\t\tName: lo.ToPtr(certName),\n\t\tDescription: lo.ToPtr(\"upload from certimate\"),\n\t\tType: lo.ToPtr(\"Server\"),\n\t\tCertificate: lo.ToPtr(certPEM),\n\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t}\n\tcreateCertificateResp, err := c.sdkClient.CreateCertificateWithContext(ctx, createCertificateReq)\n\tc.logger.Debug(\"sdk request 'elb.CreateCertificate'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'elb.CreateCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: createCertificateResp.ReturnObj.ID,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunelb.Client, error) {\n\treturn ctyunelb.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-elb/ctcccloud_elb_test.go",
"content": "package ctcccloudelb_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-elb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegionId string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDELB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegionId, argsPrefix+\"REGIONID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_elb_test.go -args \\\n\t--CTCCCLOUDELB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDELB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDELB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDELB_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--CTCCCLOUDELB_REGIONID=\"your-region-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGIONID: %v\", fRegionId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegionId: fRegionId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-icdn/ctcccloud_icdn.go",
"content": "package ctcccloudicdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tctyunicdn \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/icdn\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunicdn.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=112&api=10838&data=173&isNormal=1&vid=166\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=112&api=10837&data=173&isNormal=1&vid=166\n\tqueryCertListPage := 1\n\tqueryCertListPerPage := 1000\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tqueryCertListReq := &ctyunicdn.QueryCertListRequest{\n\t\t\tPage: lo.ToPtr(int32(queryCertListPage)),\n\t\t\tPerPage: lo.ToPtr(int32(queryCertListPerPage)),\n\t\t\tUsageMode: lo.ToPtr(int32(0)),\n\t\t}\n\t\tqueryCertListResp, err := c.sdkClient.QueryCertListWithContext(ctx, queryCertListReq)\n\t\tc.logger.Debug(\"sdk request 'icdn.QueryCertList'\", slog.Any(\"request\", queryCertListReq), slog.Any(\"response\", queryCertListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'icdn.QueryCertList': %w\", err)\n\t\t}\n\n\t\tif queryCertListResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range queryCertListResp.ReturnObj.Results {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, certItem.CN) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书扩展名称\n\t\t\tif !slices.Equal(certX509.DNSNames, certItem.SANs) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\tif !certX509.NotBefore.Equal(time.Unix(certItem.IssueTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t} else if !certX509.NotAfter.Equal(time.Unix(certItem.ExpiresTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tqueryCertDetailReq := &ctyunicdn.QueryCertDetailRequest{\n\t\t\t\tId: lo.ToPtr(certItem.Id),\n\t\t\t}\n\t\t\tqueryCertDetailResp, err := c.sdkClient.QueryCertDetailWithContext(ctx, queryCertDetailReq)\n\t\t\tc.logger.Debug(\"sdk request 'icdn.QueryCertDetail'\", slog.Any(\"request\", queryCertDetailReq), slog.Any(\"response\", queryCertDetailResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'icdn.QueryCertDetail': %w\", err)\n\t\t\t} else if queryCertDetailResp.ReturnObj != nil && queryCertDetailResp.ReturnObj.Result != nil {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, queryCertDetailResp.ReturnObj.Result.Certs) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: fmt.Sprintf(\"%d\", queryCertDetailResp.ReturnObj.Result.Id),\n\t\t\t\tCertName: queryCertDetailResp.ReturnObj.Result.Name,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(queryCertListResp.ReturnObj.Results) < queryCertListPerPage {\n\t\t\tbreak\n\t\t}\n\n\t\tqueryCertListPage++\n\t}\n\n\t// 生成新证书名(需符合天翼云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建证书\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=112&api=10835&data=173&isNormal=1&vid=166\n\tcreateCertReq := &ctyunicdn.CreateCertRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCerts: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tcreateCertResp, err := c.sdkClient.CreateCertWithContext(ctx, createCertReq)\n\tc.logger.Debug(\"sdk request 'icdn.CreateCert'\", slog.Any(\"request\", createCertReq), slog.Any(\"response\", createCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'icdn.CreateCert': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", createCertResp.ReturnObj.Id),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunicdn.Client, error) {\n\treturn ctyunicdn.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-icdn/ctcccloud_icdn_test.go",
"content": "package ctcccloudicdn_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-icdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDICDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_icdn_test.go -args \\\n\t--CTCCCLOUDICDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDICDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDICDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDICDN_SECRETACCESSKEY=\"your-secret-access-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-lvdn/ctcccloud_lvdn.go",
"content": "package ctcccloudlvdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tctyunlvdn \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/lvdn\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunlvdn.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=125&api=11452&data=183&isNormal=1&vid=261\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=125&api=11449&data=183&isNormal=1&vid=261\n\tqueryCertListPage := 1\n\tqueryCertListPerPage := 1000\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tqueryCertListReq := &ctyunlvdn.QueryCertListRequest{\n\t\t\tPage: lo.ToPtr(int32(queryCertListPage)),\n\t\t\tPerPage: lo.ToPtr(int32(queryCertListPerPage)),\n\t\t\tUsageMode: lo.ToPtr(int32(0)),\n\t\t}\n\t\tqueryCertListResp, err := c.sdkClient.QueryCertListWithContext(ctx, queryCertListReq)\n\t\tc.logger.Debug(\"sdk request 'lvdn.QueryCertList'\", slog.Any(\"request\", queryCertListReq), slog.Any(\"response\", queryCertListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'lvdn.QueryCertList': %w\", err)\n\t\t}\n\n\t\tif queryCertListResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range queryCertListResp.ReturnObj.Results {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, certItem.CN) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书扩展名称\n\t\t\tif !slices.Equal(certX509.DNSNames, certItem.SANs) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\tif !certX509.NotBefore.Equal(time.Unix(certItem.IssueTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t} else if !certX509.NotAfter.Equal(time.Unix(certItem.ExpiresTime, 0).UTC()) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tqueryCertDetailReq := &ctyunlvdn.QueryCertDetailRequest{\n\t\t\t\tId: lo.ToPtr(certItem.Id),\n\t\t\t}\n\t\t\tqueryCertDetailResp, err := c.sdkClient.QueryCertDetailWithContext(ctx, queryCertDetailReq)\n\t\t\tc.logger.Debug(\"sdk request 'lvdn.QueryCertDetail'\", slog.Any(\"request\", queryCertDetailReq), slog.Any(\"response\", queryCertDetailResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'lvdn.QueryCertDetail': %w\", err)\n\t\t\t} else if queryCertDetailResp.ReturnObj != nil && queryCertDetailResp.ReturnObj.Result != nil {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, queryCertDetailResp.ReturnObj.Result.Certs) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: fmt.Sprintf(\"%d\", queryCertDetailResp.ReturnObj.Result.Id),\n\t\t\t\tCertName: queryCertDetailResp.ReturnObj.Result.Name,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(queryCertListResp.ReturnObj.Results) < queryCertListPerPage {\n\t\t\tbreak\n\t\t}\n\n\t\tqueryCertListPage++\n\t}\n\n\t// 生成新证书名(需符合天翼云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建证书\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=125&api=11436&data=183&isNormal=1&vid=261\n\tcreateCertReq := &ctyunlvdn.CreateCertRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCerts: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tcreateCertResp, err := c.sdkClient.CreateCertWithContext(ctx, createCertReq)\n\tc.logger.Debug(\"sdk request 'lvdn.CreateCert'\", slog.Any(\"request\", createCertReq), slog.Any(\"response\", createCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'lvdn.CreateCert': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", createCertResp.ReturnObj.Id),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunlvdn.Client, error) {\n\treturn ctyunlvdn.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ctcccloud-lvdn/ctcccloud_lvdn_test.go",
"content": "package ctcccloudlvdn_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-lvdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDLVDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_lvdn_test.go -args \\\n\t--CTCCCLOUDLVDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDLVDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDLVDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDLVDN_SECRETACCESSKEY=\"your-secret-access-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/dogecloud/dogecloud.go",
"content": "package dogecloud\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tdogesdk \"github.com/certimate-go/certimate/pkg/sdk3rd/dogecloud\"\n)\n\ntype CertmgrConfig struct {\n\t// 多吉云 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 多吉云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *dogesdk.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKey, config.SecretKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 生成新证书名(需符合多吉云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 上传新证书\n\t// REF: https://docs.dogecloud.com/cdn/api-cert-upload\n\tuploadSslCertReq := &dogesdk.UploadCdnCertRequest{\n\t\tNote: certName,\n\t\tCertificate: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t}\n\tuploadSslCertResp, err := c.sdkClient.UploadCdnCertWithContext(ctx, uploadSslCertReq)\n\tc.logger.Debug(\"sdk request 'cdn.UploadCdnCert'\", slog.Any(\"request\", uploadSslCertReq), slog.Any(\"response\", uploadSslCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.UploadCdnCert': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", uploadSslCertResp.Data.Id),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKey, secretKey string) (*dogesdk.Client, error) {\n\treturn dogesdk.NewClient(accessKey, secretKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/dokploy/dokploy.go",
"content": "package dokploy\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tdokploysdk \"github.com/certimate-go/certimate/pkg/sdk3rd/dokploy\"\n)\n\ntype CertmgrConfig struct {\n\t// Dokploy 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// Dokploy API Key。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *dokploysdk.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 查询证书列表,避免重复上传\n\t// REF: https://docs.dokploy.com/docs/api/certificates#certificates-all\n\tcertificatesAllReq := &dokploysdk.CertificatesAllRequest{}\n\tcertificatesAllResp, err := c.sdkClient.CertificatesAllWithContext(ctx, certificatesAllReq)\n\tc.logger.Debug(\"sdk request 'certificates.all'\", slog.Any(\"request\", certificatesAllReq), slog.Any(\"response\", certificatesAllResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'certificates.all': %w\", err)\n\t} else {\n\t\tfor _, certItem := range *certificatesAllResp {\n\t\t\tif certItem.CertificateData == certPEM && certItem.PrivateKey == privkeyPEM {\n\t\t\t\t// 如果已存在相同证书,直接返回\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\tCertId: certItem.CertificateId,\n\t\t\t\t\tCertName: certItem.Name,\n\t\t\t\t}, nil\n\t\t\t}\n\t\t}\n\t}\n\n\t// 获取账号信息,找到默认的组织 ID\n\t// REF: https://docs.dokploy.com/docs/api/reference-user#user.get\n\tuserGetReq := &dokploysdk.UserGetRequest{}\n\tuserGetResp, err := c.sdkClient.UserGetWithContext(ctx, userGetReq)\n\tc.logger.Debug(\"sdk request 'user.get'\", slog.Any(\"request\", userGetReq), slog.Any(\"response\", userGetResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'user.get': %w\", err)\n\t}\n\n\t// 创建证书\n\t// REF: https://docs.dokploy.com/docs/api/certificates#certificates-create\n\tcertificatesCreateReq := &dokploysdk.CertificatesCreateRequest{\n\t\tName: lo.ToPtr(fmt.Sprintf(\"certimate-%d\", time.Now().Unix())),\n\t\tCertificateData: lo.ToPtr(certPEM),\n\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\tOrganizationId: lo.ToPtr(userGetResp.OrganizationId),\n\t}\n\tcertificatesCreateResp, err := c.sdkClient.CertificatesCreateWithContext(ctx, certificatesCreateReq)\n\tc.logger.Debug(\"sdk request 'certificates.create'\", slog.Any(\"request\", certificatesCreateReq), slog.Any(\"response\", certificatesCreateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'certificates.create': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: certificatesCreateResp.CertificateId,\n\t\tCertName: certificatesCreateResp.Name,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*dokploysdk.Client, error) {\n\tclient, err := dokploysdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/dokploy/dokploy_test.go",
"content": "package dokploy_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/dokploy\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"DOKPLOY_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./dokploy_test.go -args \\\n\t--DOKPLOY_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--DOKPLOY_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--DOKPLOY_SERVERURL=\"http://127.0.0.1:3000\" \\\n\t--DOKPLOY_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/gcore-cdn/gcore_cdn.go",
"content": "package gcorecdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\tgcore \"github.com/G-Core/gcorelabscdn-go/gcore/provider\"\n\t\"github.com/G-Core/gcorelabscdn-go/sslcerts\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tgcoresdk \"github.com/certimate-go/certimate/pkg/sdk3rd/gcore\"\n)\n\ntype CertmgrConfig struct {\n\t// G-Core API Token。\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *sslcerts.Service\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 新增证书\n\t// REF: https://api.gcore.com/docs/cdn#tag/SSL-certificates/operation/add_ssl_certificates\n\tcreateCertificateReq := &sslcerts.CreateRequest{\n\t\tName: fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli()),\n\t\tCert: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t\tAutomated: false,\n\t\tValidateRootCA: false,\n\t}\n\tcreateCertificateResp, err := c.sdkClient.Create(ctx, createCertificateReq)\n\tc.logger.Debug(\"sdk request 'sslcerts.Create'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'sslcerts.Create': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", createCertificateResp.ID),\n\t\tCertName: createCertificateResp.Name,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(apiToken string) (*sslcerts.Service, error) {\n\tif apiToken == \"\" {\n\t\treturn nil, errors.New(\"gcore: invalid api token\")\n\t}\n\n\trequester := gcore.NewClient(\n\t\tgcoresdk.BASE_URL,\n\t\tgcore.WithSigner(gcoresdk.NewAuthRequestSigner(apiToken)),\n\t)\n\tservice := sslcerts.NewService(requester)\n\treturn service, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/huaweicloud-elb/huaweicloud_elb.go",
"content": "package huaweicloudelb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global\"\n\thcelb \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3\"\n\thcelbmodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model\"\n\thcelbregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region\"\n\thciam \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3\"\n\thciammodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model\"\n\thciamregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/huaweicloud-elb/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云企业项目 ID。\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n\t// 华为云区域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.ElbClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 查询已有证书,避免重复上传\n\t// REF: https://support.huaweicloud.com/api-elb/ListCertificates.html\n\tlistCertificatesMarker := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCertificatesReq := &hcelbmodel.ListCertificatesRequest{\n\t\t\tMarker: listCertificatesMarker,\n\t\t\tLimit: lo.ToPtr(int32(2000)),\n\t\t\tType: lo.ToPtr([]string{\"server\"}),\n\t\t}\n\t\tlistCertificatesResp, err := c.sdkClient.ListCertificates(listCertificatesReq)\n\t\tc.logger.Debug(\"sdk request 'elb.ListCertificates'\", slog.Any(\"request\", listCertificatesReq), slog.Any(\"response\", listCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'elb.ListCertificates': %w\", err)\n\t\t}\n\n\t\tif listCertificatesResp.Certificates == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range *listCertificatesResp.Certificates {\n\t\t\t// 如果已存在相同证书,直接返回\n\t\t\tif xcert.EqualCertificatesFromPEM(certPEM, certItem.Certificate) {\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\tCertId: certItem.Id,\n\t\t\t\t\tCertName: certItem.Name,\n\t\t\t\t}, nil\n\t\t\t}\n\t\t}\n\n\t\tif len(*listCertificatesResp.Certificates) == 0 || listCertificatesResp.PageInfo.NextMarker == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCertificatesMarker = listCertificatesResp.PageInfo.NextMarker\n\t}\n\n\t// 获取项目 ID\n\t// REF: https://support.huaweicloud.com/api-iam/iam_06_0001.html\n\tprojectId, err := getSDKProjectId(c.config.AccessKeyId, c.config.SecretAccessKey, c.config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to get SDK project id: %w\", err)\n\t}\n\n\t// 生成新证书名(需符合华为云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建新证书\n\t// REF: https://support.huaweicloud.com/api-elb/CreateCertificate.html\n\tcreateCertificateReq := &hcelbmodel.CreateCertificateRequest{\n\t\tBody: &hcelbmodel.CreateCertificateRequestBody{\n\t\t\tCertificate: &hcelbmodel.CreateCertificateOption{\n\t\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(c.config.EnterpriseProjectId),\n\t\t\t\tProjectId: lo.ToPtr(projectId),\n\t\t\t\tName: lo.ToPtr(certName),\n\t\t\t\tCertificate: lo.ToPtr(certPEM),\n\t\t\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\t\t},\n\t\t},\n\t}\n\tcreateCertificateResp, err := c.sdkClient.CreateCertificate(createCertificateReq)\n\tc.logger.Debug(\"sdk request 'elb.CreateCertificate'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'elb.CreateCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: createCertificateResp.Certificate.Id,\n\t\tCertName: createCertificateResp.Certificate.Name,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\t// 更新证书\n\t// REF: https://support.huaweicloud.com/api-elb/UpdateCertificate.html\n\tupdateCertificateReq := &hcelbmodel.UpdateCertificateRequest{\n\t\tCertificateId: certIdOrName,\n\t\tBody: &hcelbmodel.UpdateCertificateRequestBody{\n\t\t\tCertificate: &hcelbmodel.UpdateCertificateOption{\n\t\t\t\tCertificate: lo.ToPtr(certPEM),\n\t\t\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\t\t},\n\t\t},\n\t}\n\tupdateCertificateResp, err := c.sdkClient.UpdateCertificate(updateCertificateReq)\n\tc.logger.Debug(\"sdk request 'elb.UpdateCertificate'\", slog.Any(\"request\", updateCertificateReq), slog.Any(\"response\", updateCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'elb.UpdateCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*internal.ElbClient, error) {\n\tif region == \"\" {\n\t\tregion = \"cn-north-4\" // ELB 服务默认区域:华北四北京\n\t}\n\n\tauth, err := basic.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcRegion, err := hcelbregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcClient, err := hcelb.ElbClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewElbClient(hcClient)\n\treturn client, nil\n}\n\nfunc getSDKProjectId(accessKeyId, secretAccessKey, region string) (string, error) {\n\tif region == \"\" {\n\t\tregion = \"cn-north-4\" // IAM 服务默认区域:华北四北京\n\t}\n\n\tauth, err := global.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcRegion, err := hciamregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcClient, err := hciam.IamClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tclient := hciam.NewIamClient(hcClient)\n\n\trequest := &hciammodel.KeystoneListProjectsRequest{\n\t\tName: ®ion,\n\t}\n\tresponse, err := client.KeystoneListProjects(request)\n\tif err != nil {\n\t\treturn \"\", err\n\t} else if response.Projects == nil || len(*response.Projects) == 0 {\n\t\treturn \"\", errors.New(\"huaweicloud: no project found\")\n\t}\n\n\treturn (*response.Projects)[0].Id, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/huaweicloud-elb/internal/client.go",
"content": "package internal\n\nimport (\n\thttpclient \"github.com/huaweicloud/huaweicloud-sdk-go-v3/core\"\n\thwelb \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model\"\n)\n\n// This is a partial copy of https://github.com/huaweicloud/huaweicloud-sdk-go-v3/blob/master/services/elb/v3/elb_client.go\n// to lightweight the vendor packages in the built binary.\ntype ElbClient struct {\n\tHcClient *httpclient.HcHttpClient\n}\n\nfunc NewElbClient(hcClient *httpclient.HcHttpClient) *ElbClient {\n\treturn &ElbClient{HcClient: hcClient}\n}\n\nfunc (c *ElbClient) CreateCertificate(request *model.CreateCertificateRequest) (*model.CreateCertificateResponse, error) {\n\trequestDef := hwelb.GenReqDefForCreateCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.CreateCertificateResponse), nil\n\t}\n}\n\nfunc (c *ElbClient) ListCertificates(request *model.ListCertificatesRequest) (*model.ListCertificatesResponse, error) {\n\trequestDef := hwelb.GenReqDefForListCertificates()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListCertificatesResponse), nil\n\t}\n}\n\nfunc (c *ElbClient) UpdateCertificate(request *model.UpdateCertificateRequest) (*model.UpdateCertificateResponse, error) {\n\trequestDef := hwelb.GenReqDefForUpdateCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.UpdateCertificateResponse), nil\n\t}\n}\n"
},
{
"path": "pkg/core/certmgr/providers/huaweicloud-scm/huaweicloud_scm.go",
"content": "package huaweicloudscm\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic\"\n\thcscm \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3\"\n\thcscmmodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model\"\n\thcscmregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/huaweicloud-scm/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云企业项目 ID。\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n\t// 华为云区域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.ScmClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询已有证书,避免重复上传\n\t// REF: https://support.huaweicloud.com/api-ccm/ListCertificates.html\n\t// REF: https://support.huaweicloud.com/api-ccm/ExportCertificate_0.html\n\tlistCertificatesLimit := 50\n\tlistCertificatesOffset := 0\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCertificatesReq := &hcscmmodel.ListCertificatesRequest{\n\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(c.config.EnterpriseProjectId),\n\t\t\tLimit: lo.ToPtr(int32(listCertificatesLimit)),\n\t\t\tOffset: lo.ToPtr(int32(listCertificatesOffset)),\n\t\t\tSortDir: lo.ToPtr(\"DESC\"),\n\t\t\tSortKey: lo.ToPtr(\"certExpiredTime\"),\n\t\t}\n\t\tlistCertificatesResp, err := c.sdkClient.ListCertificates(listCertificatesReq)\n\t\tc.logger.Debug(\"sdk request 'scm.ListCertificates'\", slog.Any(\"request\", listCertificatesReq), slog.Any(\"response\", listCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'scm.ListCertificates': %w\", err)\n\t\t}\n\n\t\tif listCertificatesResp.Certificates == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range *listCertificatesResp.Certificates {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, certItem.Domain) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\tif certX509.NotAfter.Local().Format(time.DateTime) != strings.TrimSuffix(certItem.ExpireTime, \".0\") {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\texportCertificateReq := &hcscmmodel.ExportCertificateRequest{\n\t\t\t\tCertificateId: certItem.Id,\n\t\t\t}\n\t\t\texportCertificateResp, err := c.sdkClient.ExportCertificate(exportCertificateReq)\n\t\t\tc.logger.Debug(\"sdk request 'scm.ExportCertificate'\", slog.Any(\"request\", exportCertificateReq), slog.Any(\"response\", exportCertificateResp))\n\t\t\tif err != nil {\n\t\t\t\tif exportCertificateResp != nil && exportCertificateResp.HttpStatusCode == 404 {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'scm.ExportCertificate': %w\", err)\n\t\t\t} else {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, lo.FromPtr(exportCertificateResp.Certificate)) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: certItem.Id,\n\t\t\t\tCertName: certItem.Name,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(*listCertificatesResp.Certificates) < listCertificatesLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCertificatesOffset += listCertificatesLimit\n\t}\n\n\t// 生成新证书名(需符合华为云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 上传新证书\n\t// REF: https://support.huaweicloud.com/api-ccm/ImportCertificate.html\n\timportCertificateReq := &hcscmmodel.ImportCertificateRequest{\n\t\tBody: &hcscmmodel.ImportCertificateRequestBody{\n\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(c.config.EnterpriseProjectId),\n\t\t\tName: certName,\n\t\t\tCertificate: certPEM,\n\t\t\tPrivateKey: privkeyPEM,\n\t\t},\n\t}\n\timportCertificateResp, err := c.sdkClient.ImportCertificate(importCertificateReq)\n\tc.logger.Debug(\"sdk request 'scm.ImportCertificate'\", slog.Any(\"request\", importCertificateReq), slog.Any(\"response\", importCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'scm.ImportCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: *importCertificateResp.CertificateId,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*internal.ScmClient, error) {\n\tif region == \"\" {\n\t\tregion = \"cn-north-4\" // SCM 服务默认区域:华北四北京\n\t}\n\n\tauth, err := basic.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcRegion, err := hcscmregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcClient, err := hcscm.ScmClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewScmClient(hcClient)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/huaweicloud-scm/internal/client.go",
"content": "package internal\n\nimport (\n\thttpclient \"github.com/huaweicloud/huaweicloud-sdk-go-v3/core\"\n\thwscm \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model\"\n)\n\n// This is a partial copy of https://github.com/huaweicloud/huaweicloud-sdk-go-v3/blob/master/services/scm/v3/scm_client.go\n// to lightweight the vendor packages in the built binary.\ntype ScmClient struct {\n\tHcClient *httpclient.HcHttpClient\n}\n\nfunc NewScmClient(hcClient *httpclient.HcHttpClient) *ScmClient {\n\treturn &ScmClient{HcClient: hcClient}\n}\n\nfunc (c *ScmClient) ExportCertificate(request *model.ExportCertificateRequest) (*model.ExportCertificateResponse, error) {\n\trequestDef := hwscm.GenReqDefForExportCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ExportCertificateResponse), nil\n\t}\n}\n\nfunc (c *ScmClient) ImportCertificate(request *model.ImportCertificateRequest) (*model.ImportCertificateResponse, error) {\n\trequestDef := hwscm.GenReqDefForImportCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ImportCertificateResponse), nil\n\t}\n}\n\nfunc (c *ScmClient) ListCertificates(request *model.ListCertificatesRequest) (*model.ListCertificatesResponse, error) {\n\trequestDef := hwscm.GenReqDefForListCertificates()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListCertificatesResponse), nil\n\t}\n}\n"
},
{
"path": "pkg/core/certmgr/providers/huaweicloud-waf/huaweicloud_waf.go",
"content": "package huaweicloudwaf\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global\"\n\thciam \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3\"\n\thciammodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model\"\n\thciamregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region\"\n\thcwaf \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1\"\n\thcwafmodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model\"\n\thcwafregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/huaweicloud-waf/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云企业项目 ID。\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n\t// 华为云区域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.WafClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 查询已有证书,避免重复上传\n\t// REF: https://support.huaweicloud.com/api-waf/ListCertificates.html\n\t// REF: https://support.huaweicloud.com/api-waf/ShowCertificate.html\n\tlistCertificatesPage := 1\n\tlistCertificatesPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCertificatesReq := &hcwafmodel.ListCertificatesRequest{\n\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(c.config.EnterpriseProjectId),\n\t\t\tPage: lo.ToPtr(int32(listCertificatesPage)),\n\t\t\tPagesize: lo.ToPtr(int32(listCertificatesPageSize)),\n\t\t}\n\t\tlistCertificatesResp, err := c.sdkClient.ListCertificates(listCertificatesReq)\n\t\tc.logger.Debug(\"sdk request 'waf.ShowCertificate'\", slog.Any(\"request\", listCertificatesReq), slog.Any(\"response\", listCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'waf.ListCertificates': %w\", err)\n\t\t}\n\n\t\tif listCertificatesResp.Items == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range *listCertificatesResp.Items {\n\t\t\tshowCertificateReq := &hcwafmodel.ShowCertificateRequest{\n\t\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(c.config.EnterpriseProjectId),\n\t\t\t\tCertificateId: certItem.Id,\n\t\t\t}\n\t\t\tshowCertificateResp, err := c.sdkClient.ShowCertificate(showCertificateReq)\n\t\t\tc.logger.Debug(\"sdk request 'waf.ShowCertificate'\", slog.Any(\"request\", showCertificateReq), slog.Any(\"response\", showCertificateResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'waf.ShowCertificate': %w\", err)\n\t\t\t}\n\n\t\t\t// 如果已存在相同证书,直接返回\n\t\t\tif xcert.EqualCertificatesFromPEM(certPEM, lo.FromPtr(showCertificateResp.Content)) {\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\tCertId: certItem.Id,\n\t\t\t\t\tCertName: certItem.Name,\n\t\t\t\t}, nil\n\t\t\t}\n\t\t}\n\n\t\tif len(*listCertificatesResp.Items) < listCertificatesPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCertificatesPage++\n\t}\n\n\t// 生成新证书名(需符合华为云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建证书\n\t// REF: https://support.huaweicloud.com/api-waf/CreateCertificate.html\n\tcreateCertificateReq := &hcwafmodel.CreateCertificateRequest{\n\t\tEnterpriseProjectId: lo.EmptyableToPtr(c.config.EnterpriseProjectId),\n\t\tBody: &hcwafmodel.CreateCertificateRequestBody{\n\t\t\tName: certName,\n\t\t\tContent: certPEM,\n\t\t\tKey: privkeyPEM,\n\t\t},\n\t}\n\tcreateCertificateResp, err := c.sdkClient.CreateCertificate(createCertificateReq)\n\tc.logger.Debug(\"sdk request 'waf.CreateCertificate'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'waf.CreateCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: *createCertificateResp.Id,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*internal.WafClient, error) {\n\tprojectId, err := getSDKProjectId(accessKeyId, secretAccessKey, region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tauth, err := basic.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tWithProjectId(projectId).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcRegion, err := hcwafregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcClient, err := hcwaf.WafClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewWafClient(hcClient)\n\treturn client, nil\n}\n\nfunc getSDKProjectId(accessKeyId, secretAccessKey, region string) (string, error) {\n\tauth, err := global.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcRegion, err := hciamregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcClient, err := hciam.IamClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tclient := hciam.NewIamClient(hcClient)\n\n\trequest := &hciammodel.KeystoneListProjectsRequest{\n\t\tName: ®ion,\n\t}\n\tresponse, err := client.KeystoneListProjects(request)\n\tif err != nil {\n\t\treturn \"\", err\n\t} else if response.Projects == nil || len(*response.Projects) == 0 {\n\t\treturn \"\", errors.New(\"huaweicloud: no project found\")\n\t}\n\n\treturn (*response.Projects)[0].Id, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/huaweicloud-waf/internal/client.go",
"content": "package internal\n\nimport (\n\thttpclient \"github.com/huaweicloud/huaweicloud-sdk-go-v3/core\"\n\thwwaf \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model\"\n)\n\n// This is a partial copy of https://github.com/huaweicloud/huaweicloud-sdk-go-v3/blob/master/services/waf/v1/waf_client.go\n// to lightweight the vendor packages in the built binary.\ntype WafClient struct {\n\tHcClient *httpclient.HcHttpClient\n}\n\nfunc NewWafClient(hcClient *httpclient.HcHttpClient) *WafClient {\n\treturn &WafClient{HcClient: hcClient}\n}\n\nfunc (c *WafClient) CreateCertificate(request *model.CreateCertificateRequest) (*model.CreateCertificateResponse, error) {\n\trequestDef := hwwaf.GenReqDefForCreateCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.CreateCertificateResponse), nil\n\t}\n}\n\nfunc (c *WafClient) ListCertificates(request *model.ListCertificatesRequest) (*model.ListCertificatesResponse, error) {\n\trequestDef := hwwaf.GenReqDefForListCertificates()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListCertificatesResponse), nil\n\t}\n}\n\nfunc (c *WafClient) ShowCertificate(request *model.ShowCertificateRequest) (*model.ShowCertificateResponse, error) {\n\trequestDef := hwwaf.GenReqDefForShowCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ShowCertificateResponse), nil\n\t}\n}\n"
},
{
"path": "pkg/core/certmgr/providers/jdcloud-ssl/jdcloud_ssl.go",
"content": "package jdcloudssl\n\nimport (\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\tjdcore \"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tjdsslapi \"github.com/jdcloud-api/jdcloud-sdk-go/services/ssl/apis\"\n\tjdsslclient \"github.com/jdcloud-api/jdcloud-sdk-go/services/ssl/client\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 京东云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 京东云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *jdsslclient.SslClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 格式化私钥内容,以便后续计算私钥摘要\n\tprivkeyPEM = strings.TrimSpace(privkeyPEM)\n\tprivkeyPEM = strings.ReplaceAll(privkeyPEM, \"\\r\", \"\")\n\tprivkeyPEM = strings.ReplaceAll(privkeyPEM, \"\\n\", \"\\r\\n\")\n\tprivkeyPEM = privkeyPEM + \"\\r\\n\"\n\n\t// 查看证书列表\n\t// REF: https://docs.jdcloud.com/cn/ssl-certificate/api/describecerts\n\tdescribeCertsPageNumber := 1\n\tdescribeCertsPageSize := 10\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeCertsReq := jdsslapi.NewDescribeCertsRequestWithoutParam()\n\t\tdescribeCertsReq.SetDomainName(certX509.Subject.CommonName)\n\t\tdescribeCertsReq.SetPageNumber(describeCertsPageNumber)\n\t\tdescribeCertsReq.SetPageSize(describeCertsPageSize)\n\t\tdescribeCertsResp, err := c.sdkClient.DescribeCerts(describeCertsReq)\n\t\tc.logger.Debug(\"sdk request 'ssl.DescribeCerts'\", slog.Any(\"request\", describeCertsReq), slog.Any(\"response\", describeCertsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ssl.DescribeCerts': %w\", err)\n\t\t}\n\n\t\tfor _, certItem := range describeCertsResp.Result.CertListDetails {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, certItem.CommonName) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书多域名\n\t\t\tif !strings.EqualFold(strings.Join(certX509.DNSNames, \",\"), strings.Join(certItem.DnsNames, \",\")) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\toldCertNotBefore, _ := time.Parse(time.RFC3339, certItem.StartTime)\n\t\t\toldCertNotAfter, _ := time.Parse(time.RFC3339, certItem.EndTime)\n\t\t\tif !certX509.NotBefore.Equal(oldCertNotBefore) || !certX509.NotAfter.Equal(oldCertNotAfter) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比私钥 SHA-256 摘要\n\t\t\tnewKeyDigest := sha256.Sum256([]byte(privkeyPEM))\n\t\t\tnewKeyDigestHex := hex.EncodeToString(newKeyDigest[:])\n\t\t\tif !strings.EqualFold(newKeyDigestHex, certItem.Digest) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: certItem.CertId,\n\t\t\t\tCertName: certItem.CertName,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(describeCertsResp.Result.CertListDetails) < int(describeCertsPageSize) {\n\t\t\tbreak\n\t\t} else {\n\t\t\tdescribeCertsPageNumber++\n\t\t}\n\t}\n\n\t// 生成新证书名(需符合京东云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 上传证书\n\t// REF: https://docs.jdcloud.com/cn/ssl-certificate/api/uploadcert\n\tuploadCertReq := jdsslapi.NewUploadCertRequestWithoutParam()\n\tuploadCertReq.SetCertName(certName)\n\tuploadCertReq.SetCertFile(certPEM)\n\tuploadCertReq.SetKeyFile(privkeyPEM)\n\tuploadCertResp, err := c.sdkClient.UploadCert(uploadCertReq)\n\tc.logger.Debug(\"sdk request 'ssl.UploadCertificate'\", slog.Any(\"request\", uploadCertReq), slog.Any(\"response\", uploadCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ssl.UploadCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: uploadCertResp.Result.CertId,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*jdsslclient.SslClient, error) {\n\tclientCredentials := jdcore.NewCredentials(accessKeyId, accessKeySecret)\n\tclient := jdsslclient.NewSslClient(clientCredentials)\n\tclient.DisableLogger()\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/jdcloud-ssl/jdcloud_ssl_test.go",
"content": "package jdcloudssl_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/jdcloud-ssl\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n)\n\nfunc init() {\n\targsPrefix := \"JDCLOUDSSL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./jdcloud_ssl_test.go -args \\\n\t--JDCLOUDSSL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--JDCLOUDSSL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--JDCLOUDSSL_ACCESSKEYID=\"your-access-key-id\" \\\n\t--JDCLOUDSSL_ACCESSKEYSECRET=\"your-access-key-secret\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/nginxproxymanager/consts.go",
"content": "package nginxproxymanager\n\nconst (\n\tAUTH_METHOD_PASSWORD = \"password\"\n\tAUTH_METHOD_TOKEN = \"token\"\n)\n"
},
{
"path": "pkg/core/certmgr/providers/nginxproxymanager/nginxproxymanager.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tnpmsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/nginxproxymanager\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// NPM 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// NPM API 认证方式。\n\t// 可取值 \"password\"、\"token\"。\n\t// 零值时默认值 [AUTH_METHOD_PASSWORD]。\n\tAuthMethod string `json:\"authMethod,omitempty\"`\n\t// NPM 用户名。\n\tUsername string `json:\"username,omitempty\"`\n\t// NPM 密码。\n\tPassword string `json:\"password,omitempty\"`\n\t// NPM API Token。\n\tApiToken string `json:\"apiToken,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *npmsdk.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.AuthMethod, config.Username, config.Password, config.ApiToken, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 获取全部证书,避免重复上传\n\tlistCertificatesReq := &npmsdk.NginxListCertificatesRequest{}\n\tlistCertificatesResp, err := c.sdkClient.NginxListCertificatesWithContext(ctx, listCertificatesReq)\n\tc.logger.Debug(\"sdk request 'nginx.ListCertificates'\", slog.Any(\"request\", listCertificatesReq), slog.Any(\"response\", listCertificatesResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.ListCertificates': %w\", err)\n\t} else {\n\t\tfor _, certItem := range *listCertificatesResp {\n\t\t\tif certItem.Meta.Certificate == serverCertPEM &&\n\t\t\t\tcertItem.Meta.CertificateKey == privkeyPEM &&\n\t\t\t\tcertItem.Meta.IntermediateCertificate == intermediaCertPEM {\n\t\t\t\t// 如果已存在相同证书,直接返回\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\tCertId: fmt.Sprintf(\"%d\", certItem.Id),\n\t\t\t\t\tCertName: certItem.NiceName,\n\t\t\t\t}, nil\n\t\t\t}\n\t\t}\n\t}\n\n\t// 创建证书\n\tnginxCreateCertificateReq := &npmsdk.NginxCreateCertificateRequest{\n\t\tNiceName: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\tProvider: \"other\",\n\t}\n\tnginxCreateCertificateResp, err := c.sdkClient.NginxCreateCertificateWithContext(ctx, nginxCreateCertificateReq)\n\tc.logger.Debug(\"sdk request 'nginx.CreateCertificate'\", slog.Any(\"request\", nginxCreateCertificateReq), slog.Any(\"response\", nginxCreateCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.CreateCertificate': %w\", err)\n\t}\n\n\t// 上传证书文件\n\tngincxUploadCertificateReq := &npmsdk.NginxUploadCertificateRequest{\n\t\tCertificateMeta: npmsdk.CertificateMeta{\n\t\t\tCertificate: serverCertPEM,\n\t\t\tCertificateKey: privkeyPEM,\n\t\t\tIntermediateCertificate: intermediaCertPEM,\n\t\t},\n\t}\n\tngincxUploadCertificateResp, err := c.sdkClient.NginxUploadCertificateWithContext(ctx, nginxCreateCertificateResp.Id, ngincxUploadCertificateReq)\n\tc.logger.Debug(\"sdk request 'nginx.UploadCertificate'\", slog.Int64(\"request.certId\", nginxCreateCertificateResp.Id), slog.Any(\"request\", ngincxUploadCertificateReq), slog.Any(\"response\", ngincxUploadCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.UploadCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", nginxCreateCertificateResp.Id),\n\t\tCertName: nginxCreateCertificateResp.NiceName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\tcertId, err := strconv.ParseInt(certIdOrName, 10, 64)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 上传证书文件\n\tngincxUploadCertificateReq := &npmsdk.NginxUploadCertificateRequest{\n\t\tCertificateMeta: npmsdk.CertificateMeta{\n\t\t\tCertificate: serverCertPEM,\n\t\t\tCertificateKey: privkeyPEM,\n\t\t\tIntermediateCertificate: intermediaCertPEM,\n\t\t},\n\t}\n\tngincxUploadCertificateResp, err := c.sdkClient.NginxUploadCertificateWithContext(ctx, certId, ngincxUploadCertificateReq)\n\tc.logger.Debug(\"sdk request 'nginx.UploadCertificate'\", slog.Int64(\"request.certId\", certId), slog.Any(\"request\", ngincxUploadCertificateReq), slog.Any(\"response\", ngincxUploadCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.UploadCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nfunc createSDKClient(serverUrl, authMethod, username, password, apiToken string, skipTlsVerify bool) (*npmsdk.Client, error) {\n\tvar client *npmsdk.Client\n\tvar err error\n\n\tswitch authMethod {\n\tcase \"\", AUTH_METHOD_PASSWORD:\n\t\t{\n\t\t\tclient, err = npmsdk.NewClient(serverUrl, username, password)\n\t\t}\n\n\tcase AUTH_METHOD_TOKEN:\n\t\t{\n\t\t\tclient, err = npmsdk.NewClientWithJwtToken(serverUrl, apiToken)\n\t\t}\n\t}\n\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/nginxproxymanager/nginxproxymanager_test.go",
"content": "package nginxproxymanager_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/nginxproxymanager\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfUsername string\n\tfPassword string\n)\n\nfunc init() {\n\targsPrefix := \"NGINXPROXYMANAGER_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./nginxproxymanager_test.go -args \\\n\t--NGINXPROXYMANAGER_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--NGINXPROXYMANAGER_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--NGINXPROXYMANAGER_SERVERURL=\"http://127.0.0.1:81\" \\\n\t--NGINXPROXYMANAGER_USERNAME=\"your-username\" \\\n\t--NGINXPROXYMANAGER_PASSWORD=\"your-password\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tAuthMethod: provider.AUTH_METHOD_PASSWORD,\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/qiniu-sslcert/qiniu_sslcert.go",
"content": "package qiniusslcert\n\nimport (\n\t\"context\"\n\t\"crypto/x509\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"slices\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/qiniu/go-sdk/v7/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tqiniusdk \"github.com/certimate-go/certimate/pkg/sdk3rd/qiniu\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 七牛云 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 七牛云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *qiniusdk.SslCertManager\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKey, config.SecretKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 生成新证书名(需符合七牛云命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 查询已有证书,避免重复上传\n\tgetSslCertListMarker := \"\"\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetSslCertListResp, err := c.sdkClient.GetSslCertList(ctx, getSslCertListMarker, 200)\n\t\tc.logger.Debug(\"sdk request 'sslcert.GetList'\", slog.Any(\"request.marker\", getSslCertListMarker), slog.Any(\"response\", getSslCertListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'sslcert.GetList': %w\", err)\n\t\t}\n\n\t\tfor _, sslItem := range getSslCertListResp.Certs {\n\t\t\t// 对比证书通用名称\n\t\t\tif !strings.EqualFold(certX509.Subject.CommonName, sslItem.CommonName) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书多域名\n\t\t\tif !slices.Equal(certX509.DNSNames, sslItem.DnsNames) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\tif certX509.NotBefore.Unix() != sslItem.NotBefore || certX509.NotAfter.Unix() != sslItem.NotAfter {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书公钥算法\n\t\t\tswitch certX509.PublicKeyAlgorithm {\n\t\t\tcase x509.RSA:\n\t\t\t\tif !strings.EqualFold(sslItem.Encrypt, \"RSA\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.ECDSA:\n\t\t\t\tif !strings.EqualFold(sslItem.Encrypt, \"ECDSA\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.Ed25519:\n\t\t\t\tif !strings.EqualFold(sslItem.Encrypt, \"Ed25519\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tdefault:\n\t\t\t\t// 未知算法,跳过\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: sslItem.CertID,\n\t\t\t\tCertName: sslItem.Name,\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(getSslCertListResp.Certs) == 0 || getSslCertListResp.Marker == \"\" {\n\t\t\tbreak\n\t\t}\n\n\t\tgetSslCertListMarker = getSslCertListResp.Marker\n\t}\n\n\t// 上传新证书\n\t// REF: https://developer.qiniu.com/fusion/8593/interface-related-certificate\n\tuploadSslCertResp, err := c.sdkClient.UploadSslCert(ctx, certName, certX509.Subject.CommonName, certPEM, privkeyPEM)\n\tc.logger.Debug(\"sdk request 'sslcert.Upload'\", slog.Any(\"response\", uploadSslCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'sslcert.Upload': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: uploadSslCertResp.CertID,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKey, secretKey string) (*qiniusdk.SslCertManager, error) {\n\tif secretKey == \"\" {\n\t\treturn nil, errors.New(\"qiniu: invalid access key\")\n\t}\n\tif secretKey == \"\" {\n\t\treturn nil, errors.New(\"qiniu: invalid secret key\")\n\t}\n\n\tcredential := auth.New(accessKey, secretKey)\n\tclient := qiniusdk.NewSslCertManager(credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/qiniu-sslcert/qiniu_sslcert_test.go",
"content": "package qiniusslcert_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/qiniu-sslcert\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKey string\n\tfSecretKey string\n)\n\nfunc init() {\n\targsPrefix := \"QINIUSSLCERT_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./qiniu_sslcert_test.go -args \\\n\t--QINIUSSLCERT_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--QINIUSSLCERT_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--QINIUSSLCERT_ACCESSKEY=\"your-access-key\" \\\n\t--QINIUSSLCERT_SECRETKEY=\"your-secret-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKey: fAccessKey,\n\t\t\tSecretKey: fSecretKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/rainyun-sslcenter/rainyun_sslcenter.go",
"content": "package rainyunsslcenter\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\trainyunsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/rainyun\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 雨云 API 密钥。\n\tApiKey string `json:\"ApiKey\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *rainyunsdk.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 避免重复上传\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM); err != nil {\n\t\treturn nil, err\n\t} else if upok {\n\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\treturn upres, nil\n\t}\n\n\t// SSL 证书上传\n\t// REF: https://apifox.com/apidoc/shared/a4595cc8-44c5-4678-a2a3-eed7738dab03/api-69943046\n\tsslCenterCreateReq := &rainyunsdk.SslCenterCreateRequest{\n\t\tCert: certPEM,\n\t\tKey: privkeyPEM,\n\t}\n\tsslCenterCreateResp, err := c.sdkClient.SslCenterCreateWithContext(ctx, sslCenterCreateReq)\n\tc.logger.Debug(\"sdk request 'sslcenter.Create'\", slog.Any(\"request\", sslCenterCreateReq), slog.Any(\"response\", sslCenterCreateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'sslcenter.Create': %w\", err)\n\t}\n\n\t// 获取刚刚上传证书 ID\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM); err != nil {\n\t\treturn nil, err\n\t} else if !upok {\n\t\treturn nil, errors.New(\"could not find ssl certificate, may be upload failed\")\n\t} else {\n\t\treturn upres, nil\n\t}\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\tcertId, err := strconv.ParseInt(certIdOrName, 10, 64)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// SSL 证书替换操作\n\t// REF: https://s.apifox.cn/a4595cc8-44c5-4678-a2a3-eed7738dab03/api-69943049\n\tsslCenterUpdateReq := &rainyunsdk.SslCenterUpdateRequest{\n\t\tCert: certPEM,\n\t\tKey: privkeyPEM,\n\t}\n\tsslCenterUpdateResp, err := c.sdkClient.SslCenterUpdateWithContext(ctx, certId, sslCenterUpdateReq)\n\tc.logger.Debug(\"sdk request 'sslcenter.Update'\", slog.Int64(\"certId\", certId), slog.Any(\"request\", sslCenterUpdateReq), slog.Any(\"response\", sslCenterUpdateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'sslcenter.Update': %w\", err)\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nfunc (c *Certmgr) tryGetResultIfCertExists(ctx context.Context, certPEM string) (*certmgr.UploadResult, bool, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, false, err\n\t}\n\n\t// 获取 SSL 证书列表\n\t// REF: https://apifox.com/apidoc/shared/a4595cc8-44c5-4678-a2a3-eed7738dab03/api-69943046\n\t// REF: https://apifox.com/apidoc/shared/a4595cc8-44c5-4678-a2a3-eed7738dab03/api-69943048\n\tsslCenterListPage := 1\n\tsslCenterListPerPage := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, false, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tsslCenterListReq := &rainyunsdk.SslCenterListRequest{\n\t\t\tFilters: &rainyunsdk.SslCenterListFilters{\n\t\t\t\tDomain: &certX509.Subject.CommonName,\n\t\t\t},\n\t\t\tPage: lo.ToPtr(int32(sslCenterListPage)),\n\t\t\tPerPage: lo.ToPtr(int32(sslCenterListPerPage)),\n\t\t}\n\t\tsslCenterListResp, err := c.sdkClient.SslCenterListWithContext(ctx, sslCenterListReq)\n\t\tc.logger.Debug(\"sdk request 'sslcenter.List'\", slog.Any(\"request\", sslCenterListReq), slog.Any(\"response\", sslCenterListResp))\n\t\tif err != nil {\n\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request 'sslcenter.List': %w\", err)\n\t\t}\n\n\t\tif sslCenterListResp.Data == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, sslItem := range sslCenterListResp.Data.Records {\n\t\t\t// 对比证书的多域名\n\t\t\tif sslItem.Domain != strings.Join(certX509.DNSNames, \", \") {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书的有效期\n\t\t\tif sslItem.StartDate != certX509.NotBefore.Unix() || sslItem.ExpireDate != certX509.NotAfter.Unix() {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书内容\n\t\t\tsslCenterGetResp, err := c.sdkClient.SslCenterGetWithContext(ctx, sslItem.ID)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request 'sslcenter.Get': %w\", err)\n\t\t\t} else {\n\t\t\t\tif !xcert.EqualCertificatesFromPEM(certPEM, sslCenterGetResp.Data.Cert) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: fmt.Sprintf(\"%d\", sslItem.ID),\n\t\t\t}, true, nil\n\t\t}\n\n\t\tif len(sslCenterListResp.Data.Records) < sslCenterListPerPage {\n\t\t\tbreak\n\t\t}\n\n\t\tsslCenterListPage++\n\t}\n\n\treturn nil, false, nil\n}\n\nfunc createSDKClient(apiKey string) (*rainyunsdk.Client, error) {\n\treturn rainyunsdk.NewClient(apiKey)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/rainyun-sslcenter/rainyun_sslcenter_test.go",
"content": "package rainyunsslcenter_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/rainyun-sslcenter\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"RAINYUNSSLCENTER_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./rainyun_sslcenter_test.go -args \\\n\t--RAINYUNSSLCENTER_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--RAINYUNSSLCENTER_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--RAINYUNSSLCENTER_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tApiKey: fApiKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/tencentcloud-ssl/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/ssl/v20191205/client.go\n// to lightweight the vendor packages in the built binary.\ntype SslClient struct {\n\tcommon.Client\n}\n\nfunc NewSslClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *SslClient, err error) {\n\tclient = &SslClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *SslClient) UploadCertificate(request *tcssl.UploadCertificateRequest) (response *tcssl.UploadCertificateResponse, err error) {\n\treturn c.UploadCertificateWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) UploadCertificateWithContext(ctx context.Context, request *tcssl.UploadCertificateRequest) (response *tcssl.UploadCertificateResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewUploadCertificateRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"UploadCertificate\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"UploadCertificate require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewUploadCertificateResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/certmgr/providers/tencentcloud-ssl/tencentcloud_ssl.go",
"content": "package tencentcloudssl\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl/internal\"\n)\n\ntype CertmgrConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.SslClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 上传新证书\n\t// REF: https://cloud.tencent.com/document/api/400/41665\n\tuploadCertificateReq := tcssl.NewUploadCertificateRequest()\n\tuploadCertificateReq.CertificatePublicKey = common.StringPtr(certPEM)\n\tuploadCertificateReq.CertificatePrivateKey = common.StringPtr(privkeyPEM)\n\tuploadCertificateReq.Repeatable = common.BoolPtr(false)\n\tuploadCertificateResp, err := c.sdkClient.UploadCertificate(uploadCertificateReq)\n\tc.logger.Debug(\"sdk request 'ssl.UploadCertificate'\", slog.Any(\"request\", uploadCertificateReq), slog.Any(\"response\", uploadCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ssl.UploadCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: *uploadCertificateResp.Response.CertificateId,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint string) (*internal.SslClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewSslClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/tencentcloud-ssl/tencentcloud_ssl_test.go",
"content": "package tencentcloudssl_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDSSL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_ssl_test.go -args \\\n\t--TENCENTCLOUDSSL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDSSL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDSSL_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDSSL_SECRETKEY=\"your-secret-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ucloud-ulb/ucloud_ulb.go",
"content": "package ucloudulb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/ulb\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n\t// 优刻得地域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.ULBClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 避免重复上传\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM, privkeyPEM); err != nil {\n\t\treturn nil, err\n\t} else if upok {\n\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\treturn upres, nil\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 生成新证书名(需符合优刻得命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 创建 SSL 证书\n\t// REF: https://docs.ucloud.cn/api/ulb-api/create_ssl\n\tcreateSSLReq := c.sdkClient.NewCreateSSLRequest()\n\tcreateSSLReq.SSLName = ucloud.String(certName)\n\tcreateSSLReq.SSLType = ucloud.String(\"Pem\")\n\tcreateSSLReq.UserCert = ucloud.String(serverCertPEM)\n\tcreateSSLReq.CaCert = ucloud.String(intermediaCertPEM)\n\tcreateSSLReq.PrivateKey = ucloud.String(privkeyPEM)\n\tcreateSSLResp, err := c.sdkClient.CreateSSL(createSSLReq)\n\tc.logger.Debug(\"sdk request 'ulb.CreateSSL'\", slog.Any(\"request\", createSSLReq), slog.Any(\"response\", createSSLResp))\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: createSSLResp.SSLId,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc (c *Certmgr) tryGetResultIfCertExists(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, bool, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, false, err\n\t}\n\n\t// 获取 SSL 证书信息\n\t// REF: https://docs.ucloud.cn/api/ulb-api/describe_ssl\n\tdescribeSSLOffset := 0\n\tdescribeSSLLimit := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, false, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeSSLReq := c.sdkClient.NewDescribeSSLRequest()\n\t\tdescribeSSLReq.Offset = ucloud.Int(describeSSLOffset)\n\t\tdescribeSSLReq.Limit = ucloud.Int(describeSSLLimit)\n\t\tdescribeSSLResp, err := c.sdkClient.DescribeSSL(describeSSLReq)\n\t\tc.logger.Debug(\"sdk request 'ulb.DescribeSSL'\", slog.Any(\"request\", describeSSLReq), slog.Any(\"response\", describeSSLResp))\n\t\tif err != nil {\n\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request 'ulb.DescribeSSL': %w\", err)\n\t\t}\n\n\t\tfor _, sslItem := range describeSSLResp.DataSet {\n\t\t\t// 对比证书有效期\n\t\t\tif int64(sslItem.NotBefore) != certX509.NotBefore.Unix() || int64(sslItem.NotAfter) != certX509.NotAfter.Unix() {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书及私钥内容\n\t\t\t// 按照“网站证书、私钥、中间证书”的方式拼接\n\t\t\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t} else {\n\t\t\t\toldSSLContent := sslItem.SSLContent\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \"\\r\", \"\")\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \"\\n\", \"\")\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \"\\t\", \"\")\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \" \", \"\")\n\n\t\t\t\tnewSSLContent := serverCertPEM + privkeyPEM + intermediaCertPEM\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \"\\r\", \"\")\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \"\\n\", \"\")\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \"\\t\", \"\")\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \" \", \"\")\n\n\t\t\t\tif oldSSLContent != newSSLContent {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: sslItem.SSLId,\n\t\t\t\tCertName: sslItem.SSLName,\n\t\t\t}, true, nil\n\t\t}\n\n\t\tif len(describeSSLResp.DataSet) < describeSSLLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeSSLOffset += describeSSLLimit\n\t}\n\n\treturn nil, false, nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId, region string) (*ucloudsdk.ULBClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\tcfg.Region = region\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ucloud-ulb/ucloud_ulb_test.go",
"content": "package ucloudulb_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-ulb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n\tfRegion string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDULB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_ulb_test.go -args \\\n\t--UCLOUDULB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDULB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDULB_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDULB_PUBLICKEY=\"your-public-key\" \\\n\t--UCLOUDULB_REGION=\"cn-bj2\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t\tRegion: fRegion,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ucloud-upathx/ucloud_upathx.go",
"content": "package ucloudulb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/ucloud/ucloud-sdk-go/services/uaccount\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/upathx\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.UPathXClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 避免重复上传\n\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM, privkeyPEM); err != nil {\n\t\treturn nil, err\n\t} else if upok {\n\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\treturn upres, nil\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 生成新证书名(需符合优刻得命名规则)\n\tcertName := fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())\n\n\t// 创建证书\n\t// REF: https://docs.ucloud.cn/api/pathx-api/create_path_xssl\n\tcreatePathXSSLReq := c.sdkClient.NewCreatePathXSSLRequest()\n\tcreatePathXSSLReq.SSLName = ucloud.String(certName)\n\tcreatePathXSSLReq.SSLType = ucloud.String(\"Pem\")\n\tcreatePathXSSLReq.UserCert = ucloud.String(serverCertPEM)\n\tcreatePathXSSLReq.CACert = ucloud.String(intermediaCertPEM)\n\tcreatePathXSSLReq.PrivateKey = ucloud.String(privkeyPEM)\n\tcreatePathXSSLResp, err := c.sdkClient.CreatePathXSSL(createPathXSSLReq)\n\tc.logger.Debug(\"sdk request 'pathx.CreatePathXSSL'\", slog.Any(\"request\", createPathXSSLReq), slog.Any(\"response\", createPathXSSLResp))\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: createPathXSSLResp.SSLId,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc (c *Certmgr) tryGetResultIfCertExists(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, bool, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, false, err\n\t}\n\n\t// 获取证书信息\n\t// REF: https://docs.ucloud.cn/api/pathx-api/describe_path_xssl\n\tdescribePathXSSLOffset := 0\n\tdescribePathXSSLLimit := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, false, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribePathXSSLReq := c.sdkClient.NewDescribePathXSSLRequest()\n\t\tdescribePathXSSLReq.Offset = ucloud.Int(describePathXSSLOffset)\n\t\tdescribePathXSSLReq.Limit = ucloud.Int(describePathXSSLLimit)\n\t\tdescribePathXSSLResp, err := c.sdkClient.DescribePathXSSL(describePathXSSLReq)\n\t\tc.logger.Debug(\"sdk request 'pathx.DescribePathXSSL'\", slog.Any(\"request\", describePathXSSLReq), slog.Any(\"response\", describePathXSSLResp))\n\t\tif err != nil {\n\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request 'pathx.DescribePathXSSL': %w\", err)\n\t\t}\n\n\t\tfor _, sslItem := range describePathXSSLResp.DataSet {\n\t\t\t// 对比证书有效期\n\t\t\tif int64(sslItem.ExpireTime) != certX509.NotAfter.Unix() {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书及私钥内容\n\t\t\t// 按照“私钥、证书链”的方式拼接\n\t\t\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t} else {\n\t\t\t\toldSSLContent := sslItem.SSLContent\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \"\\r\", \"\")\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \"\\n\", \"\")\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \"\\t\", \"\")\n\t\t\t\toldSSLContent = strings.ReplaceAll(oldSSLContent, \" \", \"\")\n\n\t\t\t\tnewSSLContent := privkeyPEM + serverCertPEM + intermediaCertPEM\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \"\\r\", \"\")\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \"\\n\", \"\")\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \"\\t\", \"\")\n\t\t\t\tnewSSLContent = strings.ReplaceAll(newSSLContent, \" \", \"\")\n\n\t\t\t\tif oldSSLContent != newSSLContent {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: sslItem.SSLId,\n\t\t\t\tCertName: sslItem.SSLName,\n\t\t\t}, true, nil\n\t\t}\n\n\t\tif len(describePathXSSLResp.DataSet) < describePathXSSLLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribePathXSSLOffset += describePathXSSLLimit\n\t}\n\n\treturn nil, false, nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId string) (*ucloudsdk.UPathXClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, errors.New(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, errors.New(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\n\t// PathX 相关接口要求必传 ProjectId 参数\n\tif cfg.ProjectId == \"\" {\n\t\tdefaultProjectId, err := getSDKDefaultProjectId(privateKey, publicKey)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tcfg.ProjectId = defaultProjectId\n\t}\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n\nfunc getSDKDefaultProjectId(privateKey, publicKey string) (string, error) {\n\tcfg := ucloud.NewConfig()\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := uaccount.NewClient(&cfg, &credential)\n\n\trequest := client.NewGetProjectListRequest()\n\tresponse, err := client.GetProjectList(request)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tfor _, projectItem := range response.ProjectSet {\n\t\tif projectItem.IsDefault {\n\t\t\treturn projectItem.ProjectId, nil\n\t\t}\n\t}\n\n\treturn \"\", errors.New(\"ucloud: no default project found\")\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ucloud-upathx/ucloud_upathx_test.go",
"content": "package ucloudulb_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-upathx\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUPATHX_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_upathx_test.go -args \\\n\t--UCLOUDUPATHX_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUPATHX_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUPATHX_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUPATHX_PUBLICKEY=\"your-public-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ucloud-ussl/ucloud_ussl.go",
"content": "package ucloudussl\n\nimport (\n\t\"context\"\n\t\"crypto/md5\"\n\t\"crypto/x509\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/ussl\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.USSLClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 生成新证书名(需符合优刻得命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 生成优刻得所需的证书参数\n\tcertPEMBase64 := base64.StdEncoding.EncodeToString([]byte(certPEM))\n\tprivkeyPEMBase64 := base64.StdEncoding.EncodeToString([]byte(privkeyPEM))\n\tcertMd5 := md5.Sum([]byte(certPEMBase64 + privkeyPEMBase64))\n\tcertMd5Hex := hex.EncodeToString(certMd5[:])\n\n\t// 上传托管证书\n\t// REF: https://docs.ucloud.cn/api/usslcertificate-api/upload_normal_certificate\n\tuploadNormalCertificateReq := c.sdkClient.NewUploadNormalCertificateRequest()\n\tuploadNormalCertificateReq.CertificateName = ucloud.String(certName)\n\tuploadNormalCertificateReq.SslPublicKey = ucloud.String(certPEMBase64)\n\tuploadNormalCertificateReq.SslPrivateKey = ucloud.String(privkeyPEMBase64)\n\tuploadNormalCertificateReq.SslMD5 = ucloud.String(certMd5Hex)\n\tuploadNormalCertificateResp, err := c.sdkClient.UploadNormalCertificate(uploadNormalCertificateReq)\n\tc.logger.Debug(\"sdk request 'ussl.UploadNormalCertificate'\", slog.Any(\"request\", uploadNormalCertificateReq), slog.Any(\"response\", uploadNormalCertificateResp))\n\tif err != nil {\n\t\tif uploadNormalCertificateResp != nil && uploadNormalCertificateResp.GetRetCode() == 80035 {\n\t\t\tif upres, upok, err := c.tryGetResultIfCertExists(ctx, certPEM); err != nil {\n\t\t\t\treturn nil, err\n\t\t\t} else if !upok {\n\t\t\t\treturn nil, errors.New(\"could not find ssl certificate, may be upload failed\")\n\t\t\t} else {\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn upres, nil\n\t\t\t}\n\t\t}\n\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ussl.UploadNormalCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: fmt.Sprintf(\"%d\", uploadNormalCertificateResp.CertificateID),\n\t\tCertName: certName,\n\t\tExtendedData: map[string]any{\n\t\t\t\"ResourceId\": uploadNormalCertificateResp.LongResourceID,\n\t\t},\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc (c *Certmgr) tryGetResultIfCertExists(ctx context.Context, certPEM string) (*certmgr.UploadResult, bool, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, false, err\n\t}\n\n\t// 查询用户证书列表\n\t// REF: https://docs.ucloud.cn/api/usslcertificate-api/get_certificate_list\n\t// REF: https://docs.ucloud.cn/api/usslcertificate-api/download_certificate\n\tgetCertificateListPage := 1\n\tgetCertificateListLimit := 1000\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, false, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetCertificateListReq := c.sdkClient.NewGetCertificateListRequest()\n\t\tgetCertificateListReq.Mode = ucloud.String(\"trust\")\n\t\tgetCertificateListReq.Domain = ucloud.String(certX509.Subject.CommonName)\n\t\tgetCertificateListReq.Sort = ucloud.String(\"2\")\n\t\tgetCertificateListReq.Page = ucloud.Int(getCertificateListPage)\n\t\tgetCertificateListReq.PageSize = ucloud.Int(getCertificateListLimit)\n\t\tgetCertificateListResp, err := c.sdkClient.GetCertificateList(getCertificateListReq)\n\t\tc.logger.Debug(\"sdk request 'ussl.GetCertificateList'\", slog.Any(\"request\", getCertificateListReq), slog.Any(\"response\", getCertificateListResp))\n\t\tif err != nil {\n\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request 'ussl.GetCertificateList': %w\", err)\n\t\t}\n\n\t\tfor _, certItem := range getCertificateListResp.CertificateList {\n\t\t\t// 优刻得未提供可唯一标识证书的字段,只能通过多个字段尝试对比来判断是否为同一证书\n\t\t\t// 先分别对比证书的多域名、品牌、有效期,再对比签名算法\n\n\t\t\tif len(certX509.DNSNames) == 0 || certItem.Domains != strings.Join(certX509.DNSNames, \",\") {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tif len(certX509.Issuer.Organization) == 0 || certItem.Brand != certX509.Issuer.Organization[0] {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tif int64(certItem.NotBefore) != certX509.NotBefore.UnixMilli() || int64(certItem.NotAfter) != certX509.NotAfter.UnixMilli() {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tgetCertificateDetailInfoReq := c.sdkClient.NewGetCertificateDetailInfoRequest()\n\t\t\tgetCertificateDetailInfoReq.CertificateID = ucloud.Int(certItem.CertificateID)\n\t\t\tgetCertificateDetailInfoResp, err := c.sdkClient.GetCertificateDetailInfo(getCertificateDetailInfoReq)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, false, fmt.Errorf(\"failed to execute sdk request 'ussl.GetCertificateDetailInfo': %w\", err)\n\t\t\t}\n\n\t\t\tswitch certX509.SignatureAlgorithm {\n\t\t\tcase x509.SHA256WithRSA:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"SHA256-RSA\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.SHA384WithRSA:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"SHA384-RSA\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.SHA512WithRSA:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"SHA512-RSA\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.SHA256WithRSAPSS:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"SHA256-RSAPSS\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.SHA384WithRSAPSS:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"SHA384-RSAPSS\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.SHA512WithRSAPSS:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"SHA512-RSAPSS\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.ECDSAWithSHA256:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"ECDSA-SHA256\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.ECDSAWithSHA384:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"ECDSA-SHA384\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tcase x509.ECDSAWithSHA512:\n\t\t\t\tif !strings.EqualFold(getCertificateDetailInfoResp.CertificateInfo.Algorithm, \"ECDSA-SHA512\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\tdefault:\n\t\t\t\t// 未知签名算法,跳过\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: fmt.Sprintf(\"%d\", certItem.CertificateID),\n\t\t\t\tCertName: certItem.Name,\n\t\t\t\tExtendedData: map[string]any{\n\t\t\t\t\t\"ResourceId\": certItem.CertificateSN,\n\t\t\t\t},\n\t\t\t}, true, nil\n\t\t}\n\n\t\tif len(getCertificateListResp.CertificateList) < getCertificateListLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tgetCertificateListPage++\n\t}\n\n\treturn nil, false, nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId string) (*ucloudsdk.USSLClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/ucloud-ussl/ucloud_ussl_test.go",
"content": "package ucloudussl_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-ussl\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUSSL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_ussl_test.go -args \\\n\t--UCLOUDUSSL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUSSL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUSSL_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUSSL_PUBLICKEY=\"your-public-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/upyun-ssl/upyun_ssl.go",
"content": "package upyunssl\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tupyunsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/upyun/console\"\n)\n\ntype CertmgrConfig struct {\n\t// 又拍云账号用户名。\n\tUsername string `json:\"username\"`\n\t// 又拍云账号密码。\n\tPassword string `json:\"password\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *upyunsdk.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.Username, config.Password)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 上传证书\n\tuploadHttpsCertificateReq := &upyunsdk.UploadHttpsCertificateRequest{\n\t\tCertificate: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t}\n\tuploadHttpsCertificateResp, err := c.sdkClient.UploadHttpsCertificateWithContext(ctx, uploadHttpsCertificateReq)\n\tc.logger.Debug(\"sdk request 'console.UploadHttpsCertificate'\", slog.Any(\"response\", uploadHttpsCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'console.UploadHttpsCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: uploadHttpsCertificateResp.Data.Result.CertificateId,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(username, password string) (*upyunsdk.Client, error) {\n\treturn upyunsdk.NewClient(username, password)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/upyun-ssl/upyun_ssl_test.go",
"content": "package upyunssl_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/upyun-ssl\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfUsername string\n\tfPassword string\n)\n\nfunc init() {\n\targsPrefix := \"UPYUNSSL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./upyun_ssl_test.go -args \\\n\t--UPYUNSSL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UPYUNSSL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UPYUNSSL_USERNAME=\"your-username\" \\\n\t--UPYUNSSL_PASSWORD=\"your-password\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/volcengine-cdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"github.com/volcengine/volcengine-go-sdk/service/cdn\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/request\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery\"\n)\n\n// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/cdn/service_cdn.go\n// to lightweight the vendor packages in the built binary.\ntype CdnClient struct {\n\t*client.Client\n}\n\nfunc NewCdnClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *CdnClient {\n\tc := p.ClientConfig(cdn.EndpointsID, cfgs...)\n\treturn newCdnClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)\n}\n\nfunc newCdnClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CdnClient {\n\tsvc := &CdnClient{\n\t\tClient: client.New(\n\t\t\tcfg,\n\t\t\tmetadata.ClientInfo{\n\t\t\t\tServiceName: cdn.ServiceName,\n\t\t\t\tServiceID: cdn.ServiceID,\n\t\t\t\tSigningName: signingName,\n\t\t\t\tSigningRegion: signingRegion,\n\t\t\t\tEndpoint: endpoint,\n\t\t\t\tAPIVersion: \"2021-03-01\",\n\t\t\t},\n\t\t\thandlers,\n\t\t),\n\t}\n\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)\n\tsvc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)\n\tsvc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)\n\tsvc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)\n\tsvc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)\n\tsvc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)\n\n\treturn svc\n}\n\nfunc (c *CdnClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {\n\treq := c.NewRequest(op, params, data)\n\n\treturn req\n}\n\nfunc (c *CdnClient) AddCertificate(input *cdn.AddCertificateInput) (*cdn.AddCertificateOutput, error) {\n\treq, out := c.AddCertificateRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *CdnClient) AddCertificateRequest(input *cdn.AddCertificateInput) (req *request.Request, output *cdn.AddCertificateOutput) {\n\top := &request.Operation{\n\t\tName: \"AddCertificate\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &cdn.AddCertificateInput{}\n\t}\n\n\toutput = &cdn.AddCertificateOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n\nfunc (c *CdnClient) ListCertInfo(input *cdn.ListCertInfoInput) (*cdn.ListCertInfoOutput, error) {\n\treq, out := c.ListCertInfoRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *CdnClient) ListCertInfoRequest(input *cdn.ListCertInfoInput) (req *request.Request, output *cdn.ListCertInfoOutput) {\n\top := &request.Operation{\n\t\tName: \"ListCertInfo\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &cdn.ListCertInfoInput{}\n\t}\n\n\toutput = &cdn.ListCertInfoOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n"
},
{
"path": "pkg/core/certmgr/providers/volcengine-cdn/volcengine_cdn.go",
"content": "package volcenginecdn\n\nimport (\n\t\"context\"\n\t\"crypto/sha1\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\tvecdn \"github.com/volcengine/volcengine-go-sdk/service/cdn\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\tvesession \"github.com/volcengine/volcengine-go-sdk/volcengine/session\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-cdn/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CdnClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://www.volcengine.com/docs/6454/125709\n\tlistCertInfoPageNum := 1\n\tlistCertInfoPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCertInfoReq := &vecdn.ListCertInfoInput{\n\t\t\tSource: ve.String(\"volc_cert_center\"),\n\t\t\tPageNum: ve.Int32(int32(listCertInfoPageNum)),\n\t\t\tPageSize: ve.Int32(int32(listCertInfoPageSize)),\n\t\t}\n\t\tlistCertInfoResp, err := c.sdkClient.ListCertInfo(listCertInfoReq)\n\t\tc.logger.Debug(\"sdk request 'cdn.ListCertInfo'\", slog.Any(\"request\", listCertInfoReq), slog.Any(\"response\", listCertInfoResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.ListCertInfo': %w\", err)\n\t\t}\n\n\t\tfor _, certItem := range listCertInfoResp.CertInfo {\n\t\t\t// 对比证书 SHA-1 摘要\n\t\t\tfingerprintSha1 := sha1.Sum(certX509.Raw)\n\t\t\tif !strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), ve.StringValue(certItem.CertFingerprint.Sha1)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书 SHA-256 摘要\n\t\t\tfingerprintSha256 := sha256.Sum256(certX509.Raw)\n\t\t\tif !strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), ve.StringValue(certItem.CertFingerprint.Sha256)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: ve.StringValue(certItem.CertId),\n\t\t\t\tCertName: ve.StringValue(certItem.Desc),\n\t\t\t}, nil\n\t\t}\n\n\t\tif len(listCertInfoResp.CertInfo) < listCertInfoPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCertInfoPageNum++\n\t}\n\n\t// 生成新证书名(需符合火山引擎命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 上传新证书\n\t// REF: https://www.volcengine.com/docs/6454/1245763\n\taddCertificateReq := &vecdn.AddCertificateInput{\n\t\tSource: ve.String(\"volc_cert_center\"),\n\t\tCertificate: ve.String(certPEM),\n\t\tPrivateKey: ve.String(privkeyPEM),\n\t\tDesc: ve.String(certName),\n\t}\n\taddCertificateResp, err := c.sdkClient.AddCertificate(addCertificateReq)\n\tc.logger.Debug(\"sdk request 'cdn.AddCertificate'\", slog.Any(\"request\", addCertificateResp), slog.Any(\"response\", addCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.AddCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: ve.StringValue(addCertificateResp.CertId),\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.CdnClient, error) {\n\tconfig := ve.NewConfig().\n\t\tWithAkSk(accessKeyId, accessKeySecret).\n\t\tWithRegion(\"cn-north-1\")\n\n\tsession, err := vesession.NewSession(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewCdnClient(session)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/volcengine-certcenter/internal/client.go",
"content": "package internal\n\nimport (\n\t\"github.com/volcengine/volcengine-go-sdk/service/certificateservice\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/request\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery\"\n)\n\n// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/certificateservice/service_certificateservice.go\n// to lightweight the vendor packages in the built binary.\ntype CertificateserviceClient struct {\n\t*client.Client\n}\n\nfunc NewCertificateserviceClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *CertificateserviceClient {\n\tc := p.ClientConfig(certificateservice.EndpointsID, cfgs...)\n\treturn newCertificateserviceClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)\n}\n\nfunc newCertificateserviceClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CertificateserviceClient {\n\tsvc := &CertificateserviceClient{\n\t\tClient: client.New(\n\t\t\tcfg,\n\t\t\tmetadata.ClientInfo{\n\t\t\t\tServiceName: certificateservice.ServiceName,\n\t\t\t\tServiceID: certificateservice.ServiceID,\n\t\t\t\tSigningName: signingName,\n\t\t\t\tSigningRegion: signingRegion,\n\t\t\t\tEndpoint: endpoint,\n\t\t\t\tAPIVersion: \"2024-10-01\",\n\t\t\t},\n\t\t\thandlers,\n\t\t),\n\t}\n\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)\n\tsvc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)\n\tsvc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)\n\tsvc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)\n\tsvc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)\n\tsvc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)\n\n\treturn svc\n}\n\nfunc (c *CertificateserviceClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {\n\treq := c.NewRequest(op, params, data)\n\n\treturn req\n}\n\nfunc (c *CertificateserviceClient) ImportCertificate(input *certificateservice.ImportCertificateInput) (*certificateservice.ImportCertificateOutput, error) {\n\treq, out := c.ImportCertificateRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *CertificateserviceClient) ImportCertificateRequest(input *certificateservice.ImportCertificateInput) (req *request.Request, output *certificateservice.ImportCertificateOutput) {\n\top := &request.Operation{\n\t\tName: \"ImportCertificate\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &certificateservice.ImportCertificateInput{}\n\t}\n\n\toutput = &certificateservice.ImportCertificateOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n"
},
{
"path": "pkg/core/certmgr/providers/volcengine-certcenter/volcengine_certcenter.go",
"content": "package volcenginecertcenter\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\tvecs \"github.com/volcengine/volcengine-go-sdk/service/certificateservice\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\tvesession \"github.com/volcengine/volcengine-go-sdk/volcengine/session\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter/internal\"\n)\n\ntype CertmgrConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CertificateserviceClient\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 上传证书\n\t// REF: https://www.volcengine.com/docs/6638/1365580\n\timportCertificateReq := &vecs.ImportCertificateInput{\n\t\tCertificateInfo: &vecs.CertificateInfoForImportCertificateInput{\n\t\t\tCertificateChain: ve.String(certPEM),\n\t\t\tPrivateKey: ve.String(privkeyPEM),\n\t\t},\n\t\tRepeatable: ve.Bool(false),\n\t}\n\timportCertificateResp, err := c.sdkClient.ImportCertificate(importCertificateReq)\n\tc.logger.Debug(\"sdk request 'certcenter.ImportCertificate'\", slog.Any(\"request\", importCertificateReq), slog.Any(\"response\", importCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'certcenter.ImportCertificate': %w\", err)\n\t}\n\n\tvar sslId string\n\tif importCertificateResp.InstanceId != nil && *importCertificateResp.InstanceId != \"\" {\n\t\tsslId = *importCertificateResp.InstanceId\n\t}\n\tif importCertificateResp.RepeatId != nil && *importCertificateResp.RepeatId != \"\" {\n\t\tsslId = *importCertificateResp.RepeatId\n\t}\n\n\tif sslId == \"\" {\n\t\treturn nil, errors.New(\"received empty certificate id, both `InstanceId` and `RepeatId` are empty\")\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: sslId,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.CertificateserviceClient, error) {\n\tif region == \"\" {\n\t\tregion = \"cn-beijing\" // 证书中心默认区域:北京\n\t}\n\n\tconfig := ve.NewConfig().\n\t\tWithAkSk(accessKeyId, accessKeySecret).\n\t\tWithRegion(region)\n\n\tsession, err := vesession.NewSession(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewCertificateserviceClient(session)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/certmgr/providers/volcengine-certcenter/volcengine_certcenter_test.go",
"content": "package volcenginecertcenter_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINECERTCENTER_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_certcenter_test.go -args \\\n\t--VOLCENGINECERTCENTER_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINECERTCENTER_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINECERTCENTER_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINECERTCENTER_ACCESSKEYSECRET=\"your-access-key-secret\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/certmgr/providers/volcengine-live/volcengine_live.go",
"content": "package volcenginelive\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\tvelive \"github.com/volcengine/volc-sdk-golang/service/live/v20230101\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *velive.Live\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient := velive.NewInstance()\n\tclient.SetAccessKey(config.AccessKeyId)\n\tclient.SetSecretKey(config.AccessKeySecret)\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 查询证书列表,避免重复上传\n\t// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E8%AF%A2%E8%AF%81%E4%B9%A6%E5%88%97%E8%A1%A8\n\tlistCertReq := &velive.ListCertV2Body{}\n\tlistCertResp, err := c.sdkClient.ListCertV2(ctx, listCertReq)\n\tc.logger.Debug(\"sdk request 'live.ListCertV2'\", slog.Any(\"request\", listCertReq), slog.Any(\"response\", listCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'live.ListCertV2': %w\", err)\n\t}\n\tif listCertResp.Result.CertList != nil {\n\t\tfor _, certItem := range listCertResp.Result.CertList {\n\t\t\t// 查询证书详细信息\n\t\t\t// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85\n\t\t\tdescribeCertDetailSecretReq := &velive.DescribeCertDetailSecretV2Body{\n\t\t\t\tChainID: ve.String(certItem.ChainID),\n\t\t\t}\n\t\t\tdescribeCertDetailSecretResp, err := c.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)\n\t\t\tc.logger.Debug(\"sdk request 'live.DescribeCertDetailSecretV2'\", slog.Any(\"request\", describeCertDetailSecretReq), slog.Any(\"response\", describeCertDetailSecretResp))\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果已存在相同证书,直接返回\n\t\t\toldCertPEM := strings.Join(describeCertDetailSecretResp.Result.SSL.Chain, \"\\n\\n\")\n\t\t\tif xcert.EqualCertificatesFromPEM(certPEM, oldCertPEM) {\n\t\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\t\treturn &certmgr.UploadResult{\n\t\t\t\t\tCertId: certItem.ChainID,\n\t\t\t\t\tCertName: certItem.CertName,\n\t\t\t\t}, nil\n\t\t\t}\n\t\t}\n\t}\n\n\t// 生成新证书名(需符合火山引擎命名规则)\n\tcertName := fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())\n\n\t// 上传新证书\n\t// REF: https://www.volcengine.com/docs/6469/1186278#%E6%B7%BB%E5%8A%A0%E8%AF%81%E4%B9%A6\n\tcreateCertReq := &velive.CreateCertBody{\n\t\tCertName: ve.String(certName),\n\t\tRsa: velive.CreateCertBodyRsa{\n\t\t\tPrikey: privkeyPEM,\n\t\t\tPubkey: certPEM,\n\t\t},\n\t\tUseWay: \"https\",\n\t}\n\tcreateCertResp, err := c.sdkClient.CreateCert(ctx, createCertReq)\n\tc.logger.Debug(\"sdk request 'live.CreateCert'\", slog.Any(\"request\", createCertReq), slog.Any(\"response\", createCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'live.CreateCert': %w\", err)\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: *createCertResp.Result.ChainID,\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\treturn nil, certmgr.ErrUnsupported\n}\n"
},
{
"path": "pkg/core/certmgr/providers/wangsu-certificate/wangsu_certificate.go",
"content": "package wangsucertificate\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"regexp\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\twangsusdk \"github.com/certimate-go/certimate/pkg/sdk3rd/wangsu/certificate\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype CertmgrConfig struct {\n\t// 网宿云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 网宿云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n}\n\ntype Certmgr struct {\n\tconfig *CertmgrConfig\n\tlogger *slog.Logger\n\tsdkClient *wangsusdk.Client\n}\n\nvar _ certmgr.Provider = (*Certmgr)(nil)\n\nfunc NewCertmgr(config *CertmgrConfig) (*Certmgr, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the certmgr provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Certmgr{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (c *Certmgr) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tc.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tc.logger = logger\n\t}\n}\n\nfunc (c *Certmgr) Upload(ctx context.Context, certPEM, privkeyPEM string) (*certmgr.UploadResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 查询证书列表,避免重复上传\n\t// REF: https://www.wangsu.com/document/api-doc/22675?productCode=certificatemanagement\n\tlistCertificatesResp, err := c.sdkClient.ListCertificatesWithContext(ctx)\n\tc.logger.Debug(\"sdk request 'certificatemanagement.ListCertificates'\", slog.Any(\"response\", listCertificatesResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'certificatemanagement.ListCertificates': %w\", err)\n\t}\n\n\tif listCertificatesResp.Certificates != nil {\n\t\tfor _, certItem := range listCertificatesResp.Certificates {\n\t\t\t// 对比证书序列号\n\t\t\tif !strings.EqualFold(certX509.SerialNumber.Text(16), certItem.Serial) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 对比证书有效期\n\t\t\ttimezoneOfCST := time.FixedZone(\"CST\", 8*60*60)\n\t\t\toldCertNotBefore, _ := time.ParseInLocation(time.DateTime, certItem.ValidityFrom, timezoneOfCST)\n\t\t\toldCertNotAfter, _ := time.ParseInLocation(time.DateTime, certItem.ValidityTo, timezoneOfCST)\n\t\t\tif !certX509.NotBefore.Equal(oldCertNotBefore) || !certX509.NotAfter.Equal(oldCertNotAfter) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\t// 如果以上信息都一致,则视为已存在相同证书,直接返回\n\t\t\tc.logger.Info(\"ssl certificate already exists\")\n\t\t\treturn &certmgr.UploadResult{\n\t\t\t\tCertId: certItem.CertificateId,\n\t\t\t\tCertName: certItem.Name,\n\t\t\t}, nil\n\t\t}\n\t}\n\n\t// 生成新证书名(需符合网宿云命名规则)\n\tcertName := fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())\n\n\t// 新增证书\n\t// REF: https://www.wangsu.com/document/api-doc/25199?productCode=certificatemanagement\n\tcreateCertificateReq := &wangsusdk.CreateCertificateRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCertificate: lo.ToPtr(certPEM),\n\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\tComment: lo.ToPtr(\"upload from certimate\"),\n\t}\n\tcreateCertificateResp, err := c.sdkClient.CreateCertificateWithContext(ctx, createCertificateReq)\n\tc.logger.Debug(\"sdk request 'certificatemanagement.CreateCertificate'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'certificatemanagement.CreateCertificate': %w\", err)\n\t}\n\n\t// 网宿云证书 URL 中包含证书 ID\n\t// 格式:\n\t// https://open.chinanetcenter.com/api/certificate/100001\n\twangsuCertIdMatches := regexp.MustCompile(`/certificate/([0-9]+)`).FindStringSubmatch(createCertificateResp.CertificateLocation)\n\tif len(wangsuCertIdMatches) == 0 {\n\t\treturn nil, fmt.Errorf(\"received empty certificate id\")\n\t}\n\n\treturn &certmgr.UploadResult{\n\t\tCertId: wangsuCertIdMatches[1],\n\t\tCertName: certName,\n\t}, nil\n}\n\nfunc (c *Certmgr) Replace(ctx context.Context, certIdOrName string, certPEM, privkeyPEM string) (*certmgr.OperateResult, error) {\n\tcertId := certIdOrName\n\tcertName := fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())\n\n\t// 修改证书\n\t// REF: https://www.wangsu.com/document/api-doc/25568?productCode=certificatemanagement\n\tupdateCertificateReq := &wangsusdk.UpdateCertificateRequest{\n\t\tName: lo.ToPtr(certName),\n\t\tCertificate: lo.ToPtr(certPEM),\n\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\tComment: lo.ToPtr(\"upload from certimate\"),\n\t}\n\tupdateCertificateResp, err := c.sdkClient.UpdateCertificateWithContext(ctx, certId, updateCertificateReq)\n\tc.logger.Debug(\"sdk request 'certificatemanagement.UpdateCertificate'\", slog.Any(\"request\", updateCertificateReq), slog.Any(\"response\", updateCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'certificatemanagement.UpdateCertificate': %w\", err)\n\t}\n\n\treturn &certmgr.OperateResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {\n\treturn wangsusdk.NewClient(accessKeyId, accessKeySecret)\n}\n"
},
{
"path": "pkg/core/certmgr/providers/wangsu-certificate/wangsu_certificate_test.go",
"content": "package wangsucertificate_test\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/wangsu-certificate\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n)\n\nfunc init() {\n\targsPrefix := \"WANGSUCERTIFICATE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./wangsu_certificate_test.go -args \\\n\t--WANGSUCERTIFICATE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--WANGSUCERTIFICATE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--WANGSUCERTIFICATE_ACCESSKEYID=\"your-access-key-id\" \\\n\t--WANGSUCERTIFICATE_ACCESSKEYSECRET=\"your-access-key-secret\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewCertmgr(&provider.CertmgrConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tsres, _ := json.Marshal(res)\n\t\tt.Logf(\"ok: %s\", string(sres))\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/provider.go",
"content": "package deployer\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n)\n\n// 表示定义 SSL 证书部署器的抽象类型接口。\ntype Provider interface {\n\t// 设置日志记录器。\n\t//\n\t// 入参:\n\t// - logger:日志记录器实例。\n\tSetLogger(logger *slog.Logger)\n\n\t// 部署证书。\n\t//\n\t// 入参:\n\t// - ctx:上下文。\n\t// - certPEM:证书 PEM 内容。\n\t// - privkeyPEM:私钥 PEM 内容。\n\t//\n\t// 出参:\n\t// - res:部署结果。\n\t// - err: 错误。\n\tDeploy(ctx context.Context, certPEM, privkeyPEM string) (_res *DeployResult, _err error)\n}\n\n// 表示 SSL 证书部署结果的数据结构。\ntype DeployResult struct {\n\tExtendedData map[string]any `json:\"extendedData,omitempty\"`\n}\n"
},
{
"path": "pkg/core/deployer/providers/1panel/1panel.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/1panel\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tonepanelsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/1panel\"\n\tonepanelsdk2 \"github.com/certimate-go/certimate/pkg/sdk3rd/1panel/v2\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 1Panel 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 1Panel 版本。\n\t// 可取值 \"v1\"、\"v2\"。\n\tApiVersion string `json:\"apiVersion\"`\n\t// 1Panel 接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 子节点名称。\n\t// 选填。\n\tNodeName string `json:\"nodeName,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [WEBSITE_MATCH_PATTERN_SPECIFIED]。\n\tWebsiteMatchPattern string `json:\"websiteMatchPattern,omitempty\"`\n\t// 网站 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_WEBSITE]、且匹配模式非 [WEBSITE_MATCH_PATTERN_CERTSAN] 时必填。\n\tWebsiteId int64 `json:\"websiteId,omitempty\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient any\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections, config.NodeName)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tServerUrl: config.ServerUrl,\n\t\tApiVersion: config.ApiVersion,\n\t\tApiKey: config.ApiKey,\n\t\tAllowInsecureConnections: config.AllowInsecureConnections,\n\t\tNodeName: config.NodeName,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_WEBSITE:\n\t\tif err := d.deployToWebsite(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToWebsite(ctx context.Context, certPEM, privkeyPEM string) error {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的网站列表\n\tvar websiteIds []int64\n\tswitch d.config.WebsiteMatchPattern {\n\tcase \"\", WEBSITE_MATCH_PATTERN_SPECIFIED:\n\t\t{\n\t\t\tif d.config.WebsiteId == 0 {\n\t\t\t\treturn errors.New(\"config `websiteId` is required\")\n\t\t\t}\n\n\t\t\twebsiteIds = []int64{d.config.WebsiteId}\n\t\t}\n\n\tcase WEBSITE_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\twebsiteIdCandidates, err := d.getMatchedWebsiteIdsByCertificate(ctx, certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\twebsiteIds = websiteIdCandidates\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported website match pattern: '%s'\", d.config.WebsiteMatchPattern)\n\t}\n\n\t// 遍历更新网站证书\n\tif len(websiteIds) == 0 {\n\t\td.logger.Info(\"no websites to deploy\")\n\t} else {\n\t\td.logger.Info(\"found websites to deploy\", slog.Any(\"websiteIds\", websiteIds))\n\t\tvar errs []error\n\n\t\twebsiteSSLId, _ := strconv.ParseInt(upres.CertId, 10, 64)\n\t\tfor i, websiteId := range websiteIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateWebsiteCertificate(ctx, websiteId, websiteSSLId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t\tif i < len(websiteIds)-1 {\n\t\t\t\t\txwait.DelayWithContext(ctx, time.Second*5)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == 0 {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 替换证书\n\topres, err := d.sdkCertmgr.Replace(ctx, strconv.FormatInt(d.config.CertificateId, 10), certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) getMatchedWebsiteIdsByCertificate(ctx context.Context, certPEM string) ([]int64, error) {\n\tvar websiteIds []int64\n\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tswitch sdkClient := d.sdkClient.(type) {\n\tcase *onepanelsdk.Client:\n\t\t{\n\t\t\twebsiteSearchPage := 1\n\t\t\twebsiteSearchPageSize := 100\n\t\t\tfor {\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn nil, ctx.Err()\n\t\t\t\tdefault:\n\t\t\t\t}\n\t\t\t\twebsiteSearchReq := &onepanelsdk.WebsiteSearchRequest{\n\t\t\t\t\tOrder: \"ascending\",\n\t\t\t\t\tOrderBy: \"primary_domain\",\n\t\t\t\t\tPage: int32(websiteSearchPage),\n\t\t\t\t\tPageSize: int32(websiteSearchPageSize),\n\t\t\t\t}\n\t\t\t\twebsiteSearchResp, err := sdkClient.WebsiteSearchWithContext(ctx, websiteSearchReq)\n\t\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteSearch'\", slog.Any(\"request\", websiteSearchReq), slog.Any(\"response\", websiteSearchResp))\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSearch': %w\", err)\n\t\t\t\t}\n\n\t\t\t\tif websiteSearchResp.Data == nil {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tfor _, websiteItem := range websiteSearchResp.Data.Items {\n\t\t\t\t\tif certX509.VerifyHostname(websiteItem.PrimaryDomain) != nil {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\twebsiteGetResp, err := sdkClient.WebsiteGetWithContext(ctx, websiteItem.ID)\n\t\t\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteGet'\", slog.Int64(\"websiteId\", websiteItem.ID), slog.Any(\"response\", websiteGetResp))\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteGet': %w\", err)\n\t\t\t\t\t}\n\n\t\t\t\t\tfor _, domainInfo := range websiteGetResp.Data.Domains {\n\t\t\t\t\t\tif domainInfo.SSL || certX509.VerifyHostname(domainInfo.Domain) == nil {\n\t\t\t\t\t\t\twebsiteIds = append(websiteIds, websiteItem.ID)\n\t\t\t\t\t\t\tbreak\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif len(websiteSearchResp.Data.Items) < websiteSearchPageSize {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\twebsiteSearchPage++\n\t\t\t}\n\t\t}\n\n\tcase *onepanelsdk2.Client:\n\t\t{\n\t\t\twebsiteSearchPage := 1\n\t\t\twebsiteSearchPageSize := 100\n\t\t\tfor {\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn nil, ctx.Err()\n\t\t\t\tdefault:\n\t\t\t\t}\n\n\t\t\t\twebsiteSearchReq := &onepanelsdk2.WebsiteSearchRequest{\n\t\t\t\t\tOrder: \"ascending\",\n\t\t\t\t\tOrderBy: \"primary_domain\",\n\t\t\t\t\tPage: int32(websiteSearchPage),\n\t\t\t\t\tPageSize: int32(websiteSearchPageSize),\n\t\t\t\t}\n\t\t\t\twebsiteSearchResp, err := sdkClient.WebsiteSearchWithContext(ctx, websiteSearchReq)\n\t\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteSearch'\", slog.Any(\"request\", websiteSearchReq), slog.Any(\"response\", websiteSearchResp))\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteSearch': %w\", err)\n\t\t\t\t}\n\n\t\t\t\tif websiteSearchResp.Data == nil {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tfor _, websiteItem := range websiteSearchResp.Data.Items {\n\t\t\t\t\tif certX509.VerifyHostname(websiteItem.PrimaryDomain) != nil {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\twebsiteGetResp, err := sdkClient.WebsiteGetWithContext(ctx, websiteItem.ID)\n\t\t\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteGet'\", slog.Int64(\"websiteId\", websiteItem.ID), slog.Any(\"response\", websiteGetResp))\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteGet': %w\", err)\n\t\t\t\t\t}\n\n\t\t\t\t\tfor _, domainInfo := range websiteGetResp.Data.Domains {\n\t\t\t\t\t\tif domainInfo.SSL || certX509.VerifyHostname(domainInfo.Domain) == nil {\n\t\t\t\t\t\t\twebsiteIds = append(websiteIds, websiteItem.ID)\n\t\t\t\t\t\t\tbreak\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif len(websiteSearchResp.Data.Items) < websiteSearchPageSize {\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\twebsiteSearchPage++\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\tpanic(\"unreachable\")\n\t}\n\n\tif len(websiteIds) == 0 {\n\t\treturn nil, errors.New(\"could not find any websites matched by certificate\")\n\t}\n\n\treturn websiteIds, nil\n}\n\nfunc (d *Deployer) updateWebsiteCertificate(ctx context.Context, websiteId int64, websiteSSLId int64) error {\n\tswitch sdkClient := d.sdkClient.(type) {\n\tcase *onepanelsdk.Client:\n\t\t{\n\t\t\t// 获取网站 HTTPS 配置\n\t\t\twebsiteHttpsGetResp, err := sdkClient.WebsiteHttpsGetWithContext(ctx, websiteId)\n\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteHttpsGet'\", slog.Int64(\"websiteId\", websiteId), slog.Any(\"response\", websiteHttpsGetResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteHttpsGet': %w\", err)\n\t\t\t} else {\n\t\t\t\tif websiteHttpsGetResp.Data.Enable && websiteHttpsGetResp.Data.WebsiteSSLID == websiteSSLId {\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 修改网站 HTTPS 配置\n\t\t\twebsiteHttpsPostReq := &onepanelsdk.WebsiteHttpsPostRequest{\n\t\t\t\tWebsiteID: websiteId,\n\t\t\t\tType: \"existed\",\n\t\t\t\tWebsiteSSLID: websiteSSLId,\n\t\t\t\tEnable: true,\n\t\t\t\tHttpConfig: websiteHttpsGetResp.Data.HttpConfig,\n\t\t\t\tSSLProtocol: websiteHttpsGetResp.Data.SSLProtocol,\n\t\t\t\tAlgorithm: websiteHttpsGetResp.Data.Algorithm,\n\t\t\t\tHsts: websiteHttpsGetResp.Data.Hsts,\n\t\t\t}\n\t\t\tif websiteHttpsPostReq.HttpConfig == \"\" {\n\t\t\t\twebsiteHttpsPostReq.HttpConfig = \"HTTPToHTTPS\"\n\t\t\t}\n\t\t\twebsiteHttpsPostResp, err := sdkClient.WebsiteHttpsPostWithContext(ctx, websiteId, websiteHttpsPostReq)\n\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteHttpsPost'\", slog.Int64(\"websiteId\", websiteId), slog.Any(\"request\", websiteHttpsPostReq), slog.Any(\"response\", websiteHttpsPostResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteHttpsPost': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase *onepanelsdk2.Client:\n\t\t{\n\t\t\t// 获取网站 HTTPS 配置\n\t\t\twebsiteHttpsGetResp, err := sdkClient.WebsiteHttpsGetWithContext(ctx, websiteId)\n\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteHttpsGet'\", slog.Int64(\"websiteId\", websiteId), slog.Any(\"response\", websiteHttpsGetResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteHttpsGet': %w\", err)\n\t\t\t} else {\n\t\t\t\tif websiteHttpsGetResp.Data.Enable && websiteHttpsGetResp.Data.WebsiteSSLID == websiteSSLId {\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 修改网站 HTTPS 配置\n\t\t\twebsiteHttpsPostReq := &onepanelsdk2.WebsiteHttpsPostRequest{\n\t\t\t\tWebsiteID: websiteId,\n\t\t\t\tType: \"existed\",\n\t\t\t\tWebsiteSSLID: websiteSSLId,\n\t\t\t\tEnable: true,\n\t\t\t\tHttpConfig: websiteHttpsGetResp.Data.HttpConfig,\n\t\t\t\tSSLProtocol: websiteHttpsGetResp.Data.SSLProtocol,\n\t\t\t\tAlgorithm: websiteHttpsGetResp.Data.Algorithm,\n\t\t\t\tHsts: websiteHttpsGetResp.Data.Hsts,\n\t\t\t\tHttp3: websiteHttpsGetResp.Data.Http3,\n\t\t\t}\n\t\t\tif websiteHttpsPostReq.HttpConfig == \"\" {\n\t\t\t\twebsiteHttpsPostReq.HttpConfig = \"HTTPToHTTPS\"\n\t\t\t}\n\t\t\twebsiteHttpsPostResp, err := sdkClient.WebsiteHttpsPostWithContext(ctx, websiteId, websiteHttpsPostReq)\n\t\t\td.logger.Debug(\"sdk request '1panel.WebsiteHttpsPost'\", slog.Int64(\"websiteId\", websiteId), slog.Any(\"request\", websiteHttpsPostReq), slog.Any(\"response\", websiteHttpsPostResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request '1panel.WebsiteHttpsPost': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\tpanic(\"unreachable\")\n\t}\n\n\treturn nil\n}\n\nconst (\n\tsdkVersionV1 = \"v1\"\n\tsdkVersionV2 = \"v2\"\n)\n\nfunc createSDKClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool, nodeName string) (any, error) {\n\tif apiVersion == sdkVersionV1 {\n\t\tclient, err := onepanelsdk.NewClient(serverUrl, apiKey)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t} else if apiVersion == sdkVersionV2 {\n\t\tvar client *onepanelsdk2.Client\n\t\tvar err error\n\n\t\tif nodeName == \"\" {\n\t\t\tclient, err = onepanelsdk2.NewClient(serverUrl, apiKey)\n\t\t} else {\n\t\t\tclient, err = onepanelsdk2.NewClientWithNode(serverUrl, apiKey, nodeName)\n\t\t}\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t}\n\n\treturn nil, errors.New(\"1panel: invalid api version\")\n}\n"
},
{
"path": "pkg/core/deployer/providers/1panel/1panel_test.go",
"content": "package onepanel_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/1panel\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiVersion string\n\tfApiKey string\n\tfWebsiteId int64\n)\n\nfunc init() {\n\targsPrefix := \"1PANEL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiVersion, argsPrefix+\"APIVERSION\", \"v1\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.Int64Var(&fWebsiteId, argsPrefix+\"WEBSITEID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./1panel_test.go -args \\\n\t--1PANEL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--1PANEL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--1PANEL_SERVERURL=\"http://127.0.0.1:20410\" \\\n\t--1PANEL_APIVERSION=\"v1\" \\\n\t--1PANEL_APIKEY=\"your-api-key\" \\\n\t--1PANEL_WEBSITEID=\"your-website-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIVERSION: %v\", fApiVersion),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"WEBSITEID: %v\", fWebsiteId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiVersion: fApiVersion,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_WEBSITE,\n\t\t\tWebsiteMatchPattern: provider.WEBSITE_MATCH_PATTERN_SPECIFIED,\n\t\t\tWebsiteId: fWebsiteId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/1panel/consts.go",
"content": "package onepanel\n\nconst (\n\t// 资源类型:替换指定网站的证书。\n\tRESOURCE_TYPE_WEBSITE = \"website\"\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n\nconst (\n\t// 匹配模式:指定 ID。\n\tWEBSITE_MATCH_PATTERN_SPECIFIED = \"specified\"\n\t// 匹配模式:证书 SAN 匹配。\n\tWEBSITE_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/1panel-console/1panel_console.go",
"content": "package onepanelconsole\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tonepanelsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/1panel\"\n\tonepanelsdk2 \"github.com/certimate-go/certimate/pkg/sdk3rd/1panel/v2\"\n)\n\ntype DeployerConfig struct {\n\t// 1Panel 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 1Panel 版本。\n\t// 可取值 \"v1\"、\"v2\"。\n\tApiVersion string `json:\"apiVersion\"`\n\t// 1Panel 接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 是否自动重启。\n\tAutoRestart bool `json:\"autoRestart\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient any\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiVersion, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 设置面板 SSL 证书\n\tswitch sdkClient := d.sdkClient.(type) {\n\tcase *onepanelsdk.Client:\n\t\t{\n\t\t\tsettingsSSLUpdateReq := &onepanelsdk.SettingsSSLUpdateRequest{\n\t\t\t\tCert: certPEM,\n\t\t\t\tKey: privkeyPEM,\n\t\t\t\tSSL: \"enable\",\n\t\t\t\tSSLType: \"import-paste\",\n\t\t\t\tAutoRestart: strconv.FormatBool(d.config.AutoRestart),\n\t\t\t}\n\t\t\tsettingsSSLUpdateResp, err := sdkClient.SettingsSSLUpdateWithContext(ctx, settingsSSLUpdateReq)\n\t\t\td.logger.Debug(\"sdk request '1panel.SettingsSSLUpdate'\", slog.Any(\"request\", settingsSSLUpdateReq), slog.Any(\"response\", settingsSSLUpdateResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.SettingsSSLUpdate': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase *onepanelsdk2.Client:\n\t\t{\n\t\t\tcoreSettingsSSLUpdateReq := &onepanelsdk2.CoreSettingsSSLUpdateRequest{\n\t\t\t\tCert: certPEM,\n\t\t\t\tKey: privkeyPEM,\n\t\t\t\tSSL: \"Enable\",\n\t\t\t\tSSLType: \"import-paste\",\n\t\t\t\tAutoRestart: strconv.FormatBool(d.config.AutoRestart),\n\t\t\t}\n\t\t\tcoreSettingsSSLUpdateResp, err := sdkClient.CoreSettingsSSLUpdateWithContext(ctx, coreSettingsSSLUpdateReq)\n\t\t\td.logger.Debug(\"sdk request '1panel.CoreSettingsSSLUpdate'\", slog.Any(\"request\", coreSettingsSSLUpdateReq), slog.Any(\"response\", coreSettingsSSLUpdateResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request '1panel.CoreSettingsSSLUpdate': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\tpanic(\"unreachable\")\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nconst (\n\tsdkVersionV1 = \"v1\"\n\tsdkVersionV2 = \"v2\"\n)\n\nfunc createSDKClient(serverUrl, apiVersion, apiKey string, skipTlsVerify bool) (any, error) {\n\tif apiVersion == sdkVersionV1 {\n\t\tclient, err := onepanelsdk.NewClient(serverUrl, apiKey)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t} else if apiVersion == sdkVersionV2 {\n\t\tclient, err := onepanelsdk2.NewClient(serverUrl, apiKey)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t}\n\n\treturn nil, errors.New(\"1panel: invalid api version\")\n}\n"
},
{
"path": "pkg/core/deployer/providers/1panel-console/1panel_console_test.go",
"content": "package onepanelconsole_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/1panel-console\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiVersion string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"1PANELCONSOLE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiVersion, argsPrefix+\"APIVERSION\", \"v1\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./1panel_console_test.go -args \\\n\t--1PANELCONSOLE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--1PANELCONSOLE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--1PANELCONSOLE_SERVERURL=\"http://127.0.0.1:20410\" \\\n\t--1PANELCONSOLE_APIVERSION=\"v1\" \\\n\t--1PANELCONSOLE_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIVERSION: %v\", fApiVersion),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiVersion: fApiVersion,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tAutoRestart: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-alb/aliyun_alb.go",
"content": "package aliyunalb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\talialb \"github.com/alibabacloud-go/alb-20200616/v2/client\"\n\talicas \"github.com/alibabacloud-go/cas-20200407/v4/client\"\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-alb/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n\t// SNI 域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClients *wSDKClients\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\ntype wSDKClients struct {\n\tALB *internal.AlbClient\n\tCAS *internal.CasClient\n}\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclients, err := createSDKClients(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClients: clients,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.ExtendedData[\"CertIdentifier\"].(string), certX509.DNSNames); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.ExtendedData[\"CertIdentifier\"].(string), certX509.DNSNames); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string, cloudCertSANs []string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询负载均衡实例的详细信息\n\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute\n\tgetLoadBalancerAttributeReq := &alialb.GetLoadBalancerAttributeRequest{\n\t\tLoadBalancerId: tea.String(d.config.LoadbalancerId),\n\t}\n\tgetLoadBalancerAttributeResp, err := d.sdkClients.ALB.GetLoadBalancerAttributeWithContext(ctx, getLoadBalancerAttributeReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'alb.GetLoadBalancerAttribute'\", slog.Any(\"request\", getLoadBalancerAttributeReq), slog.Any(\"response\", getLoadBalancerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.GetLoadBalancerAttribute': %w\", err)\n\t}\n\n\t// 查询 HTTPS 监听列表\n\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners\n\tlistenerIds := make([]string, 0)\n\tlistListenersToken := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistListenersReq := &alialb.ListListenersRequest{\n\t\t\tNextToken: listListenersToken,\n\t\t\tMaxResults: tea.Int32(100),\n\t\t\tLoadBalancerIds: tea.StringSlice([]string{d.config.LoadbalancerId}),\n\t\t\tListenerProtocol: tea.String(\"HTTPS\"),\n\t\t}\n\t\tlistListenersResp, err := d.sdkClients.ALB.ListListenersWithContext(ctx, listListenersReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'alb.ListListeners'\", slog.Any(\"request\", listListenersReq), slog.Any(\"response\", listListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.ListListeners': %w\", err)\n\t\t}\n\n\t\tif listListenersResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, listener := range listListenersResp.Body.Listeners {\n\t\t\tlistenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))\n\t\t}\n\n\t\tif len(listListenersResp.Body.Listeners) == 0 || listListenersResp.Body.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistListenersToken = listListenersResp.Body.NextToken\n\t}\n\n\t// 查询 QUIC 监听列表\n\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners\n\tlistListenersToken = nil\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistListenersReq := &alialb.ListListenersRequest{\n\t\t\tNextToken: listListenersToken,\n\t\t\tMaxResults: tea.Int32(100),\n\t\t\tLoadBalancerIds: tea.StringSlice([]string{d.config.LoadbalancerId}),\n\t\t\tListenerProtocol: tea.String(\"QUIC\"),\n\t\t}\n\t\tlistListenersResp, err := d.sdkClients.ALB.ListListenersWithContext(ctx, listListenersReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'alb.ListListeners'\", slog.Any(\"request\", listListenersReq), slog.Any(\"response\", listListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.ListListeners': %w\", err)\n\t\t}\n\n\t\tif listListenersResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, listener := range listListenersResp.Body.Listeners {\n\t\t\tlistenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))\n\t\t}\n\n\t\tif len(listListenersResp.Body.Listeners) == 0 || listListenersResp.Body.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistListenersToken = listListenersResp.Body.NextToken\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no alb listeners to deploy\")\n\t} else {\n\t\tvar errs []error\n\t\td.logger.Info(\"found https/quic listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, listenerId, cloudCertId, cloudCertSANs); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string, cloudCertSANs []string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 更新监听\n\tif err := d.updateListenerCertificate(ctx, d.config.ListenerId, cloudCertId, cloudCertSANs); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string, cloudCertSANs []string) error {\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\n\t\tif err := d.waitForListenerReady(ctx, cloudListenerId); err != nil {\n\t\t\treturn err\n\t\t}\n\n\t\t// 修改监听的属性\n\t\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute\n\t\tupdateListenerAttributeReq := &alialb.UpdateListenerAttributeRequest{\n\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\tCertificates: []*alialb.UpdateListenerAttributeRequestCertificates{{\n\t\t\t\tCertificateId: tea.String(cloudCertId),\n\t\t\t}},\n\t\t}\n\t\tupdateListenerAttributeResp, err := d.sdkClients.ALB.UpdateListenerAttributeWithContext(ctx, updateListenerAttributeReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'alb.UpdateListenerAttribute'\", slog.Any(\"request\", updateListenerAttributeReq), slog.Any(\"response\", updateListenerAttributeResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.UpdateListenerAttribute': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展域名\n\n\t\t// 查询监听证书列表\n\t\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates\n\t\tlistenerCertificates := make([]alialb.ListListenerCertificatesResponseBodyCertificates, 0)\n\t\tlistListenerCertificatesToken := (*string)(nil)\n\t\tfor {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t}\n\n\t\t\tlistListenerCertificatesReq := &alialb.ListListenerCertificatesRequest{\n\t\t\t\tNextToken: listListenerCertificatesToken,\n\t\t\t\tMaxResults: tea.Int32(100),\n\t\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\t\tCertificateType: tea.String(\"Server\"),\n\t\t\t}\n\t\t\tlistListenerCertificatesResp, err := d.sdkClients.ALB.ListListenerCertificatesWithContext(ctx, listListenerCertificatesReq, &dara.RuntimeOptions{})\n\t\t\td.logger.Debug(\"sdk request 'alb.ListListenerCertificates'\", slog.Any(\"request\", listListenerCertificatesReq), slog.Any(\"response\", listListenerCertificatesResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.ListListenerCertificates': %w\", err)\n\t\t\t}\n\n\t\t\tif listListenerCertificatesResp.Body == nil {\n\t\t\t\tbreak\n\t\t\t}\n\n\t\t\tfor _, listenerCertificate := range listListenerCertificatesResp.Body.Certificates {\n\t\t\t\tlistenerCertificates = append(listenerCertificates, *listenerCertificate)\n\t\t\t}\n\n\t\t\tif len(listListenerCertificatesResp.Body.Certificates) == 0 || listListenerCertificatesResp.Body.NextToken == nil {\n\t\t\t\tbreak\n\t\t\t}\n\n\t\t\tlistListenerCertificatesToken = listListenerCertificatesResp.Body.NextToken\n\t\t}\n\n\t\t// 查询监听证书,并找出需要解除关联的证书\n\t\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlistenercertificates\n\t\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getcertificatedetail\n\t\tcertificateIsAlreadyAssociated := false\n\t\tcertificateIdsToDissociate := make([]string, 0)\n\t\tif len(listenerCertificates) > 0 {\n\t\t\td.logger.Info(\"found listener certificates to deploy\", slog.Any(\"listenerCertificates\", listenerCertificates))\n\t\t\tvar errs []error\n\n\t\t\tfor _, listenerCertificate := range listenerCertificates {\n\t\t\t\tif tea.BoolValue(listenerCertificate.IsDefault) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tif !strings.EqualFold(tea.StringValue(listenerCertificate.Status), \"Associated\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tif tea.StringValue(listenerCertificate.CertificateId) == cloudCertId {\n\t\t\t\t\tcertificateIsAlreadyAssociated = true\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\tcertificateId := strings.SplitN(tea.StringValue(listenerCertificate.CertificateId), \"-\", 2)[0]\n\t\t\t\tcertificateIdAsInt64, err := strconv.ParseInt(certificateId, 10, 64)\n\t\t\t\tif err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tgetCertificateDetailReq := &alicas.GetCertificateDetailRequest{\n\t\t\t\t\tCertificateId: tea.Int64(certificateIdAsInt64),\n\t\t\t\t}\n\t\t\t\tgetCertificateDetailResp, err := d.sdkClients.CAS.GetCertificateDetailWithContext(ctx, getCertificateDetailReq, &dara.RuntimeOptions{})\n\t\t\t\td.logger.Debug(\"sdk request 'cas.GetCertificateDetail'\", slog.Any(\"request\", getCertificateDetailReq), slog.Any(\"response\", getCertificateDetailResp))\n\t\t\t\tif err != nil {\n\t\t\t\t\tif sdkerr, ok := err.(*tea.SDKError); ok {\n\t\t\t\t\t\tif tea.IntValue(sdkerr.StatusCode) == 400 && tea.StringValue(sdkerr.Code) == \"NotFound\" {\n\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\terrs = append(errs, fmt.Errorf(\"failed to execute sdk request 'cas.GetCertificateDetail': %w\", err))\n\t\t\t\t\tcontinue\n\t\t\t\t} else {\n\t\t\t\t\tcertCNMatched := tea.StringValue(getCertificateDetailResp.Body.CommonName) == d.config.Domain\n\t\t\t\t\tcertSANDiff, _ := lo.Difference(tea.StringSliceValue(getCertificateDetailResp.Body.SubjectAlternativeNames), cloudCertSANs)\n\t\t\t\t\tif certCNMatched || len(certSANDiff) == 0 {\n\t\t\t\t\t\tcertificateIdsToDissociate = append(certificateIdsToDissociate, certificateId)\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tcertNotAfter := time.Unix(tea.Int64Value(getCertificateDetailResp.Body.NotAfter)/1000, 0)\n\t\t\t\t\tif certNotAfter.Before(time.Now()) {\n\t\t\t\t\t\tcertificateIdsToDissociate = append(certificateIdsToDissociate, certificateId)\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif len(errs) > 0 {\n\t\t\t\treturn errors.Join(errs...)\n\t\t\t}\n\t\t}\n\n\t\t// 关联监听和扩展证书\n\t\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-associateadditionalcertificateswithlistener\n\t\tif !certificateIsAlreadyAssociated {\n\t\t\tif err := d.waitForListenerReady(ctx, cloudListenerId); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tassociateAdditionalCertificatesFromListenerReq := &alialb.AssociateAdditionalCertificatesWithListenerRequest{\n\t\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\t\tCertificates: []*alialb.AssociateAdditionalCertificatesWithListenerRequestCertificates{\n\t\t\t\t\t{\n\t\t\t\t\t\tCertificateId: tea.String(cloudCertId),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t}\n\t\t\tassociateAdditionalCertificatesFromListenerResp, err := d.sdkClients.ALB.AssociateAdditionalCertificatesWithListenerWithContext(ctx, associateAdditionalCertificatesFromListenerReq, &dara.RuntimeOptions{})\n\t\t\td.logger.Debug(\"sdk request 'alb.AssociateAdditionalCertificatesWithListener'\", slog.Any(\"request\", associateAdditionalCertificatesFromListenerReq), slog.Any(\"response\", associateAdditionalCertificatesFromListenerResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.AssociateAdditionalCertificatesWithListener': %w\", err)\n\t\t\t}\n\t\t}\n\n\t\t// 解除关联监听和扩展证书\n\t\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-dissociateadditionalcertificatesfromlistener\n\t\tif !certificateIsAlreadyAssociated && len(certificateIdsToDissociate) > 0 {\n\t\t\tif err := d.waitForListenerReady(ctx, cloudListenerId); err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdissociateAdditionalCertificatesFromListenerReq := &alialb.DissociateAdditionalCertificatesFromListenerRequest{\n\t\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\t\tCertificates: lo.Map(certificateIdsToDissociate, func(certificateId string, _ int) *alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates {\n\t\t\t\t\treturn &alialb.DissociateAdditionalCertificatesFromListenerRequestCertificates{\n\t\t\t\t\t\tCertificateId: tea.String(certificateId),\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t\t}\n\t\t\tdissociateAdditionalCertificatesFromListenerResp, err := d.sdkClients.ALB.DissociateAdditionalCertificatesFromListenerWithContext(ctx, dissociateAdditionalCertificatesFromListenerReq, &dara.RuntimeOptions{})\n\t\t\td.logger.Debug(\"sdk request 'alb.DissociateAdditionalCertificatesFromListener'\", slog.Any(\"request\", dissociateAdditionalCertificatesFromListenerReq), slog.Any(\"response\", dissociateAdditionalCertificatesFromListenerResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.DissociateAdditionalCertificatesFromListener': %w\", err)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) waitForListenerReady(ctx context.Context, cloudListenerId string) error {\n\t// 查询监听的属性,直到监听状态不再为 \"Configuring\"\n\t// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getlistenerattribute\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tgetListenerAttributeReq := &alialb.GetListenerAttributeRequest{\n\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t}\n\t\tgetListenerAttributeResp, err := d.sdkClients.ALB.GetListenerAttributeWithContext(ctx, getListenerAttributeReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'alb.GetListenerAttribute'\", slog.Any(\"request\", getListenerAttributeReq), slog.Any(\"response\", getListenerAttributeResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'alb.GetListenerAttribute': %w\", err)\n\t\t}\n\n\t\tif tea.StringValue(getListenerAttributeResp.Body.ListenerStatus) != \"Configuring\" {\n\t\t\treturn true, nil\n\t\t}\n\n\t\td.logger.Info(\"waiting for aliyun alb listener's status to not be 'Configuring' ...\")\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClients(accessKeyId, accessKeySecret, region string) (*wSDKClients, error) {\n\t// 接入点一览 https://api.aliyun.com/product/Alb\n\tvar albEndpoint string\n\tswitch region {\n\tcase \"\", \"cn-hangzhou-finance\":\n\t\talbEndpoint = \"alb.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\talbEndpoint = fmt.Sprintf(\"alb.%s.aliyuncs.com\", region)\n\t}\n\n\talbConfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(albEndpoint),\n\t}\n\talbClient, err := internal.NewAlbClient(albConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 接入点一览 https://api.aliyun.com/product/cas\n\tvar casEndpoint string\n\tif !strings.HasPrefix(region, \"cn-\") {\n\t\tcasEndpoint = \"cas.ap-southeast-1.aliyuncs.com\"\n\t} else {\n\t\tcasEndpoint = \"cas.aliyuncs.com\"\n\t}\n\n\tcasConfig := &aliopen.Config{\n\t\tEndpoint: tea.String(casEndpoint),\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t}\n\tcasClient, err := internal.NewCasClient(casConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &wSDKClients{\n\t\tALB: albClient,\n\t\tCAS: casClient,\n\t}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-alb/aliyun_alb_test.go",
"content": "package aliyunalb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-alb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfLoadbalancerId string\n\tfListenerId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNALB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_alb_test.go -args \\\n\t--ALIYUNALB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNALB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNALB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNALB_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNALB_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNALB_LOADBALANCERID=\"your-alb-instance-id\" \\\n\t--ALIYUNALB_LISTENERID=\"your-alb-listener-id\" \\\n\t--ALIYUNALB_DOMAIN=\"your-alb-sni-domain\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToLoadbalancer\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-alb/consts.go",
"content": "package aliyunalb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-alb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\talialb \"github.com/alibabacloud-go/alb-20200616/v2/client\"\n\talicas \"github.com/alibabacloud-go/cas-20200407/v4/client\"\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/cas-20200407/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype CasClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewCasClient(config *openapiutil.Config) (*CasClient, error) {\n\tclient := new(CasClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *CasClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *CasClient) GetCertificateDetailWithContext(ctx context.Context, request *alicas.GetCertificateDetailRequest, runtime *dara.RuntimeOptions) (_result *alicas.GetCertificateDetailResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.CertificateId) {\n\t\tquery[\"CertificateId\"] = request.CertificateId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"GetCertificateDetail\"),\n\t\tVersion: dara.String(\"2020-04-07\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicas.GetCertificateDetailResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\n// This is a partial copy of https://github.com/alibabacloud-go/alb-20200616/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype AlbClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewAlbClient(config *openapiutil.Config) (*AlbClient, error) {\n\tclient := new(AlbClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *AlbClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *AlbClient) AssociateAdditionalCertificatesWithListenerWithContext(ctx context.Context, request *alialb.AssociateAdditionalCertificatesWithListenerRequest, runtime *dara.RuntimeOptions) (_result *alialb.AssociateAdditionalCertificatesWithListenerResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.Certificates) {\n\t\tquery[\"Certificates\"] = request.Certificates\n\t}\n\n\tif !dara.IsNil(request.ClientToken) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !dara.IsNil(request.DryRun) {\n\t\tquery[\"DryRun\"] = request.DryRun\n\t}\n\n\tif !dara.IsNil(request.ListenerId) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"AssociateAdditionalCertificatesWithListener\"),\n\t\tVersion: dara.String(\"2020-06-16\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alialb.AssociateAdditionalCertificatesWithListenerResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *AlbClient) DissociateAdditionalCertificatesFromListenerWithContext(ctx context.Context, request *alialb.DissociateAdditionalCertificatesFromListenerRequest, runtime *dara.RuntimeOptions) (_result *alialb.DissociateAdditionalCertificatesFromListenerResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.Certificates) {\n\t\tquery[\"Certificates\"] = request.Certificates\n\t}\n\n\tif !dara.IsNil(request.ClientToken) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !dara.IsNil(request.DryRun) {\n\t\tquery[\"DryRun\"] = request.DryRun\n\t}\n\n\tif !dara.IsNil(request.ListenerId) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DissociateAdditionalCertificatesFromListener\"),\n\t\tVersion: dara.String(\"2020-06-16\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alialb.DissociateAdditionalCertificatesFromListenerResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *AlbClient) GetListenerAttributeWithContext(ctx context.Context, request *alialb.GetListenerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alialb.GetListenerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.ListenerId) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"GetListenerAttribute\"),\n\t\tVersion: dara.String(\"2020-06-16\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alialb.GetListenerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *AlbClient) GetLoadBalancerAttributeWithContext(ctx context.Context, request *alialb.GetLoadBalancerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alialb.GetLoadBalancerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.LoadBalancerId) {\n\t\tquery[\"LoadBalancerId\"] = request.LoadBalancerId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"GetLoadBalancerAttribute\"),\n\t\tVersion: dara.String(\"2020-06-16\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alialb.GetLoadBalancerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *AlbClient) ListListenerCertificatesWithContext(ctx context.Context, request *alialb.ListListenerCertificatesRequest, runtime *dara.RuntimeOptions) (_result *alialb.ListListenerCertificatesResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertificateIds) {\n\t\tquery[\"CertificateIds\"] = request.CertificateIds\n\t}\n\n\tif !dara.IsNil(request.CertificateType) {\n\t\tquery[\"CertificateType\"] = request.CertificateType\n\t}\n\n\tif !dara.IsNil(request.ListenerId) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !dara.IsNil(request.MaxResults) {\n\t\tquery[\"MaxResults\"] = request.MaxResults\n\t}\n\n\tif !dara.IsNil(request.NextToken) {\n\t\tquery[\"NextToken\"] = request.NextToken\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ListListenerCertificates\"),\n\t\tVersion: dara.String(\"2020-06-16\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alialb.ListListenerCertificatesResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *AlbClient) ListListenersWithContext(ctx context.Context, request *alialb.ListListenersRequest, runtime *dara.RuntimeOptions) (_result *alialb.ListListenersResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.ListenerIds) {\n\t\tquery[\"ListenerIds\"] = request.ListenerIds\n\t}\n\n\tif !dara.IsNil(request.ListenerProtocol) {\n\t\tquery[\"ListenerProtocol\"] = request.ListenerProtocol\n\t}\n\n\tif !dara.IsNil(request.LoadBalancerIds) {\n\t\tquery[\"LoadBalancerIds\"] = request.LoadBalancerIds\n\t}\n\n\tif !dara.IsNil(request.MaxResults) {\n\t\tquery[\"MaxResults\"] = request.MaxResults\n\t}\n\n\tif !dara.IsNil(request.NextToken) {\n\t\tquery[\"NextToken\"] = request.NextToken\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ListListeners\"),\n\t\tVersion: dara.String(\"2020-06-16\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alialb.ListListenersResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *AlbClient) UpdateListenerAttributeWithContext(ctx context.Context, request *alialb.UpdateListenerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alialb.UpdateListenerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CaCertificates) {\n\t\tquery[\"CaCertificates\"] = request.CaCertificates\n\t}\n\n\tif !dara.IsNil(request.CaEnabled) {\n\t\tquery[\"CaEnabled\"] = request.CaEnabled\n\t}\n\n\tif !dara.IsNil(request.Certificates) {\n\t\tquery[\"Certificates\"] = request.Certificates\n\t}\n\n\tif !dara.IsNil(request.ClientToken) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !dara.IsNil(request.DefaultActions) {\n\t\tquery[\"DefaultActions\"] = request.DefaultActions\n\t}\n\n\tif !dara.IsNil(request.DryRun) {\n\t\tquery[\"DryRun\"] = request.DryRun\n\t}\n\n\tif !dara.IsNil(request.GzipEnabled) {\n\t\tquery[\"GzipEnabled\"] = request.GzipEnabled\n\t}\n\n\tif !dara.IsNil(request.Http2Enabled) {\n\t\tquery[\"Http2Enabled\"] = request.Http2Enabled\n\t}\n\n\tif !dara.IsNil(request.IdleTimeout) {\n\t\tquery[\"IdleTimeout\"] = request.IdleTimeout\n\t}\n\n\tif !dara.IsNil(request.ListenerDescription) {\n\t\tquery[\"ListenerDescription\"] = request.ListenerDescription\n\t}\n\n\tif !dara.IsNil(request.ListenerId) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !dara.IsNil(request.QuicConfig) {\n\t\tquery[\"QuicConfig\"] = request.QuicConfig\n\t}\n\n\tif !dara.IsNil(request.RequestTimeout) {\n\t\tquery[\"RequestTimeout\"] = request.RequestTimeout\n\t}\n\n\tif !dara.IsNil(request.SecurityPolicyId) {\n\t\tquery[\"SecurityPolicyId\"] = request.SecurityPolicyId\n\t}\n\n\tif !dara.IsNil(request.XForwardedForConfig) {\n\t\tquery[\"XForwardedForConfig\"] = request.XForwardedForConfig\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"UpdateListenerAttribute\"),\n\t\tVersion: dara.String(\"2020-06-16\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alialb.UpdateListenerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go",
"content": "package aliyunapigw\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\taliapig \"github.com/alibabacloud-go/apig-20240327/v6/client\"\n\talicloudapi \"github.com/alibabacloud-go/cloudapi-20160714/v5/client\"\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-apigw/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 服务类型。\n\tServiceType string `json:\"serviceType\"`\n\t// API 网关 ID。\n\t// 服务类型为 [SERVICE_TYPE_CLOUDNATIVE] 时必填。\n\tGatewayId string `json:\"gatewayId,omitempty\"`\n\t// API 分组 ID。\n\t// 服务类型为 [SERVICE_TYPE_TRADITIONAL] 时必填。\n\tGroupId string `json:\"groupId,omitempty\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 自定义域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClients *wSDKClients\n\tsdkCertmgr certmgr.Provider\n}\n\ntype wSDKClients struct {\n\tCloudNativeAPIGateway *internal.ApigClient\n\tTraditionalAPIGateway *internal.CloudapiClient\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclients, err := createSDKClients(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClients: clients,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tswitch d.config.ServiceType {\n\tcase SERVICE_TYPE_TRADITIONAL:\n\t\tif err := d.deployToTraditional(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase SERVICE_TYPE_CLOUDNATIVE:\n\t\tif err := d.deployToCloudNative(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported service type '%s'\", string(d.config.ServiceType))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToTraditional(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.GroupId == \"\" {\n\t\treturn errors.New(\"config `groupId` is required\")\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getTraditionalAllDomainsByGroupId(ctx, d.config.GroupId)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getTraditionalAllDomainsByGroupId(ctx, d.config.GroupId)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no apigw domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found apigw domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateTraditionalDomainCertificate(ctx, d.config.GroupId, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCloudNative(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.GatewayId == \"\" {\n\t\treturn errors.New(\"config `gatewayId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getCloudNativeAllDomainsByGatewayId(ctx, d.config.GatewayId)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getCloudNativeAllDomainsByGatewayId(ctx, d.config.GatewayId)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no apigw domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found apigw domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tcertId := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\t\t\tif err := d.updateCloudNativeDomainCertificate(ctx, d.config.GatewayId, domain, certId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) getTraditionalAllDomainsByGroupId(ctx context.Context, cloudGroupId string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询 API 分组详情\n\t// REF: https://help.aliyun.com/zh/api-gateway/traditional-api-gateway/developer-reference/api-cloudapi-2016-07-14-describeapigroup\n\tdescribeApiGroupReq := &alicloudapi.DescribeApiGroupRequest{\n\t\tGroupId: tea.String(cloudGroupId),\n\t}\n\tdescribeApiGroupResp, err := d.sdkClients.TraditionalAPIGateway.DescribeApiGroupWithContext(ctx, describeApiGroupReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'apigateway.DescribeApiGroup'\", slog.Any(\"request\", describeApiGroupReq), slog.Any(\"response\", describeApiGroupResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'apigateway.DescribeApiGroup': %w\", err)\n\t}\n\n\tfor _, domainItem := range describeApiGroupResp.Body.CustomDomains.DomainItem {\n\t\tif strings.EqualFold(tea.StringValue(domainItem.DomainBindingStatus), \"BINDING\") {\n\t\t\tdomains = append(domains, tea.StringValue(domainItem.DomainName))\n\t\t}\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) getCloudNativeAllDomainsByGatewayId(ctx context.Context, cloudGatewayId string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-listdomains\n\tlistDomainsPageNumber := 1\n\tlistDomainsPageSize := 10\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainsReq := &aliapig.ListDomainsRequest{\n\t\t\tResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\t\tGatewayId: tea.String(cloudGatewayId),\n\t\t\tPageNumber: tea.Int32(int32(listDomainsPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(listDomainsPageSize)),\n\t\t}\n\t\tlistDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomainsWithContext(ctx, listDomainsReq, make(map[string]*string), &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'apig.ListDomains'\", slog.Any(\"request\", listDomainsReq), slog.Any(\"response\", listDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'apig.ListDomains': %w\", err)\n\t\t}\n\n\t\tif listDomainsResp.Body == nil || listDomainsResp.Body.Data == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range listDomainsResp.Body.Data.Items {\n\t\t\tif strings.EqualFold(tea.StringValue(domainItem.Status), \"Published\") {\n\t\t\t\tdomains = append(domains, tea.StringValue(domainItem.Name))\n\t\t\t}\n\t\t}\n\n\t\tif len(listDomainsResp.Body.Data.Items) < listDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateTraditionalDomainCertificate(ctx context.Context, cloudGroupId string, domain string, certPEM, privkeyPEM string) error {\n\t// 为自定义域名添加 SSL 证书\n\t// REF: https://help.aliyun.com/zh/api-gateway/traditional-api-gateway/developer-reference/api-cloudapi-2016-07-14-setdomaincertificate\n\tsetDomainCertificateReq := &alicloudapi.SetDomainCertificateRequest{\n\t\tGroupId: tea.String(cloudGroupId),\n\t\tDomainName: tea.String(domain),\n\t\tCertificateName: tea.String(fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())),\n\t\tCertificateBody: tea.String(certPEM),\n\t\tCertificatePrivateKey: tea.String(privkeyPEM),\n\t}\n\tsetDomainCertificateResp, err := d.sdkClients.TraditionalAPIGateway.SetDomainCertificateWithContext(ctx, setDomainCertificateReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'apigateway.SetDomainCertificate'\", slog.Any(\"request\", setDomainCertificateReq), slog.Any(\"response\", setDomainCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'apigateway.SetDomainCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateCloudNativeDomainCertificate(ctx context.Context, cloudGatewayId string, domain string, cloudCertId string) error {\n\t// 获取域名 ID\n\tdomainId, err := d.findCloudNativeDomainIdByDomain(ctx, cloudGatewayId, domain)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 查询域名\n\t// REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-getdomain\n\tgetDomainReq := &aliapig.GetDomainRequest{}\n\tgetDomainResp, err := d.sdkClients.CloudNativeAPIGateway.GetDomainWithContext(ctx, tea.String(domainId), getDomainReq, make(map[string]*string), &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'apig.GetDomain'\", slog.String(\"domainId\", domainId), slog.Any(\"request\", getDomainReq), slog.Any(\"response\", getDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'apig.GetDomain': %w\", err)\n\t}\n\n\t// 更新域名\n\t// REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-updatedomain\n\tupdateDomainReq := &aliapig.UpdateDomainRequest{\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tForceHttps: getDomainResp.Body.Data.ForceHttps,\n\t\tMTLSEnabled: getDomainResp.Body.Data.MTLSEnabled,\n\t\tHttp2Option: getDomainResp.Body.Data.Http2Option,\n\t\tTlsMin: getDomainResp.Body.Data.TlsMin,\n\t\tTlsMax: getDomainResp.Body.Data.TlsMax,\n\t\tTlsCipherSuitesConfig: getDomainResp.Body.Data.TlsCipherSuitesConfig,\n\t\tCertIdentifier: tea.String(cloudCertId),\n\t}\n\tupdateDomainResp, err := d.sdkClients.CloudNativeAPIGateway.UpdateDomainWithContext(ctx, tea.String(domainId), updateDomainReq, make(map[string]*string), &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'apig.UpdateDomain'\", slog.String(\"domainId\", domainId), slog.Any(\"request\", updateDomainReq), slog.Any(\"response\", updateDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'apig.UpdateDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) findCloudNativeDomainIdByDomain(ctx context.Context, cloudGatewayId string, domain string) (string, error) {\n\t// 查询域名列表\n\t// REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-listdomains\n\tlistDomainsPageNumber := 1\n\tlistDomainsPageSize := 10\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn \"\", ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainsReq := &aliapig.ListDomainsRequest{\n\t\t\tResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\t\tGatewayId: tea.String(cloudGatewayId),\n\t\t\tNameLike: tea.String(domain),\n\t\t\tPageNumber: tea.Int32(int32(listDomainsPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(listDomainsPageSize)),\n\t\t}\n\t\tlistDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomainsWithContext(ctx, listDomainsReq, make(map[string]*string), &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'apig.ListDomains'\", slog.Any(\"request\", listDomainsReq), slog.Any(\"response\", listDomainsResp))\n\t\tif err != nil {\n\t\t\treturn \"\", fmt.Errorf(\"failed to execute sdk request 'apig.ListDomains': %w\", err)\n\t\t}\n\n\t\tif listDomainsResp.Body == nil || listDomainsResp.Body.Data == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range listDomainsResp.Body.Data.Items {\n\t\t\tif strings.EqualFold(tea.StringValue(domainItem.Name), domain) {\n\t\t\t\treturn tea.StringValue(domainItem.DomainId), nil\n\t\t\t}\n\t\t}\n\n\t\tif len(listDomainsResp.Body.Data.Items) < listDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainsPageNumber++\n\t}\n\n\treturn \"\", fmt.Errorf(\"could not find domain '%s'\", domain)\n}\n\nfunc createSDKClients(accessKeyId, accessKeySecret, region string) (*wSDKClients, error) {\n\t// 接入点一览 https://api.aliyun.com/product/APIG\n\tvar cloudNativeAPIGEndpoint string\n\tswitch region {\n\tcase \"\":\n\t\tcloudNativeAPIGEndpoint = \"apig.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\tcloudNativeAPIGEndpoint = fmt.Sprintf(\"apig.%s.aliyuncs.com\", region)\n\t}\n\n\tcloudNativeAPIGConfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(cloudNativeAPIGEndpoint),\n\t}\n\tcloudNativeAPIGClient, err := internal.NewApigClient(cloudNativeAPIGConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 接入点一览 https://api.aliyun.com/product/CloudAPI\n\tvar traditionalAPIGEndpoint string\n\tswitch region {\n\tcase \"\":\n\t\ttraditionalAPIGEndpoint = \"apigateway.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\ttraditionalAPIGEndpoint = fmt.Sprintf(\"apigateway.%s.aliyuncs.com\", region)\n\t}\n\n\ttraditionalAPIGConfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(traditionalAPIGEndpoint),\n\t}\n\ttraditionalAPIGClient, err := internal.NewCloudapiClient(traditionalAPIGConfig)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &wSDKClients{\n\t\tCloudNativeAPIGateway: cloudNativeAPIGClient,\n\t\tTraditionalAPIGateway: traditionalAPIGClient,\n\t}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go",
"content": "package aliyunapigw_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-apigw\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfServiceType string\n\tfGatewayId string\n\tfGroupId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNAPIGW_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fGatewayId, argsPrefix+\"GATEWARYID\", \"\", \"\")\n\tflag.StringVar(&fGroupId, argsPrefix+\"GROUPID\", \"\", \"\")\n\tflag.StringVar(&fServiceType, argsPrefix+\"SERVICETYPE\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_apigw_test.go -args \\\n\t--ALIYUNAPIGW_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNAPIGW_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNAPIGW_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNAPIGW_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNAPIGW_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNAPIGW_SERVICETYPE=\"cloudnative\" \\\n\t--ALIYUNAPIGW_GATEWAYID=\"your-api-gateway-id\" \\\n\t--ALIYUNAPIGW_GROUPID=\"your-api-group-id\" \\\n\t--ALIYUNAPIGW_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"SERVICETYPE: %v\", fServiceType),\n\t\t\tfmt.Sprintf(\"GATEWAYID: %v\", fGatewayId),\n\t\t\tfmt.Sprintf(\"GROUPID: %v\", fGroupId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tServiceType: fServiceType,\n\t\t\tGatewayId: fGatewayId,\n\t\t\tGroupId: fGroupId,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-apigw/consts.go",
"content": "package aliyunapigw\n\nconst (\n\t// 服务类型:原 API 网关。\n\tSERVICE_TYPE_TRADITIONAL = \"traditional\"\n\t// 服务类型:云原生 API 网关。\n\tSERVICE_TYPE_CLOUDNATIVE = \"cloudnative\"\n)\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-apigw/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\taliapig \"github.com/alibabacloud-go/apig-20240327/v6/client\"\n\talicloudapi \"github.com/alibabacloud-go/cloudapi-20160714/v5/client\"\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/apig-20240327/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype ApigClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewApigClient(config *openapiutil.Config) (*ApigClient, error) {\n\tclient := new(ApigClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *ApigClient) GetDomainWithContext(ctx context.Context, domainId *string, request *aliapig.GetDomainRequest, headers map[string]*string, runtime *dara.RuntimeOptions) (_result *aliapig.GetDomainResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.WithStatistics) {\n\t\tquery[\"withStatistics\"] = request.WithStatistics\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tHeaders: headers,\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"GetDomain\"),\n\t\tVersion: dara.String(\"2024-03-27\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/v1/domains/\" + dara.PercentEncode(dara.StringValue(domainId))),\n\t\tMethod: dara.String(\"GET\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"ROA\"),\n\t\tReqBodyType: dara.String(\"json\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliapig.GetDomainResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *ApigClient) ListDomainsWithContext(ctx context.Context, request *aliapig.ListDomainsRequest, headers map[string]*string, runtime *dara.RuntimeOptions) (_result *aliapig.ListDomainsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.GatewayId) {\n\t\tquery[\"gatewayId\"] = request.GatewayId\n\t}\n\n\tif !dara.IsNil(request.GatewayType) {\n\t\tquery[\"gatewayType\"] = request.GatewayType\n\t}\n\n\tif !dara.IsNil(request.NameLike) {\n\t\tquery[\"nameLike\"] = request.NameLike\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"pageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"pageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"resourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tHeaders: headers,\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ListDomains\"),\n\t\tVersion: dara.String(\"2024-03-27\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/v1/domains\"),\n\t\tMethod: dara.String(\"GET\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"ROA\"),\n\t\tReqBodyType: dara.String(\"json\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliapig.ListDomainsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *ApigClient) UpdateDomainWithContext(ctx context.Context, domainId *string, request *aliapig.UpdateDomainRequest, headers map[string]*string, runtime *dara.RuntimeOptions) (_result *aliapig.UpdateDomainResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tbody := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CaCertIdentifier) {\n\t\tbody[\"caCertIdentifier\"] = request.CaCertIdentifier\n\t}\n\n\tif !dara.IsNil(request.CertIdentifier) {\n\t\tbody[\"certIdentifier\"] = request.CertIdentifier\n\t}\n\n\tif !dara.IsNil(request.ClientCACert) {\n\t\tbody[\"clientCACert\"] = request.ClientCACert\n\t}\n\n\tif !dara.IsNil(request.ForceHttps) {\n\t\tbody[\"forceHttps\"] = request.ForceHttps\n\t}\n\n\tif !dara.IsNil(request.Http2Option) {\n\t\tbody[\"http2Option\"] = request.Http2Option\n\t}\n\n\tif !dara.IsNil(request.MTLSEnabled) {\n\t\tbody[\"mTLSEnabled\"] = request.MTLSEnabled\n\t}\n\n\tif !dara.IsNil(request.Protocol) {\n\t\tbody[\"protocol\"] = request.Protocol\n\t}\n\n\tif !dara.IsNil(request.TlsCipherSuitesConfig) {\n\t\tbody[\"tlsCipherSuitesConfig\"] = request.TlsCipherSuitesConfig\n\t}\n\n\tif !dara.IsNil(request.TlsMax) {\n\t\tbody[\"tlsMax\"] = request.TlsMax\n\t}\n\n\tif !dara.IsNil(request.TlsMin) {\n\t\tbody[\"tlsMin\"] = request.TlsMin\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tHeaders: headers,\n\t\tBody: openapiutil.ParseToMap(body),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"UpdateDomain\"),\n\t\tVersion: dara.String(\"2024-03-27\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/v1/domains/\" + dara.PercentEncode(dara.StringValue(domainId))),\n\t\tMethod: dara.String(\"PUT\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"ROA\"),\n\t\tReqBodyType: dara.String(\"json\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliapig.UpdateDomainResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\n// This is a partial copy of https://github.com/alibabacloud-go/cloudapi-20160714/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype CloudapiClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewCloudapiClient(config *openapiutil.Config) (*CloudapiClient, error) {\n\tclient := new(CloudapiClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *CloudapiClient) DescribeApiGroupWithContext(ctx context.Context, request *alicloudapi.DescribeApiGroupRequest, runtime *dara.RuntimeOptions) (_result *alicloudapi.DescribeApiGroupResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.GroupId) {\n\t\tquery[\"GroupId\"] = request.GroupId\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeApiGroup\"),\n\t\tVersion: dara.String(\"2016-07-14\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicloudapi.DescribeApiGroupResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *CloudapiClient) SetDomainCertificateWithContext(ctx context.Context, request *alicloudapi.SetDomainCertificateRequest, runtime *dara.RuntimeOptions) (_result *alicloudapi.SetDomainCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CaCertificateBody) {\n\t\tquery[\"CaCertificateBody\"] = request.CaCertificateBody\n\t}\n\n\tif !dara.IsNil(request.CertificateBody) {\n\t\tquery[\"CertificateBody\"] = request.CertificateBody\n\t}\n\n\tif !dara.IsNil(request.CertificateName) {\n\t\tquery[\"CertificateName\"] = request.CertificateName\n\t}\n\n\tif !dara.IsNil(request.CertificatePrivateKey) {\n\t\tquery[\"CertificatePrivateKey\"] = request.CertificatePrivateKey\n\t}\n\n\tif !dara.IsNil(request.ClientCertSDnPassThrough) {\n\t\tquery[\"ClientCertSDnPassThrough\"] = request.ClientCertSDnPassThrough\n\t}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.GroupId) {\n\t\tquery[\"GroupId\"] = request.GroupId\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\tif !dara.IsNil(request.SslOcspCacheEnable) {\n\t\tquery[\"SslOcspCacheEnable\"] = request.SslOcspCacheEnable\n\t}\n\n\tif !dara.IsNil(request.SslOcspEnable) {\n\t\tquery[\"SslOcspEnable\"] = request.SslOcspEnable\n\t}\n\n\tif !dara.IsNil(request.SslVerifyDepth) {\n\t\tquery[\"SslVerifyDepth\"] = request.SslVerifyDepth\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetDomainCertificate\"),\n\t\tVersion: dara.String(\"2016-07-14\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicloudapi.SetDomainCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-cas/aliyun_cas.go",
"content": "package aliyuncas\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-cas-deploy/aliyun_cas_deploy.go",
"content": "package aliyuncasdeploy\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\talicas \"github.com/alibabacloud-go/cas-20200407/v4/client\"\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-cas-deploy/internal\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 云产品资源 ID 数组。\n\tResourceIds []string `json:\"resourceIds\"`\n\t// 云联系人 ID 数组。\n\t// 零值时使用账号下第一个联系人。\n\tContactIds []string `json:\"contactIds\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CasClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif len(d.config.ResourceIds) == 0 {\n\t\treturn nil, errors.New(\"config `resourceIds` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\tcontactIds := d.config.ContactIds\n\tif len(contactIds) == 0 {\n\t\t// 获取联系人列表\n\t\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listcontact\n\t\tlistContactReq := &alicas.ListContactRequest{\n\t\t\tShowSize: tea.Int32(1),\n\t\t\tCurrentPage: tea.Int32(1),\n\t\t}\n\t\tlistContactResp, err := d.sdkClient.ListContactWithContext(ctx, listContactReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'cas.ListContact'\", slog.Any(\"request\", listContactReq), slog.Any(\"response\", listContactResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cas.ListContact': %w\", err)\n\t\t}\n\n\t\tif len(listContactResp.Body.ContactList) > 0 {\n\t\t\tcontactIds = []string{fmt.Sprintf(\"%d\", listContactResp.Body.ContactList[0].ContactId)}\n\t\t}\n\t}\n\n\t// 创建部署任务\n\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-createdeploymentjob\n\tcreateDeploymentJobReq := &alicas.CreateDeploymentJobRequest{\n\t\tName: tea.String(fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())),\n\t\tJobType: tea.String(\"user\"),\n\t\tCertIds: tea.String(upres.CertId),\n\t\tResourceIds: tea.String(strings.Join(d.config.ResourceIds, \",\")),\n\t\tContactIds: tea.String(strings.Join(contactIds, \",\")),\n\t}\n\tcreateDeploymentJobResp, err := d.sdkClient.CreateDeploymentJobWithContext(ctx, createDeploymentJobReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'cas.CreateDeploymentJob'\", slog.Any(\"request\", createDeploymentJobReq), slog.Any(\"response\", createDeploymentJobResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cas.CreateDeploymentJob': %w\", err)\n\t}\n\n\t// 获取部署任务详情,等待任务状态变更\n\t// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-describedeploymentjob\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tdescribeDeploymentJobReq := &alicas.DescribeDeploymentJobRequest{\n\t\t\tJobId: createDeploymentJobResp.Body.JobId,\n\t\t}\n\t\tdescribeDeploymentJobResp, err := d.sdkClient.DescribeDeploymentJobWithContext(ctx, describeDeploymentJobReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'cas.DescribeDeploymentJob'\", slog.Any(\"request\", describeDeploymentJobReq), slog.Any(\"response\", describeDeploymentJobResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'cas.DescribeDeploymentJob': %w\", err)\n\t\t}\n\n\t\tswitch tea.StringValue(describeDeploymentJobResp.Body.Status) {\n\t\tcase \"success\", \"error\":\n\t\t\treturn true, nil\n\t\tcase \"\", \"editing\":\n\t\t\treturn false, fmt.Errorf(\"unexpected aliyun deployment job status\")\n\t\t}\n\n\t\td.logger.Info(\"waiting for aliyun deployment job completion ...\")\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.CasClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/cas\n\tvar endpoint string\n\tswitch region {\n\tcase \"\", \"cn-hangzhou\":\n\t\tendpoint = \"cas.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"cas.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewCasClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-cas-deploy/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\talicas \"github.com/alibabacloud-go/cas-20200407/v4/client\"\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/cas-20200407/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype CasClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewCasClient(config *openapiutil.Config) (*CasClient, error) {\n\tclient := new(CasClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *CasClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *CasClient) CreateDeploymentJobWithContext(ctx context.Context, request *alicas.CreateDeploymentJobRequest, runtime *dara.RuntimeOptions) (_result *alicas.CreateDeploymentJobResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertIds) {\n\t\tquery[\"CertIds\"] = request.CertIds\n\t}\n\n\tif !dara.IsNil(request.ContactIds) {\n\t\tquery[\"ContactIds\"] = request.ContactIds\n\t}\n\n\tif !dara.IsNil(request.JobType) {\n\t\tquery[\"JobType\"] = request.JobType\n\t}\n\n\tif !dara.IsNil(request.Name) {\n\t\tquery[\"Name\"] = request.Name\n\t}\n\n\tif !dara.IsNil(request.ResourceIds) {\n\t\tquery[\"ResourceIds\"] = request.ResourceIds\n\t}\n\n\tif !dara.IsNil(request.ScheduleTime) {\n\t\tquery[\"ScheduleTime\"] = request.ScheduleTime\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"CreateDeploymentJob\"),\n\t\tVersion: dara.String(\"2020-04-07\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicas.CreateDeploymentJobResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *CasClient) DescribeDeploymentJobWithContext(ctx context.Context, request *alicas.DescribeDeploymentJobRequest, runtime *dara.RuntimeOptions) (_result *alicas.DescribeDeploymentJobResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.JobId) {\n\t\tquery[\"JobId\"] = request.JobId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeDeploymentJob\"),\n\t\tVersion: dara.String(\"2020-04-07\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicas.DescribeDeploymentJobResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *CasClient) ListContactWithContext(ctx context.Context, request *alicas.ListContactRequest, runtime *dara.RuntimeOptions) (_result *alicas.ListContactResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CurrentPage) {\n\t\tquery[\"CurrentPage\"] = request.CurrentPage\n\t}\n\n\tif !dara.IsNil(request.Keyword) {\n\t\tquery[\"Keyword\"] = request.Keyword\n\t}\n\n\tif !dara.IsNil(request.ShowSize) {\n\t\tquery[\"ShowSize\"] = request.ShowSize\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ListContact\"),\n\t\tVersion: dara.String(\"2020-04-07\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicas.ListContactResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn.go",
"content": "package aliyuncdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\talicdn \"github.com/alibabacloud-go/cdn-20180510/v9/client\"\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-cdn/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\t// \"*.example.com\" → \".example.com\",适配阿里云 CDN 要求的泛域名格式\n\t\t\tdomain := strings.TrimPrefix(d.config.Domain, \"*\")\n\t\t\tdomains = []string{domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain) ||\n\t\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil ||\n\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tcertIdentifier := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\tcertIdentifierSeps := strings.SplitN(certIdentifier, \"-\", 2)\n\t\tif len(certIdentifierSeps) != 2 {\n\t\t\treturn nil, fmt.Errorf(\"received invalid certificate identifier: '%s'\", certIdentifier)\n\t\t}\n\n\t\tcertId, _ := strconv.ParseInt(certIdentifierSeps[0], 10, 64)\n\t\tcertRegion := certIdentifierSeps[1]\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certId, certRegion); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://help.aliyun.com/zh/cdn/developer-reference/api-cdn-2018-05-10-describeuserdomains\n\tdescribeUserDomainsPageNumber := 1\n\tdescribeUserDomainsPageSize := 500\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeUserDomainsReq := &alicdn.DescribeUserDomainsRequest{\n\t\t\tResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\t\tPageNumber: tea.Int32(int32(describeUserDomainsPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(describeUserDomainsPageSize)),\n\t\t}\n\t\tdescribeUserDomainsResp, err := d.sdkClient.DescribeUserDomainsWithContext(ctx, describeUserDomainsReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'cdn.DescribeUserDomains'\", slog.Any(\"request\", describeUserDomainsReq), slog.Any(\"response\", describeUserDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeUserDomains': %w\", err)\n\t\t}\n\n\t\tif describeUserDomainsResp.Body == nil || describeUserDomainsResp.Body.Domains == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []string{\"offline\", \"checking\", \"check_failed\", \"stopping\", \"deleting\"}\n\t\tfor _, domainItem := range describeUserDomainsResp.Body.Domains.PageData {\n\t\t\tif lo.Contains(ignoredStatuses, tea.StringValue(domainItem.DomainStatus)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, tea.StringValue(domainItem.DomainName))\n\t\t}\n\n\t\tif len(describeUserDomainsResp.Body.Domains.PageData) < describeUserDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeUserDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId int64, certRegion string) error {\n\t// 设置 CDN 域名域名证书\n\t// REF: https://help.aliyun.com/zh/cdn/developer-reference/api-cdn-2018-05-10-setcdndomainsslcertificate\n\tsetCdnDomainSSLCertificateReq := &alicdn.SetCdnDomainSSLCertificateRequest{\n\t\tDomainName: tea.String(domain),\n\t\tCertType: tea.String(\"cas\"),\n\t\tCertId: tea.Int64(cloudCertId),\n\t\tCertRegion: tea.String(certRegion),\n\t\tSSLProtocol: tea.String(\"on\"),\n\t}\n\tsetCdnDomainSSLCertificateResp, err := d.sdkClient.SetCdnDomainSSLCertificateWithContext(ctx, setCdnDomainSSLCertificateReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'cdn.SetCdnDomainSSLCertificate'\", slog.Any(\"request\", setCdnDomainSSLCertificateReq), slog.Any(\"response\", setCdnDomainSSLCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.CdnClient, error) {\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(\"cdn.aliyuncs.com\"),\n\t}\n\n\tclient, err := internal.NewCdnClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-cdn/aliyun_cdn_test.go",
"content": "package aliyuncdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_cdn_test.go -args \\\n\t--ALIYUNCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNCDN_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-cdn/consts.go",
"content": "package aliyuncdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-cdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\talicdn \"github.com/alibabacloud-go/cdn-20180510/v9/client\"\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/cdn-20180510/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype CdnClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewCdnClient(config *openapiutil.Config) (*CdnClient, error) {\n\tclient := new(CdnClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *CdnClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *CdnClient) DescribeUserDomainsWithContext(ctx context.Context, request *alicdn.DescribeUserDomainsRequest, runtime *dara.RuntimeOptions) (_result *alicdn.DescribeUserDomainsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CdnType) {\n\t\tquery[\"CdnType\"] = request.CdnType\n\t}\n\n\tif !dara.IsNil(request.ChangeEndTime) {\n\t\tquery[\"ChangeEndTime\"] = request.ChangeEndTime\n\t}\n\n\tif !dara.IsNil(request.ChangeStartTime) {\n\t\tquery[\"ChangeStartTime\"] = request.ChangeStartTime\n\t}\n\n\tif !dara.IsNil(request.CheckDomainShow) {\n\t\tquery[\"CheckDomainShow\"] = request.CheckDomainShow\n\t}\n\n\tif !dara.IsNil(request.Coverage) {\n\t\tquery[\"Coverage\"] = request.Coverage\n\t}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.DomainSearchType) {\n\t\tquery[\"DomainSearchType\"] = request.DomainSearchType\n\t}\n\n\tif !dara.IsNil(request.DomainStatus) {\n\t\tquery[\"DomainStatus\"] = request.DomainStatus\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\tif !dara.IsNil(request.Source) {\n\t\tquery[\"Source\"] = request.Source\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeUserDomains\"),\n\t\tVersion: dara.String(\"2018-05-10\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicdn.DescribeUserDomainsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *CdnClient) SetCdnDomainSSLCertificateWithContext(ctx context.Context, request *alicdn.SetCdnDomainSSLCertificateRequest, runtime *dara.RuntimeOptions) (_result *alicdn.SetCdnDomainSSLCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertId) {\n\t\tquery[\"CertId\"] = request.CertId\n\t}\n\n\tif !dara.IsNil(request.CertName) {\n\t\tquery[\"CertName\"] = request.CertName\n\t}\n\n\tif !dara.IsNil(request.CertRegion) {\n\t\tquery[\"CertRegion\"] = request.CertRegion\n\t}\n\n\tif !dara.IsNil(request.CertType) {\n\t\tquery[\"CertType\"] = request.CertType\n\t}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.SSLPri) {\n\t\tquery[\"SSLPri\"] = request.SSLPri\n\t}\n\n\tif !dara.IsNil(request.SSLProtocol) {\n\t\tquery[\"SSLProtocol\"] = request.SSLProtocol\n\t}\n\n\tif !dara.IsNil(request.SSLPub) {\n\t\tquery[\"SSLPub\"] = request.SSLPub\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetCdnDomainSSLCertificate\"),\n\t\tVersion: dara.String(\"2018-05-10\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alicdn.SetCdnDomainSSLCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-clb/aliyun_clb.go",
"content": "package aliyunclb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\talislb \"github.com/alibabacloud-go/slb-20140515/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-slb\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-clb/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听端口。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerPort int32 `json:\"listenerPort,omitempty\"`\n\t// SNI 域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.SlbClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询负载均衡实例的详细信息\n\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute\n\tdescribeLoadBalancerAttributeReq := &alislb.DescribeLoadBalancerAttributeRequest{\n\t\tRegionId: tea.String(d.config.Region),\n\t\tLoadBalancerId: tea.String(d.config.LoadbalancerId),\n\t}\n\tdescribeLoadBalancerAttributeResp, err := d.sdkClient.DescribeLoadBalancerAttributeWithContext(ctx, describeLoadBalancerAttributeReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'slb.DescribeLoadBalancerAttribute'\", slog.Any(\"request\", describeLoadBalancerAttributeReq), slog.Any(\"response\", describeLoadBalancerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'slb.DescribeLoadBalancerAttribute': %w\", err)\n\t}\n\n\t// 查询 HTTPS 监听列表\n\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners\n\tlistenerPorts := make([]int32, 0)\n\tdescribeLoadBalancerListenersToken := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeLoadBalancerListenersReq := &alislb.DescribeLoadBalancerListenersRequest{\n\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\tNextToken: describeLoadBalancerListenersToken,\n\t\t\tMaxResults: tea.Int32(100),\n\t\t\tLoadBalancerId: tea.StringSlice([]string{d.config.LoadbalancerId}),\n\t\t\tListenerProtocol: tea.String(\"https\"),\n\t\t}\n\t\tdescribeLoadBalancerListenersResp, err := d.sdkClient.DescribeLoadBalancerListenersWithContext(ctx, describeLoadBalancerListenersReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'slb.DescribeLoadBalancerListeners'\", slog.Any(\"request\", describeLoadBalancerListenersReq), slog.Any(\"response\", describeLoadBalancerListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'slb.DescribeLoadBalancerListeners': %w\", err)\n\t\t}\n\n\t\tif describeLoadBalancerListenersResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, listener := range describeLoadBalancerListenersResp.Body.Listeners {\n\t\t\tlistenerPorts = append(listenerPorts, *listener.ListenerPort)\n\t\t}\n\n\t\tif len(describeLoadBalancerListenersResp.Body.Listeners) == 0 || describeLoadBalancerListenersResp.Body.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeLoadBalancerListenersToken = describeLoadBalancerListenersResp.Body.NextToken\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listenerPorts) == 0 {\n\t\td.logger.Info(\"no clb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https listeners to deploy\", slog.Any(\"listenerPorts\", listenerPorts))\n\t\tvar errs []error\n\n\t\tfor _, listenerPort := range listenerPorts {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerPort, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\tif d.config.ListenerPort == 0 {\n\t\treturn errors.New(\"config `listenerPort` is required\")\n\t}\n\n\t// 更新监听\n\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, d.config.ListenerPort, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudListenerPort int32, cloudCertId string) error {\n\t// 查询监听配置\n\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerhttpslistenerattribute\n\tdescribeLoadBalancerHTTPSListenerAttributeReq := &alislb.DescribeLoadBalancerHTTPSListenerAttributeRequest{\n\t\tLoadBalancerId: tea.String(cloudLoadbalancerId),\n\t\tListenerPort: tea.Int32(cloudListenerPort),\n\t}\n\tdescribeLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.DescribeLoadBalancerHTTPSListenerAttributeWithContext(ctx, describeLoadBalancerHTTPSListenerAttributeReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute'\", slog.Any(\"request\", describeLoadBalancerHTTPSListenerAttributeReq), slog.Any(\"response\", describeLoadBalancerHTTPSListenerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute': %w\", err)\n\t}\n\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\n\t\t// 修改监听配置\n\t\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute\n\t\tsetLoadBalancerHTTPSListenerAttributeReq := &alislb.SetLoadBalancerHTTPSListenerAttributeRequest{\n\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\tLoadBalancerId: tea.String(cloudLoadbalancerId),\n\t\t\tListenerPort: tea.Int32(cloudListenerPort),\n\t\t\tServerCertificateId: tea.String(cloudCertId),\n\t\t}\n\t\tsetLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttributeWithContext(ctx, setLoadBalancerHTTPSListenerAttributeReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'\", slog.Any(\"request\", setLoadBalancerHTTPSListenerAttributeReq), slog.Any(\"response\", setLoadBalancerHTTPSListenerAttributeResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展域名\n\n\t\t// 查询扩展域名\n\t\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions\n\t\tdescribeDomainExtensionsReq := &alislb.DescribeDomainExtensionsRequest{\n\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\tLoadBalancerId: tea.String(cloudLoadbalancerId),\n\t\t\tListenerPort: tea.Int32(cloudListenerPort),\n\t\t}\n\t\tdescribeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensionsWithContext(ctx, describeDomainExtensionsReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'slb.DescribeDomainExtensions'\", slog.Any(\"request\", describeDomainExtensionsReq), slog.Any(\"response\", describeDomainExtensionsResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'slb.DescribeDomainExtensions': %w\", err)\n\t\t}\n\n\t\t// 遍历修改扩展域名证书\n\t\t// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute\n\t\tif describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {\n\t\t\tvar errs []error\n\n\t\t\tfor _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {\n\t\t\t\tif *domainExtension.Domain != d.config.Domain {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tsetDomainExtensionAttributeReq := &alislb.SetDomainExtensionAttributeRequest{\n\t\t\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\t\t\tDomainExtensionId: tea.String(*domainExtension.DomainExtensionId),\n\t\t\t\t\tServerCertificateId: tea.String(cloudCertId),\n\t\t\t\t}\n\t\t\t\tsetDomainExtensionAttributeResp, err := d.sdkClient.SetDomainExtensionAttributeWithContext(ctx, setDomainExtensionAttributeReq, &dara.RuntimeOptions{})\n\t\t\t\td.logger.Debug(\"sdk request 'slb.SetDomainExtensionAttribute'\", slog.Any(\"request\", setDomainExtensionAttributeReq), slog.Any(\"response\", setDomainExtensionAttributeResp))\n\t\t\t\tif err != nil {\n\t\t\t\t\terrs = append(errs, fmt.Errorf(\"failed to execute sdk request 'slb.SetDomainExtensionAttribute': %w\", err))\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif len(errs) > 0 {\n\t\t\t\treturn errors.Join(errs...)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.SlbClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/Slb\n\tvar endpoint string\n\tswitch region {\n\tcase \"\",\n\t\t\"cn-hangzhou\",\n\t\t\"cn-hangzhou-finance\",\n\t\t\"cn-shanghai-finance-1\",\n\t\t\"cn-shenzhen-finance-1\":\n\t\tendpoint = \"slb.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"slb.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewSlbClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-clb/aliyun_clb_test.go",
"content": "package aliyunclb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-clb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfLoadbalancerId string\n\tfListenerPort int64\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNCLB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.Int64Var(&fListenerPort, argsPrefix+\"LISTENERPORT\", 443, \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_clb_test.go -args \\\n\t--ALIYUNCLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNCLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNCLB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNCLB_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNCLB_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNCLB_LOADBALANCERID=\"your-clb-instance-id\" \\\n\t--ALIYUNCLB_LISTENERPORT=443 \\\n\t--ALIYUNCLB_DOMAIN=\"your-clb-sni-domain\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToLoadbalancer\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"LISTENERPORT: %v\", fListenerPort),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tListenerPort: int32(fListenerPort),\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-clb/consts.go",
"content": "package aliyunclb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-clb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\talislb \"github.com/alibabacloud-go/slb-20140515/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/slb-20140515/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype SlbClient struct {\n\topenapi.Client\n}\n\nfunc NewSlbClient(config *openapi.Config) (*SlbClient, error) {\n\tclient := new(SlbClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *SlbClient) Init(config *openapi.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *SlbClient) DescribeDomainExtensionsWithContext(ctx context.Context, request *alislb.DescribeDomainExtensionsRequest, runtime *dara.RuntimeOptions) (_result *alislb.DescribeDomainExtensionsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.DomainExtensionId) {\n\t\tquery[\"DomainExtensionId\"] = request.DomainExtensionId\n\t}\n\n\tif !dara.IsNil(request.ListenerPort) {\n\t\tquery[\"ListenerPort\"] = request.ListenerPort\n\t}\n\n\tif !dara.IsNil(request.LoadBalancerId) {\n\t\tquery[\"LoadBalancerId\"] = request.LoadBalancerId\n\t}\n\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeDomainExtensions\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.DescribeDomainExtensionsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *SlbClient) DescribeLoadBalancerListenersWithContext(ctx context.Context, request *alislb.DescribeLoadBalancerListenersRequest, runtime *dara.RuntimeOptions) (_result *alislb.DescribeLoadBalancerListenersResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.Description) {\n\t\tquery[\"Description\"] = request.Description\n\t}\n\n\tif !dara.IsNil(request.ListenerPort) {\n\t\tquery[\"ListenerPort\"] = request.ListenerPort\n\t}\n\n\tif !dara.IsNil(request.ListenerProtocol) {\n\t\tquery[\"ListenerProtocol\"] = request.ListenerProtocol\n\t}\n\n\tif !dara.IsNil(request.LoadBalancerId) {\n\t\tquery[\"LoadBalancerId\"] = request.LoadBalancerId\n\t}\n\n\tif !dara.IsNil(request.MaxResults) {\n\t\tquery[\"MaxResults\"] = request.MaxResults\n\t}\n\n\tif !dara.IsNil(request.NextToken) {\n\t\tquery[\"NextToken\"] = request.NextToken\n\t}\n\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeLoadBalancerListeners\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.DescribeLoadBalancerListenersResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *SlbClient) DescribeLoadBalancerAttributeWithContext(ctx context.Context, request *alislb.DescribeLoadBalancerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alislb.DescribeLoadBalancerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.LoadBalancerId) {\n\t\tquery[\"LoadBalancerId\"] = request.LoadBalancerId\n\t}\n\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeLoadBalancerAttribute\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.DescribeLoadBalancerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *SlbClient) DescribeLoadBalancerHTTPSListenerAttributeWithContext(ctx context.Context, request *alislb.DescribeLoadBalancerHTTPSListenerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alislb.DescribeLoadBalancerHTTPSListenerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.ListenerPort) {\n\t\tquery[\"ListenerPort\"] = request.ListenerPort\n\t}\n\n\tif !dara.IsNil(request.LoadBalancerId) {\n\t\tquery[\"LoadBalancerId\"] = request.LoadBalancerId\n\t}\n\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeLoadBalancerHTTPSListenerAttribute\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.DescribeLoadBalancerHTTPSListenerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *SlbClient) SetDomainExtensionAttributeWithContext(ctx context.Context, request *alislb.SetDomainExtensionAttributeRequest, runtime *dara.RuntimeOptions) (_result *alislb.SetDomainExtensionAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.DomainExtensionId) {\n\t\tquery[\"DomainExtensionId\"] = request.DomainExtensionId\n\t}\n\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\tif !dara.IsNil(request.ServerCertificateId) {\n\t\tquery[\"ServerCertificateId\"] = request.ServerCertificateId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetDomainExtensionAttribute\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.SetDomainExtensionAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *SlbClient) SetLoadBalancerHTTPSListenerAttributeWithContext(ctx context.Context, request *alislb.SetLoadBalancerHTTPSListenerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alislb.SetLoadBalancerHTTPSListenerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.AclId) {\n\t\tquery[\"AclId\"] = request.AclId\n\t}\n\n\tif !dara.IsNil(request.AclStatus) {\n\t\tquery[\"AclStatus\"] = request.AclStatus\n\t}\n\n\tif !dara.IsNil(request.AclType) {\n\t\tquery[\"AclType\"] = request.AclType\n\t}\n\n\tif !dara.IsNil(request.Bandwidth) {\n\t\tquery[\"Bandwidth\"] = request.Bandwidth\n\t}\n\n\tif !dara.IsNil(request.CACertificateId) {\n\t\tquery[\"CACertificateId\"] = request.CACertificateId\n\t}\n\n\tif !dara.IsNil(request.Cookie) {\n\t\tquery[\"Cookie\"] = request.Cookie\n\t}\n\n\tif !dara.IsNil(request.CookieTimeout) {\n\t\tquery[\"CookieTimeout\"] = request.CookieTimeout\n\t}\n\n\tif !dara.IsNil(request.Description) {\n\t\tquery[\"Description\"] = request.Description\n\t}\n\n\tif !dara.IsNil(request.EnableHttp2) {\n\t\tquery[\"EnableHttp2\"] = request.EnableHttp2\n\t}\n\n\tif !dara.IsNil(request.Gzip) {\n\t\tquery[\"Gzip\"] = request.Gzip\n\t}\n\n\tif !dara.IsNil(request.HealthCheck) {\n\t\tquery[\"HealthCheck\"] = request.HealthCheck\n\t}\n\n\tif !dara.IsNil(request.HealthCheckConnectPort) {\n\t\tquery[\"HealthCheckConnectPort\"] = request.HealthCheckConnectPort\n\t}\n\n\tif !dara.IsNil(request.HealthCheckDomain) {\n\t\tquery[\"HealthCheckDomain\"] = request.HealthCheckDomain\n\t}\n\n\tif !dara.IsNil(request.HealthCheckHttpCode) {\n\t\tquery[\"HealthCheckHttpCode\"] = request.HealthCheckHttpCode\n\t}\n\n\tif !dara.IsNil(request.HealthCheckInterval) {\n\t\tquery[\"HealthCheckInterval\"] = request.HealthCheckInterval\n\t}\n\n\tif !dara.IsNil(request.HealthCheckMethod) {\n\t\tquery[\"HealthCheckMethod\"] = request.HealthCheckMethod\n\t}\n\n\tif !dara.IsNil(request.HealthCheckTimeout) {\n\t\tquery[\"HealthCheckTimeout\"] = request.HealthCheckTimeout\n\t}\n\n\tif !dara.IsNil(request.HealthCheckURI) {\n\t\tquery[\"HealthCheckURI\"] = request.HealthCheckURI\n\t}\n\n\tif !dara.IsNil(request.HealthyThreshold) {\n\t\tquery[\"HealthyThreshold\"] = request.HealthyThreshold\n\t}\n\n\tif !dara.IsNil(request.IdleTimeout) {\n\t\tquery[\"IdleTimeout\"] = request.IdleTimeout\n\t}\n\n\tif !dara.IsNil(request.ListenerPort) {\n\t\tquery[\"ListenerPort\"] = request.ListenerPort\n\t}\n\n\tif !dara.IsNil(request.LoadBalancerId) {\n\t\tquery[\"LoadBalancerId\"] = request.LoadBalancerId\n\t}\n\n\tif !dara.IsNil(request.OwnerAccount) {\n\t\tquery[\"OwnerAccount\"] = request.OwnerAccount\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.RequestTimeout) {\n\t\tquery[\"RequestTimeout\"] = request.RequestTimeout\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerAccount) {\n\t\tquery[\"ResourceOwnerAccount\"] = request.ResourceOwnerAccount\n\t}\n\n\tif !dara.IsNil(request.ResourceOwnerId) {\n\t\tquery[\"ResourceOwnerId\"] = request.ResourceOwnerId\n\t}\n\n\tif !dara.IsNil(request.Scheduler) {\n\t\tquery[\"Scheduler\"] = request.Scheduler\n\t}\n\n\tif !dara.IsNil(request.ServerCertificateId) {\n\t\tquery[\"ServerCertificateId\"] = request.ServerCertificateId\n\t}\n\n\tif !dara.IsNil(request.StickySession) {\n\t\tquery[\"StickySession\"] = request.StickySession\n\t}\n\n\tif !dara.IsNil(request.StickySessionType) {\n\t\tquery[\"StickySessionType\"] = request.StickySessionType\n\t}\n\n\tif !dara.IsNil(request.TLSCipherPolicy) {\n\t\tquery[\"TLSCipherPolicy\"] = request.TLSCipherPolicy\n\t}\n\n\tif !dara.IsNil(request.UnhealthyThreshold) {\n\t\tquery[\"UnhealthyThreshold\"] = request.UnhealthyThreshold\n\t}\n\n\tif !dara.IsNil(request.VServerGroup) {\n\t\tquery[\"VServerGroup\"] = request.VServerGroup\n\t}\n\n\tif !dara.IsNil(request.VServerGroupId) {\n\t\tquery[\"VServerGroupId\"] = request.VServerGroupId\n\t}\n\n\tif !dara.IsNil(request.XForwardedFor) {\n\t\tquery[\"XForwardedFor\"] = request.XForwardedFor\n\t}\n\n\tif !dara.IsNil(request.XForwardedFor_ClientSrcPort) {\n\t\tquery[\"XForwardedFor_ClientSrcPort\"] = request.XForwardedFor_ClientSrcPort\n\t}\n\n\tif !dara.IsNil(request.XForwardedFor_SLBID) {\n\t\tquery[\"XForwardedFor_SLBID\"] = request.XForwardedFor_SLBID\n\t}\n\n\tif !dara.IsNil(request.XForwardedFor_SLBIP) {\n\t\tquery[\"XForwardedFor_SLBIP\"] = request.XForwardedFor_SLBIP\n\t}\n\n\tif !dara.IsNil(request.XForwardedFor_SLBPORT) {\n\t\tquery[\"XForwardedFor_SLBPORT\"] = request.XForwardedFor_SLBPORT\n\t}\n\n\tif !dara.IsNil(request.XForwardedFor_proto) {\n\t\tquery[\"XForwardedFor_proto\"] = request.XForwardedFor_proto\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetLoadBalancerHTTPSListenerAttribute\"),\n\t\tVersion: dara.String(\"2014-05-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alislb.SetLoadBalancerHTTPSListenerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn.go",
"content": "package aliyundcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\talidcdn \"github.com/alibabacloud-go/dcdn-20180115/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-dcdn/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.DcdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\t// \"*.example.com\" → \".example.com\",适配阿里云 DCDN 要求的泛域名格式\n\t\t\tdomain := strings.TrimPrefix(d.config.Domain, \"*\")\n\t\t\tdomains = []string{domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain) ||\n\t\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil ||\n\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no dcdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found dcdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tcertIdentifier := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\tcertIdentifierSeps := strings.SplitN(certIdentifier, \"-\", 2)\n\t\tif len(certIdentifierSeps) != 2 {\n\t\t\treturn nil, fmt.Errorf(\"received invalid certificate identifier: '%s'\", certIdentifier)\n\t\t}\n\n\t\tcertId, _ := strconv.ParseInt(certIdentifierSeps[0], 10, 64)\n\t\tcertRegion := certIdentifierSeps[1]\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certId, certRegion); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://help.aliyun.com/zh/edge-security-acceleration/dcdn/developer-reference/api-dcdn-2018-01-15-describedcdnuserdomains\n\tdescribeUserDomainsPageNumber := 1\n\tdescribeUserDomainsPageSize := 500\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeDcdnUserDomainsReq := &alidcdn.DescribeDcdnUserDomainsRequest{\n\t\t\tResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\t\tCheckDomainShow: tea.Bool(true),\n\t\t\tPageNumber: tea.Int32(int32(describeUserDomainsPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(describeUserDomainsPageSize)),\n\t\t}\n\t\tdescribeDcdnUserDomainsResp, err := d.sdkClient.DescribeDcdnUserDomainsWithContext(ctx, describeDcdnUserDomainsReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'dcdn.DescribeDcdnUserDomains'\", slog.Any(\"request\", describeDcdnUserDomainsReq), slog.Any(\"response\", describeDcdnUserDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'dcdn.DescribeDcdnUserDomains': %w\", err)\n\t\t}\n\n\t\tif describeDcdnUserDomainsResp.Body == nil || describeDcdnUserDomainsResp.Body.Domains == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []string{\"offline\", \"checking\", \"check_failed\", \"stopping\", \"deleting\"}\n\t\tfor _, domainItem := range describeDcdnUserDomainsResp.Body.Domains.PageData {\n\t\t\tif lo.Contains(ignoredStatuses, tea.StringValue(domainItem.DomainStatus)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, tea.StringValue(domainItem.DomainName))\n\t\t}\n\n\t\tif len(describeDcdnUserDomainsResp.Body.Domains.PageData) < describeUserDomainsPageNumber {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeUserDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId int64, certRegion string) error {\n\t// 配置域名证书\n\t// REF: https://help.aliyun.com/zh/edge-security-acceleration/dcdn/developer-reference/api-dcdn-2018-01-15-setdcdndomainsslcertificate\n\tsetDcdnDomainSSLCertificateReq := &alidcdn.SetDcdnDomainSSLCertificateRequest{\n\t\tDomainName: tea.String(domain),\n\t\tCertType: tea.String(\"cas\"),\n\t\tCertId: tea.Int64(cloudCertId),\n\t\tCertRegion: tea.String(certRegion),\n\t\tSSLProtocol: tea.String(\"on\"),\n\t}\n\tsetDcdnDomainSSLCertificateResp, err := d.sdkClient.SetDcdnDomainSSLCertificateWithContext(ctx, setDcdnDomainSSLCertificateReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'dcdn.SetDcdnDomainSSLCertificate'\", slog.Any(\"request\", setDcdnDomainSSLCertificateReq), slog.Any(\"response\", setDcdnDomainSSLCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.DcdnClient, error) {\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(\"dcdn.aliyuncs.com\"),\n\t}\n\n\tclient, err := internal.NewDcdnClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-dcdn/aliyun_dcdn_test.go",
"content": "package aliyundcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-dcdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_dcdn_test.go -args \\\n\t--ALIYUNDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNDCDN_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-dcdn/consts.go",
"content": "package aliyundcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-dcdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\talidcdn \"github.com/alibabacloud-go/dcdn-20180115/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/dcdn-20180115/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype DcdnClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewDcdnClient(config *openapiutil.Config) (*DcdnClient, error) {\n\tclient := new(DcdnClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *DcdnClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *DcdnClient) DescribeDcdnUserDomainsWithContext(ctx context.Context, request *alidcdn.DescribeDcdnUserDomainsRequest, runtime *dara.RuntimeOptions) (_result *alidcdn.DescribeDcdnUserDomainsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.ChangeEndTime) {\n\t\tquery[\"ChangeEndTime\"] = request.ChangeEndTime\n\t}\n\n\tif !dara.IsNil(request.ChangeStartTime) {\n\t\tquery[\"ChangeStartTime\"] = request.ChangeStartTime\n\t}\n\n\tif !dara.IsNil(request.CheckDomainShow) {\n\t\tquery[\"CheckDomainShow\"] = request.CheckDomainShow\n\t}\n\n\tif !dara.IsNil(request.Coverage) {\n\t\tquery[\"Coverage\"] = request.Coverage\n\t}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.DomainSearchType) {\n\t\tquery[\"DomainSearchType\"] = request.DomainSearchType\n\t}\n\n\tif !dara.IsNil(request.DomainStatus) {\n\t\tquery[\"DomainStatus\"] = request.DomainStatus\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\tif !dara.IsNil(request.WebSiteType) {\n\t\tquery[\"WebSiteType\"] = request.WebSiteType\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeDcdnUserDomains\"),\n\t\tVersion: dara.String(\"2018-01-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alidcdn.DescribeDcdnUserDomainsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *DcdnClient) SetDcdnDomainSSLCertificateWithContext(ctx context.Context, request *alidcdn.SetDcdnDomainSSLCertificateRequest, runtime *dara.RuntimeOptions) (_result *alidcdn.SetDcdnDomainSSLCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertId) {\n\t\tquery[\"CertId\"] = request.CertId\n\t}\n\n\tif !dara.IsNil(request.CertName) {\n\t\tquery[\"CertName\"] = request.CertName\n\t}\n\n\tif !dara.IsNil(request.CertRegion) {\n\t\tquery[\"CertRegion\"] = request.CertRegion\n\t}\n\n\tif !dara.IsNil(request.CertType) {\n\t\tquery[\"CertType\"] = request.CertType\n\t}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.SSLPri) {\n\t\tquery[\"SSLPri\"] = request.SSLPri\n\t}\n\n\tif !dara.IsNil(request.SSLProtocol) {\n\t\tquery[\"SSLProtocol\"] = request.SSLProtocol\n\t}\n\n\tif !dara.IsNil(request.SSLPub) {\n\t\tquery[\"SSLPub\"] = request.SSLPub\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetDcdnDomainSSLCertificate\"),\n\t\tVersion: dara.String(\"2018-01-15\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alidcdn.SetDcdnDomainSSLCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ddospro/aliyun_ddospro.go",
"content": "package aliyunddospro\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\taliddoscoo \"github.com/alibabacloud-go/ddoscoo-20200101/v5/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-ddospro/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 网站域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.DdoscooClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no ddoscoo domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found ddoscoo domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tcertId := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询已配置网站业务转发规则的域名\n\t// REF: https://help.aliyun.com/zh/anti-ddos/anti-ddos-pro-and-premium/developer-reference/api-ddoscoo-2020-01-01-describedomains\n\tdescribeDomainsReq := &aliddoscoo.DescribeDomainsRequest{\n\t\tResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t}\n\tdescribeDomainsResp, err := d.sdkClient.DescribeDomainsWithContext(ctx, describeDomainsReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'aliddoscoo.DescribeLiveUserDomains'\", slog.Any(\"request\", describeDomainsReq), slog.Any(\"response\", describeDomainsResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'aliddoscoo.DescribeDomains': %w\", err)\n\t}\n\n\tfor _, domain := range describeDomainsResp.Body.Domains {\n\t\tdomains = append(domains, tea.StringValue(domain))\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 为网站业务转发规则关联 SSL 证书\n\t// REF: https://help.aliyun.com/zh/anti-ddos/anti-ddos-pro-and-premium/developer-reference/api-ddoscoo-2020-01-01-associatewebcert\n\tassociateWebCertReq := &aliddoscoo.AssociateWebCertRequest{\n\t\tDomain: tea.String(domain),\n\t\tCertIdentifier: tea.String(cloudCertId),\n\t}\n\tassociateWebCertResp, err := d.sdkClient.AssociateWebCertWithContext(ctx, associateWebCertReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'dcdn.AssociateWebCert'\", slog.Any(\"request\", associateWebCertReq), slog.Any(\"response\", associateWebCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'dcdn.AssociateWebCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.DdoscooClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/ddoscoo\n\tvar endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tendpoint = \"ddoscoo.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"ddoscoo.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewDdoscooClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ddospro/aliyun_ddospro_test.go",
"content": "package aliyunddospro_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-ddospro\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNDDOSPRO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_ddospro_test.go -args \\\n\t--ALIYUNDDOSPRO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNDDOSPRO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNDDOSPRO_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNDDOSPRO_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNDDOSPRO_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNDDOSPRO_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ddospro/consts.go",
"content": "package aliyunddospro\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ddospro/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\taliddoscoo \"github.com/alibabacloud-go/ddoscoo-20200101/v5/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/ddoscoo-20200101/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype DdoscooClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewDdoscooClient(config *openapiutil.Config) (*DdoscooClient, error) {\n\tclient := new(DdoscooClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *DdoscooClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *DdoscooClient) AssociateWebCertWithContext(ctx context.Context, request *aliddoscoo.AssociateWebCertRequest, runtime *dara.RuntimeOptions) (_result *aliddoscoo.AssociateWebCertResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tbody := map[string]interface{}{}\n\n\tif !dara.IsNil(request.Cert) {\n\t\tbody[\"Cert\"] = request.Cert\n\t}\n\n\tif !dara.IsNil(request.CertId) {\n\t\tbody[\"CertId\"] = request.CertId\n\t}\n\n\tif !dara.IsNil(request.CertIdentifier) {\n\t\tbody[\"CertIdentifier\"] = request.CertIdentifier\n\t}\n\n\tif !dara.IsNil(request.CertName) {\n\t\tbody[\"CertName\"] = request.CertName\n\t}\n\n\tif !dara.IsNil(request.CertRegion) {\n\t\tbody[\"CertRegion\"] = request.CertRegion\n\t}\n\n\tif !dara.IsNil(request.Domain) {\n\t\tbody[\"Domain\"] = request.Domain\n\t}\n\n\tif !dara.IsNil(request.Key) {\n\t\tbody[\"Key\"] = request.Key\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tBody: openapiutil.ParseToMap(body),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"AssociateWebCert\"),\n\t\tVersion: dara.String(\"2020-01-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliddoscoo.AssociateWebCertResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *DdoscooClient) DescribeDomainsWithContext(ctx context.Context, request *aliddoscoo.DescribeDomainsRequest, runtime *dara.RuntimeOptions) (_result *aliddoscoo.DescribeDomainsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.InstanceIds) {\n\t\tquery[\"InstanceIds\"] = request.InstanceIds\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeDomains\"),\n\t\tVersion: dara.String(\"2020-01-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliddoscoo.DescribeDomainsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-esa/aliyun_esa.go",
"content": "package aliyunesa\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\taliesa \"github.com/alibabacloud-go/esa-20240910/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-esa/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 阿里云 ESA 站点 ID。\n\tSiteId int64 `json:\"siteId\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.EsaClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.SiteId == 0 {\n\t\treturn nil, errors.New(\"config `siteId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 配置站点证书\n\t// REF: https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-setcertificate\n\tcertId, _ := strconv.ParseInt(upres.CertId, 10, 64)\n\tsetCertificateReq := &aliesa.SetCertificateRequest{\n\t\tSiteId: tea.Int64(d.config.SiteId),\n\t\tType: tea.String(\"cas\"),\n\t\tCasId: tea.Int64(certId),\n\t\tRegion: tea.String(d.config.Region),\n\t}\n\tsetCertificateResp, err := d.sdkClient.SetCertificateWithContext(ctx, setCertificateReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'esa.SetCertificate'\", slog.Any(\"request\", setCertificateReq), slog.Any(\"response\", setCertificateResp))\n\tif err != nil {\n\t\tvar sdkError *tea.SDKError\n\t\tif errors.As(err, &sdkError) {\n\t\t\tif tea.StringValue(sdkError.Code) == \"Certificate.Duplicated\" {\n\t\t\t\treturn &deployer.DeployResult{}, nil\n\t\t\t}\n\t\t}\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'esa.SetCertificate': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.EsaClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/ESA\n\tvar endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tendpoint = \"esa.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"esa.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewEsaClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-esa/aliyun_esa_test.go",
"content": "package aliyunesa_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-esa\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfSiteId int64\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNESA_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.Int64Var(&fSiteId, argsPrefix+\"SITEID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_esa_test.go -args \\\n\t--ALIYUNESA_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNESA_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNESA_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNESA_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNESA_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNESA_SITEID=\"your-esa-site-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"SITEID: %v\", fSiteId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tSiteId: fSiteId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-esa/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\taliesa \"github.com/alibabacloud-go/esa-20240910/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/esa-20240910/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype EsaClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewEsaClient(config *openapiutil.Config) (*EsaClient, error) {\n\tclient := new(EsaClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *EsaClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *EsaClient) SetCertificateWithContext(ctx context.Context, request *aliesa.SetCertificateRequest, runtime *dara.RuntimeOptions) (_result *aliesa.SetCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.KeyServerId) {\n\t\tquery[\"KeyServerId\"] = request.KeyServerId\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\tbody := map[string]interface{}{}\n\tif !dara.IsNil(request.CasId) {\n\t\tbody[\"CasId\"] = request.CasId\n\t}\n\n\tif !dara.IsNil(request.Certificate) {\n\t\tbody[\"Certificate\"] = request.Certificate\n\t}\n\n\tif !dara.IsNil(request.Id) {\n\t\tbody[\"Id\"] = request.Id\n\t}\n\n\tif !dara.IsNil(request.Name) {\n\t\tbody[\"Name\"] = request.Name\n\t}\n\n\tif !dara.IsNil(request.PrivateKey) {\n\t\tbody[\"PrivateKey\"] = request.PrivateKey\n\t}\n\n\tif !dara.IsNil(request.Region) {\n\t\tbody[\"Region\"] = request.Region\n\t}\n\n\tif !dara.IsNil(request.SiteId) {\n\t\tbody[\"SiteId\"] = request.SiteId\n\t}\n\n\tif !dara.IsNil(request.Type) {\n\t\tbody[\"Type\"] = request.Type\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t\tBody: openapiutil.ParseToMap(body),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetCertificate\"),\n\t\tVersion: dara.String(\"2024-09-10\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliesa.SetCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-esa-saas/aliyun_esasaas.go",
"content": "package aliyunesasaas\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\taliesa \"github.com/alibabacloud-go/esa-20240910/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-esa-saas/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 阿里云 ESA 站点 ID。\n\tSiteId int64 `json:\"siteId\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// SaaS 域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.EsaClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.SiteId == 0 {\n\t\treturn nil, errors.New(\"config `siteId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名 ID 列表\n\tvar hostnameIds []int64\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\thostnameCandidates, err := d.getAllHostnames(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\thostname, ok := lo.Find(hostnameCandidates, func(hostname *aliesa.ListCustomHostnamesResponseBodyHostnames) bool {\n\t\t\t\treturn d.config.Domain == tea.StringValue(hostname.Hostname)\n\t\t\t})\n\t\t\tif !ok {\n\t\t\t\treturn nil, fmt.Errorf(\"could not find hostname '%s'\", d.config.Domain)\n\t\t\t}\n\n\t\t\thostnameIds = []int64{tea.Int64Value(hostname.HostnameId)}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\thostnameCandidates, err := d.getAllHostnames(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\thostnames := lo.Filter(hostnameCandidates, func(hostname *aliesa.ListCustomHostnamesResponseBodyHostnames, _ int) bool {\n\t\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, tea.StringValue(hostname.Hostname))\n\t\t\t\t} else {\n\t\t\t\t\treturn d.config.Domain == tea.StringValue(hostname.Hostname)\n\t\t\t\t}\n\t\t\t})\n\t\t\tif len(hostnames) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any hostnames matched by wildcard\")\n\t\t\t}\n\n\t\t\thostnameIds = lo.Map(hostnames, func(hostname *aliesa.ListCustomHostnamesResponseBodyHostnames, _ int) int64 {\n\t\t\t\treturn tea.Int64Value(hostname.HostnameId)\n\t\t\t})\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\thostnameCandidates, err := d.getAllHostnames(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\thostnames := lo.Filter(hostnameCandidates, func(hostname *aliesa.ListCustomHostnamesResponseBodyHostnames, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(tea.StringValue(hostname.Hostname)) == nil\n\t\t\t})\n\t\t\tif len(hostnames) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any hostnames matched by certificate\")\n\t\t\t}\n\n\t\t\thostnameIds = lo.Map(hostnames, func(hostname *aliesa.ListCustomHostnamesResponseBodyHostnames, _ int) int64 {\n\t\t\t\treturn tea.Int64Value(hostname.HostnameId)\n\t\t\t})\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(hostnameIds) == 0 {\n\t\td.logger.Info(\"no esa saas hostnames to deploy\")\n\t} else {\n\t\td.logger.Info(\"found esa saas hostnames to deploy\", slog.Any(\"hostnameIds\", hostnameIds))\n\t\tvar errs []error\n\n\t\tcertIdentifier := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\tcertIdentifierSeps := strings.SplitN(certIdentifier, \"-\", 2)\n\t\tif len(certIdentifierSeps) != 2 {\n\t\t\treturn nil, fmt.Errorf(\"received invalid certificate identifier: '%s'\", certIdentifier)\n\t\t}\n\n\t\tcertId, _ := strconv.ParseInt(certIdentifierSeps[0], 10, 64)\n\t\tcertRegion := certIdentifierSeps[1]\n\t\tfor _, hostnameId := range hostnameIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateHostnameCertificate(ctx, hostnameId, certId, certRegion); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllHostnames(ctx context.Context) ([]*aliesa.ListCustomHostnamesResponseBodyHostnames, error) {\n\thostnames := make([]*aliesa.ListCustomHostnamesResponseBodyHostnames, 0)\n\n\t// 查询 SaaS 域名列表\n\t// REF: https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-getcustomhostname\n\tlistCustomHostnamesPageNumber := 1\n\tlistCustomHostnamesPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCustomHostnamesReq := &aliesa.ListCustomHostnamesRequest{\n\t\t\tSiteId: tea.Int64(d.config.SiteId),\n\t\t\tPageNumber: tea.Int32(int32(listCustomHostnamesPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(listCustomHostnamesPageSize)),\n\t\t}\n\t\tlistCustomHostnamesResp, err := d.sdkClient.ListCustomHostnamesWithContext(ctx, listCustomHostnamesReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'esa.ListCustomHostnames'\", slog.Any(\"request\", listCustomHostnamesReq), slog.Any(\"response\", listCustomHostnamesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'esa.ListCustomHostnames': %w\", err)\n\t\t}\n\n\t\tif listCustomHostnamesResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []string{\"pending\", \"conflicted\", \"offline\"}\n\t\tfor _, hostnameItem := range listCustomHostnamesResp.Body.Hostnames {\n\t\t\tif lo.Contains(ignoredStatuses, tea.StringValue(hostnameItem.Status)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\thostnames = append(hostnames, hostnameItem)\n\t\t}\n\n\t\tif len(listCustomHostnamesResp.Body.Hostnames) < listCustomHostnamesPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCustomHostnamesPageNumber++\n\t}\n\n\treturn hostnames, nil\n}\n\nfunc (d *Deployer) updateHostnameCertificate(ctx context.Context, cloudHostnameId int64, cloudCertId int64, cloudCertRegion string) error {\n\t// 更新 SaaS 域名\n\t// REF: https://help.aliyun.com/zh/edge-security-acceleration/esa/api-esa-2024-09-10-updatecustomhostname\n\tupdateCustomHostnameReq := &aliesa.UpdateCustomHostnameRequest{\n\t\tHostnameId: tea.Int64(cloudHostnameId),\n\t\tSslFlag: tea.String(\"on\"),\n\t\tCertType: tea.String(\"cas\"),\n\t\tCasId: tea.Int64(cloudCertId),\n\t\tCasRegion: tea.String(cloudCertRegion),\n\t}\n\tupdateCustomHostnameResp, err := d.sdkClient.UpdateCustomHostnameWithContext(ctx, updateCustomHostnameReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'esa.UpdateCustomHostname'\", slog.Any(\"request\", updateCustomHostnameReq), slog.Any(\"response\", updateCustomHostnameResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'esa.UpdateCustomHostname': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.EsaClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/ESA\n\tvar endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tendpoint = \"esa.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"esa.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewEsaClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-esa-saas/aliyun_esasaas_test.go",
"content": "package aliyunesasaas_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-esa-saas\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfSiteId int64\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNESASAAS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.Int64Var(&fSiteId, argsPrefix+\"SITEID\", 0, \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_esasaas_test.go -args \\\n\t--ALIYUNESASAAS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNESASAAS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNESASAAS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNESASAAS_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNESASAAS_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNESASAAS_SITEID=\"your-esa-site-id\"\\\n\t--ALIYUNESASAAS_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"SITEID: %v\", fSiteId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tSiteId: fSiteId,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-esa-saas/consts.go",
"content": "package aliyunesasaas\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-esa-saas/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\taliesa \"github.com/alibabacloud-go/esa-20240910/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/esa-20240910/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype EsaClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewEsaClient(config *openapiutil.Config) (*EsaClient, error) {\n\tclient := new(EsaClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *EsaClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *EsaClient) ListCustomHostnamesWithContext(ctx context.Context, request *aliesa.ListCustomHostnamesRequest, runtime *dara.RuntimeOptions) (_result *aliesa.ListCustomHostnamesResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.Hostname) {\n\t\tquery[\"Hostname\"] = request.Hostname\n\t}\n\n\tif !dara.IsNil(request.NameMatchType) {\n\t\tquery[\"NameMatchType\"] = request.NameMatchType\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.RecordId) {\n\t\tquery[\"RecordId\"] = request.RecordId\n\t}\n\n\tif !dara.IsNil(request.SiteId) {\n\t\tquery[\"SiteId\"] = request.SiteId\n\t}\n\n\tif !dara.IsNil(request.Status) {\n\t\tquery[\"Status\"] = request.Status\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ListCustomHostnames\"),\n\t\tVersion: dara.String(\"2024-09-10\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliesa.ListCustomHostnamesResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *EsaClient) UpdateCustomHostnameWithContext(ctx context.Context, request *aliesa.UpdateCustomHostnameRequest, runtime *dara.RuntimeOptions) (_result *aliesa.UpdateCustomHostnameResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.CasId) {\n\t\tquery[\"CasId\"] = request.CasId\n\t}\n\n\tif !dara.IsNil(request.CasRegion) {\n\t\tquery[\"CasRegion\"] = request.CasRegion\n\t}\n\n\tif !dara.IsNil(request.CertType) {\n\t\tquery[\"CertType\"] = request.CertType\n\t}\n\n\tif !dara.IsNil(request.Certificate) {\n\t\tquery[\"Certificate\"] = request.Certificate\n\t}\n\n\tif !dara.IsNil(request.HostnameId) {\n\t\tquery[\"HostnameId\"] = request.HostnameId\n\t}\n\n\tif !dara.IsNil(request.PrivateKey) {\n\t\tquery[\"PrivateKey\"] = request.PrivateKey\n\t}\n\n\tif !dara.IsNil(request.RecordId) {\n\t\tquery[\"RecordId\"] = request.RecordId\n\t}\n\n\tif !dara.IsNil(request.SslFlag) {\n\t\tquery[\"SslFlag\"] = request.SslFlag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"UpdateCustomHostname\"),\n\t\tVersion: dara.String(\"2024-09-10\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliesa.UpdateCustomHostnameResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-fc/aliyun_fc.go",
"content": "package aliyunfc\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\talifc3 \"github.com/alibabacloud-go/fc-20230330/v4/client\"\n\talifc2 \"github.com/alibabacloud-go/fc-open-20210406/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-fc/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 服务版本。\n\t// 可取值 \"2.0\"、\"3.0\"。\n\tServiceVersion string `json:\"serviceVersion\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 自定义域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClients *wSDKClients\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\ntype wSDKClients struct {\n\tFC2 *internal.FcopenClient\n\tFC3 *internal.FcClient\n}\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclients, err := createSDKClients(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClients: clients,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tswitch d.config.ServiceVersion {\n\tcase \"3\", \"3.0\":\n\t\tif err := d.deployToFC3(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase \"2\", \"2.0\":\n\t\tif err := d.deployToFC2(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported service version '%s'\", d.config.ServiceVersion)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToFC3(ctx context.Context, certPEM, privkeyPEM string) error {\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getFC3AllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getFC3AllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no fc domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found fc domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateFC3DomainCertificate(ctx, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToFC2(ctx context.Context, certPEM, privkeyPEM string) error {\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getFC2AllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getFC2AllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no fc domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found fc domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateFC2DomainCertificate(ctx, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) getFC3AllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 列出自定义域名\n\t// REF: https://help.aliyun.com/zh/functioncompute/fc/developer-reference/api-fc-2023-03-30-listcustomdomains\n\tlistCustomDomainsNextToken := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCustomDomainsReq := &alifc3.ListCustomDomainsRequest{\n\t\t\tNextToken: listCustomDomainsNextToken,\n\t\t\tLimit: tea.Int32(100),\n\t\t}\n\t\tlistCustomDomainsResp, err := d.sdkClients.FC3.ListCustomDomainsWithContext(ctx, listCustomDomainsReq, make(map[string]*string, 0), &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'fc.ListCustomDomains'\", slog.Any(\"request\", listCustomDomainsReq), slog.Any(\"response\", listCustomDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'fc.ListCustomDomains': %w\", err)\n\t\t}\n\n\t\tif listCustomDomainsResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range listCustomDomainsResp.Body.CustomDomains {\n\t\t\tdomains = append(domains, tea.StringValue(domainItem.DomainName))\n\t\t}\n\n\t\tif len(listCustomDomainsResp.Body.CustomDomains) == 0 || listCustomDomainsResp.Body.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCustomDomainsNextToken = listCustomDomainsResp.Body.NextToken\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) getFC2AllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 列出自定义域名\n\t// REF: https://help.aliyun.com/zh/functioncompute/fc-2-0/developer-reference/api-fc-open-2021-04-06-listcustomdomains\n\tlistCustomDomainsNextToken := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCustomDomainsReq := &alifc2.ListCustomDomainsRequest{\n\t\t\tNextToken: listCustomDomainsNextToken,\n\t\t\tLimit: tea.Int32(100),\n\t\t}\n\t\tlistCustomDomainsResp, err := d.sdkClients.FC2.ListCustomDomains(listCustomDomainsReq)\n\t\td.logger.Debug(\"sdk request 'fc.ListCustomDomains'\", slog.Any(\"request\", listCustomDomainsReq), slog.Any(\"response\", listCustomDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'fc.ListCustomDomains': %w\", err)\n\t\t}\n\n\t\tif listCustomDomainsResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range listCustomDomainsResp.Body.CustomDomains {\n\t\t\tdomains = append(domains, tea.StringValue(domainItem.DomainName))\n\t\t}\n\n\t\tif len(listCustomDomainsResp.Body.CustomDomains) == 0 || listCustomDomainsResp.Body.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCustomDomainsNextToken = listCustomDomainsResp.Body.NextToken\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateFC3DomainCertificate(ctx context.Context, domain string, certPEM, privkeyPEM string) error {\n\t// 获取自定义域名\n\t// REF: https://help.aliyun.com/zh/functioncompute/fc-3-0/developer-reference/api-fc-2023-03-30-getcustomdomain\n\tgetCustomDomainResp, err := d.sdkClients.FC3.GetCustomDomainWithContext(ctx, tea.String(domain), make(map[string]*string), &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'fc.GetCustomDomain'\", slog.Any(\"response\", getCustomDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'fc.GetCustomDomain': %w\", err)\n\t} else {\n\t\tif getCustomDomainResp.Body.CertConfig != nil && tea.StringValue(getCustomDomainResp.Body.CertConfig.Certificate) == certPEM {\n\t\t\treturn nil\n\t\t}\n\t}\n\n\t// 更新自定义域名\n\t// REF: https://help.aliyun.com/zh/functioncompute/fc-3-0/developer-reference/api-fc-2023-03-30-updatecustomdomain\n\tupdateCustomDomainReq := &alifc3.UpdateCustomDomainRequest{\n\t\tBody: &alifc3.UpdateCustomDomainInput{\n\t\t\tCertConfig: &alifc3.CertConfig{\n\t\t\t\tCertName: tea.String(fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())),\n\t\t\t\tCertificate: tea.String(certPEM),\n\t\t\t\tPrivateKey: tea.String(privkeyPEM),\n\t\t\t},\n\t\t\tProtocol: getCustomDomainResp.Body.Protocol,\n\t\t\tTlsConfig: getCustomDomainResp.Body.TlsConfig,\n\t\t},\n\t}\n\tif tea.StringValue(updateCustomDomainReq.Body.Protocol) == \"HTTP\" {\n\t\tupdateCustomDomainReq.Body.Protocol = tea.String(\"HTTP,HTTPS\")\n\t}\n\tupdateCustomDomainResp, err := d.sdkClients.FC3.UpdateCustomDomainWithContext(ctx, tea.String(domain), updateCustomDomainReq, make(map[string]*string), &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'fc.UpdateCustomDomain'\", slog.Any(\"request\", updateCustomDomainReq), slog.Any(\"response\", updateCustomDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'fc.UpdateCustomDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateFC2DomainCertificate(ctx context.Context, domain string, certPEM, privkeyPEM string) error {\n\t// 获取自定义域名\n\t// REF: https://help.aliyun.com/zh/functioncompute/fc-2-0/developer-reference/api-fc-open-2021-04-06-getcustomdomain\n\tgetCustomDomainResp, err := d.sdkClients.FC2.GetCustomDomain(tea.String(domain))\n\td.logger.Debug(\"sdk request 'fc.GetCustomDomain'\", slog.Any(\"response\", getCustomDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'fc.GetCustomDomain': %w\", err)\n\t} else {\n\t\tif getCustomDomainResp.Body.CertConfig != nil && tea.StringValue(getCustomDomainResp.Body.CertConfig.Certificate) == certPEM {\n\t\t\treturn nil\n\t\t}\n\t}\n\n\t// 更新自定义域名\n\t// REF: https://help.aliyun.com/zh/functioncompute/fc-2-0/developer-reference/api-fc-open-2021-04-06-updatecustomdomain\n\tupdateCustomDomainReq := &alifc2.UpdateCustomDomainRequest{\n\t\tCertConfig: &alifc2.CertConfig{\n\t\t\tCertName: tea.String(fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())),\n\t\t\tCertificate: tea.String(certPEM),\n\t\t\tPrivateKey: tea.String(privkeyPEM),\n\t\t},\n\t\tProtocol: getCustomDomainResp.Body.Protocol,\n\t\tTlsConfig: getCustomDomainResp.Body.TlsConfig,\n\t}\n\tif tea.StringValue(updateCustomDomainReq.Protocol) == \"HTTP\" {\n\t\tupdateCustomDomainReq.Protocol = tea.String(\"HTTP,HTTPS\")\n\t}\n\tupdateCustomDomainResp, err := d.sdkClients.FC2.UpdateCustomDomain(tea.String(domain), updateCustomDomainReq)\n\td.logger.Debug(\"sdk request 'fc.UpdateCustomDomain'\", slog.Any(\"request\", updateCustomDomainReq), slog.Any(\"response\", updateCustomDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'fc.UpdateCustomDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClients(accessKeyId, accessKeySecret, region string) (*wSDKClients, error) {\n\t// 接入点一览 https://api.aliyun.com/product/FC-Open\n\tvar fc2Endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tfc2Endpoint = \"fc.aliyuncs.com\"\n\tcase \"cn-hangzhou-finance\":\n\t\tfc2Endpoint = fmt.Sprintf(\"%s.fc.aliyuncs.com\", region)\n\tdefault:\n\t\tfc2Endpoint = fmt.Sprintf(\"fc.%s.aliyuncs.com\", region)\n\t}\n\n\tfc2Config := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(fc2Endpoint),\n\t}\n\tfc2Client, err := internal.NewFcopenClient(fc2Config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 接入点一览 https://api.aliyun.com/product/FC\n\tvar fc3Endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tfc3Endpoint = \"fcv3.cn-hangzhou.aliyuncs.com\"\n\tcase \"me-central-1\", \"cn-hangzhou-finance\", \"cn-shanghai-finance-1\", \"cn-heyuan-acdr-1\":\n\t\tfc3Endpoint = fmt.Sprintf(\"%s.fc.aliyuncs.com\", region)\n\tdefault:\n\t\tfc3Endpoint = fmt.Sprintf(\"fcv3.%s.aliyuncs.com\", region)\n\t}\n\n\tfc3Config := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(fc3Endpoint),\n\t}\n\tfc3Client, err := internal.NewFcClient(fc3Config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &wSDKClients{\n\t\tFC2: fc2Client,\n\t\tFC3: fc3Client,\n\t}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-fc/aliyun_fc_test.go",
"content": "package aliyunfc_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-fc\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNFC_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_fc_test.go -args \\\n\t--ALIYUNFC_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNFC_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNFC_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNFC_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNFC_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNFC_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tServiceVersion: \"3.0\",\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-fc/consts.go",
"content": "package aliyunfc\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-fc/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutilv2 \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\talifc \"github.com/alibabacloud-go/fc-20230330/v4/client\"\n\talifcopen \"github.com/alibabacloud-go/fc-open-20210406/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/openapi-util/service\"\n\tutil \"github.com/alibabacloud-go/tea-utils/v2/service\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/fc-20230330/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype FcClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewFcClient(config *openapiutilv2.Config) (*FcClient, error) {\n\tclient := new(FcClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *FcClient) Init(config *openapiutilv2.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *FcClient) GetCustomDomainWithContext(ctx context.Context, domainName *string, headers map[string]*string, runtime *dara.RuntimeOptions) (_result *alifc.GetCustomDomainResponse, _err error) {\n\treq := &openapiutilv2.OpenApiRequest{\n\t\tHeaders: headers,\n\t}\n\tparams := &openapiutilv2.Params{\n\t\tAction: dara.String(\"GetCustomDomain\"),\n\t\tVersion: dara.String(\"2023-03-30\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/2023-03-30/custom-domains/\" + dara.PercentEncode(dara.StringValue(domainName))),\n\t\tMethod: dara.String(\"GET\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"ROA\"),\n\t\tReqBodyType: dara.String(\"json\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alifc.GetCustomDomainResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *FcClient) ListCustomDomainsWithContext(ctx context.Context, request *alifc.ListCustomDomainsRequest, headers map[string]*string, runtime *dara.RuntimeOptions) (_result *alifc.ListCustomDomainsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.Limit) {\n\t\tquery[\"limit\"] = request.Limit\n\t}\n\n\tif !dara.IsNil(request.NextToken) {\n\t\tquery[\"nextToken\"] = request.NextToken\n\t}\n\n\tif !dara.IsNil(request.Prefix) {\n\t\tquery[\"prefix\"] = request.Prefix\n\t}\n\n\treq := &openapiutilv2.OpenApiRequest{\n\t\tHeaders: headers,\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutilv2.Params{\n\t\tAction: dara.String(\"ListCustomDomains\"),\n\t\tVersion: dara.String(\"2023-03-30\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/2023-03-30/custom-domains\"),\n\t\tMethod: dara.String(\"GET\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"ROA\"),\n\t\tReqBodyType: dara.String(\"json\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alifc.ListCustomDomainsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *FcClient) UpdateCustomDomainWithContext(ctx context.Context, domainName *string, request *alifc.UpdateCustomDomainRequest, headers map[string]*string, runtime *dara.RuntimeOptions) (_result *alifc.UpdateCustomDomainResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\treq := &openapiutilv2.OpenApiRequest{\n\t\tHeaders: headers,\n\t\tBody: openapiutil.ParseToMap(request.Body),\n\t}\n\tparams := &openapiutilv2.Params{\n\t\tAction: dara.String(\"UpdateCustomDomain\"),\n\t\tVersion: dara.String(\"2023-03-30\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/2023-03-30/custom-domains/\" + dara.PercentEncode(dara.StringValue(domainName))),\n\t\tMethod: dara.String(\"PUT\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"ROA\"),\n\t\tReqBodyType: dara.String(\"json\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alifc.UpdateCustomDomainResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\n// This is a partial copy of https://github.com/alibabacloud-go/fc-open-20210406/blob/master/client/client.go\n// to lightweight the vendor packages in the built binary.\ntype FcopenClient struct {\n\topenapi.Client\n}\n\nfunc NewFcopenClient(config *openapi.Config) (*FcopenClient, error) {\n\tclient := new(FcopenClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *FcopenClient) Init(config *openapi.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *FcopenClient) GetCustomDomain(domainName *string) (_result *alifcopen.GetCustomDomainResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\theaders := &alifcopen.GetCustomDomainHeaders{}\n\t_result = &alifcopen.GetCustomDomainResponse{}\n\t_body, _err := client.GetCustomDomainWithOptions(domainName, headers, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n\nfunc (client *FcopenClient) GetCustomDomainWithOptions(domainName *string, headers *alifcopen.GetCustomDomainHeaders, runtime *util.RuntimeOptions) (_result *alifcopen.GetCustomDomainResponse, _err error) {\n\trealHeaders := make(map[string]*string)\n\n\tif !tea.BoolValue(util.IsUnset(headers.CommonHeaders)) {\n\t\trealHeaders = headers.CommonHeaders\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcAccountId)) {\n\t\trealHeaders[\"X-Fc-Account-Id\"] = util.ToJSONString(headers.XFcAccountId)\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcDate)) {\n\t\trealHeaders[\"X-Fc-Date\"] = util.ToJSONString(headers.XFcDate)\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcTraceId)) {\n\t\trealHeaders[\"X-Fc-Trace-Id\"] = util.ToJSONString(headers.XFcTraceId)\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tHeaders: realHeaders,\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"GetCustomDomain\"),\n\t\tVersion: tea.String(\"2021-04-06\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/2021-04-06/custom-domains/\" + tea.StringValue(openapiutil.GetEncodeParam(domainName))),\n\t\tMethod: tea.String(\"GET\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"ROA\"),\n\t\tReqBodyType: tea.String(\"json\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &alifcopen.GetCustomDomainResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *FcopenClient) ListCustomDomains(request *alifcopen.ListCustomDomainsRequest) (_result *alifcopen.ListCustomDomainsResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\theaders := &alifcopen.ListCustomDomainsHeaders{}\n\t_result = &alifcopen.ListCustomDomainsResponse{}\n\t_body, _err := client.ListCustomDomainsWithOptions(request, headers, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n\nfunc (client *FcopenClient) ListCustomDomainsWithOptions(request *alifcopen.ListCustomDomainsRequest, headers *alifcopen.ListCustomDomainsHeaders, runtime *util.RuntimeOptions) (_result *alifcopen.ListCustomDomainsResponse, _err error) {\n\t_err = util.ValidateModel(request)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !tea.BoolValue(util.IsUnset(request.Limit)) {\n\t\tquery[\"limit\"] = request.Limit\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.NextToken)) {\n\t\tquery[\"nextToken\"] = request.NextToken\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Prefix)) {\n\t\tquery[\"prefix\"] = request.Prefix\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.StartKey)) {\n\t\tquery[\"startKey\"] = request.StartKey\n\t}\n\n\trealHeaders := make(map[string]*string)\n\tif !tea.BoolValue(util.IsUnset(headers.CommonHeaders)) {\n\t\trealHeaders = headers.CommonHeaders\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcAccountId)) {\n\t\trealHeaders[\"X-Fc-Account-Id\"] = util.ToJSONString(headers.XFcAccountId)\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcDate)) {\n\t\trealHeaders[\"X-Fc-Date\"] = util.ToJSONString(headers.XFcDate)\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcTraceId)) {\n\t\trealHeaders[\"X-Fc-Trace-Id\"] = util.ToJSONString(headers.XFcTraceId)\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tHeaders: realHeaders,\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"ListCustomDomains\"),\n\t\tVersion: tea.String(\"2021-04-06\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/2021-04-06/custom-domains\"),\n\t\tMethod: tea.String(\"GET\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"ROA\"),\n\t\tReqBodyType: tea.String(\"json\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &alifcopen.ListCustomDomainsResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *FcopenClient) UpdateCustomDomain(domainName *string, request *alifcopen.UpdateCustomDomainRequest) (_result *alifcopen.UpdateCustomDomainResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\theaders := &alifcopen.UpdateCustomDomainHeaders{}\n\t_result = &alifcopen.UpdateCustomDomainResponse{}\n\t_body, _err := client.UpdateCustomDomainWithOptions(domainName, request, headers, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n\nfunc (client *FcopenClient) UpdateCustomDomainWithOptions(domainName *string, request *alifcopen.UpdateCustomDomainRequest, headers *alifcopen.UpdateCustomDomainHeaders, runtime *util.RuntimeOptions) (_result *alifcopen.UpdateCustomDomainResponse, _err error) {\n\t_err = util.ValidateModel(request)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tbody := map[string]interface{}{}\n\n\tif !tea.BoolValue(util.IsUnset(request.CertConfig)) {\n\t\tbody[\"certConfig\"] = request.CertConfig\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Protocol)) {\n\t\tbody[\"protocol\"] = request.Protocol\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.RouteConfig)) {\n\t\tbody[\"routeConfig\"] = request.RouteConfig\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.TlsConfig)) {\n\t\tbody[\"tlsConfig\"] = request.TlsConfig\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.WafConfig)) {\n\t\tbody[\"wafConfig\"] = request.WafConfig\n\t}\n\n\trealHeaders := make(map[string]*string)\n\tif !tea.BoolValue(util.IsUnset(headers.CommonHeaders)) {\n\t\trealHeaders = headers.CommonHeaders\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcAccountId)) {\n\t\trealHeaders[\"X-Fc-Account-Id\"] = util.ToJSONString(headers.XFcAccountId)\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcDate)) {\n\t\trealHeaders[\"X-Fc-Date\"] = util.ToJSONString(headers.XFcDate)\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(headers.XFcTraceId)) {\n\t\trealHeaders[\"X-Fc-Trace-Id\"] = util.ToJSONString(headers.XFcTraceId)\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tHeaders: realHeaders,\n\t\tBody: openapiutil.ParseToMap(body),\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"UpdateCustomDomain\"),\n\t\tVersion: tea.String(\"2021-04-06\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/2021-04-06/custom-domains/\" + tea.StringValue(openapiutil.GetEncodeParam(domainName))),\n\t\tMethod: tea.String(\"PUT\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"ROA\"),\n\t\tReqBodyType: tea.String(\"json\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &alifcopen.UpdateCustomDomainResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ga/aliyun_ga.go",
"content": "package aliyunga\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\taliga \"github.com/alibabacloud-go/ga-20191120/v4/client\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-ga/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 全球加速实例 ID。\n\tAcceleratorId string `json:\"acceleratorId\"`\n\t// 全球加速监听 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n\t// SNI 域名(不支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_ACCELERATOR]、[RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.GaClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: \"cn-hangzhou\",\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_ACCELERATOR:\n\t\tif err := d.deployToAccelerator(ctx, upres.ExtendedData[\"CertIdentifier\"].(string)); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.ExtendedData[\"CertIdentifier\"].(string)); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToAccelerator(ctx context.Context, cloudCertId string) error {\n\tif d.config.AcceleratorId == \"\" {\n\t\treturn errors.New(\"config `acceleratorId` is required\")\n\t}\n\n\t// 查询 HTTPS 监听列表\n\t// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-listlisteners\n\tlistenerIds := make([]string, 0)\n\tlistListenersPageNumber := 1\n\tlistListenersPageSize := 50\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistListenersReq := &aliga.ListListenersRequest{\n\t\t\tRegionId: tea.String(\"cn-hangzhou\"),\n\t\t\tAcceleratorId: tea.String(d.config.AcceleratorId),\n\t\t\tPageNumber: tea.Int32(int32(listListenersPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(listListenersPageSize)),\n\t\t}\n\t\tlistListenersResp, err := d.sdkClient.ListListeners(listListenersReq)\n\t\td.logger.Debug(\"sdk request 'ga.ListListeners'\", slog.Any(\"request\", listListenersReq), slog.Any(\"response\", listListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ga.ListListeners': %w\", err)\n\t\t}\n\n\t\tif listListenersResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, listener := range listListenersResp.Body.Listeners {\n\t\t\tif strings.EqualFold(tea.StringValue(listener.Protocol), \"https\") {\n\t\t\t\tlistenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))\n\t\t\t}\n\t\t}\n\n\t\tif len(listListenersResp.Body.Listeners) < listListenersPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistListenersPageNumber++\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no ga listeners to deploy\")\n\t} else {\n\t\tvar errs []error\n\t\td.logger.Info(\"found https listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.AcceleratorId, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.AcceleratorId == \"\" {\n\t\treturn errors.New(\"config `acceleratorId` is required\")\n\t}\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 更新监听\n\tif err := d.updateListenerCertificate(ctx, d.config.AcceleratorId, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudAcceleratorId string, cloudListenerId string, cloudCertId string) error {\n\t// 查询监听绑定的证书列表\n\t// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-listlistenercertificates\n\tlistenerDefaultCertificate := (*aliga.ListListenerCertificatesResponseBodyCertificates)(nil)\n\tlistenerAdditionalCertificates := make([]*aliga.ListListenerCertificatesResponseBodyCertificates, 0)\n\tlistListenerCertificatesNextToken := (*string)(nil)\n\tfor {\n\t\tlistListenerCertificatesReq := &aliga.ListListenerCertificatesRequest{\n\t\t\tRegionId: tea.String(\"cn-hangzhou\"),\n\t\t\tAcceleratorId: tea.String(cloudAcceleratorId),\n\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\tNextToken: listListenerCertificatesNextToken,\n\t\t\tMaxResults: tea.Int32(20),\n\t\t}\n\t\tlistListenerCertificatesResp, err := d.sdkClient.ListListenerCertificates(listListenerCertificatesReq)\n\t\td.logger.Debug(\"sdk request 'ga.ListListenerCertificates'\", slog.Any(\"request\", listListenerCertificatesReq), slog.Any(\"response\", listListenerCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ga.ListListenerCertificates': %w\", err)\n\t\t}\n\n\t\tif listListenerCertificatesResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, certItem := range listListenerCertificatesResp.Body.Certificates {\n\t\t\tif tea.BoolValue(certItem.IsDefault) {\n\t\t\t\tlistenerDefaultCertificate = certItem\n\t\t\t} else {\n\t\t\t\tlistenerAdditionalCertificates = append(listenerAdditionalCertificates, certItem)\n\t\t\t}\n\t\t}\n\n\t\tif len(listListenerCertificatesResp.Body.Certificates) == 0 || listListenerCertificatesResp.Body.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistListenerCertificatesNextToken = listListenerCertificatesResp.Body.NextToken\n\t}\n\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\t\tif listenerDefaultCertificate != nil && tea.StringValue(listenerDefaultCertificate.CertificateId) == cloudCertId {\n\t\t\td.logger.Info(\"no need to update ga listener default certificate\")\n\t\t\treturn nil\n\t\t}\n\n\t\t// 修改监听的属性\n\t\t// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-updatelistener\n\t\tupdateListenerReq := &aliga.UpdateListenerRequest{\n\t\t\tRegionId: tea.String(\"cn-hangzhou\"),\n\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\tCertificates: []*aliga.UpdateListenerRequestCertificates{{\n\t\t\t\tId: tea.String(cloudCertId),\n\t\t\t}},\n\t\t}\n\t\tupdateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)\n\t\td.logger.Debug(\"sdk request 'ga.UpdateListener'\", slog.Any(\"request\", updateListenerReq), slog.Any(\"response\", updateListenerResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ga.UpdateListener': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展域名\n\t\tif lo.SomeBy(listenerAdditionalCertificates, func(item *aliga.ListListenerCertificatesResponseBodyCertificates) bool {\n\t\t\treturn tea.StringValue(item.CertificateId) == cloudCertId\n\t\t}) {\n\t\t\td.logger.Info(\"no need to update ga listener additional certificate\")\n\t\t\treturn nil\n\t\t}\n\n\t\tif lo.SomeBy(listenerAdditionalCertificates, func(item *aliga.ListListenerCertificatesResponseBodyCertificates) bool {\n\t\t\treturn tea.StringValue(item.Domain) == d.config.Domain\n\t\t}) {\n\t\t\t// 为监听替换扩展证书\n\t\t\t// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-updateadditionalcertificatewithlistener\n\t\t\tupdateAdditionalCertificateWithListenerReq := &aliga.UpdateAdditionalCertificateWithListenerRequest{\n\t\t\t\tRegionId: tea.String(\"cn-hangzhou\"),\n\t\t\t\tAcceleratorId: tea.String(cloudAcceleratorId),\n\t\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\t\tCertificateId: tea.String(cloudCertId),\n\t\t\t\tDomain: tea.String(d.config.Domain),\n\t\t\t}\n\t\t\tupdateAdditionalCertificateWithListenerResp, err := d.sdkClient.UpdateAdditionalCertificateWithListener(updateAdditionalCertificateWithListenerReq)\n\t\t\td.logger.Debug(\"sdk request 'ga.UpdateAdditionalCertificateWithListener'\", slog.Any(\"request\", updateAdditionalCertificateWithListenerReq), slog.Any(\"response\", updateAdditionalCertificateWithListenerResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ga.UpdateAdditionalCertificateWithListener': %w\", err)\n\t\t\t}\n\t\t} else {\n\t\t\t// 为监听绑定扩展证书\n\t\t\t// REF: https://help.aliyun.com/zh/ga/developer-reference/api-ga-2019-11-20-associateadditionalcertificateswithlistener\n\t\t\tassociateAdditionalCertificatesWithListenerReq := &aliga.AssociateAdditionalCertificatesWithListenerRequest{\n\t\t\t\tRegionId: tea.String(\"cn-hangzhou\"),\n\t\t\t\tAcceleratorId: tea.String(cloudAcceleratorId),\n\t\t\t\tListenerId: tea.String(cloudListenerId),\n\t\t\t\tCertificates: []*aliga.AssociateAdditionalCertificatesWithListenerRequestCertificates{{\n\t\t\t\t\tId: tea.String(cloudCertId),\n\t\t\t\t\tDomain: tea.String(d.config.Domain),\n\t\t\t\t}},\n\t\t\t}\n\t\t\tassociateAdditionalCertificatesWithListenerResp, err := d.sdkClient.AssociateAdditionalCertificatesWithListener(associateAdditionalCertificatesWithListenerReq)\n\t\t\td.logger.Debug(\"sdk request 'ga.AssociateAdditionalCertificatesWithListener'\", slog.Any(\"request\", associateAdditionalCertificatesWithListenerReq), slog.Any(\"response\", associateAdditionalCertificatesWithListenerResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ga.AssociateAdditionalCertificatesWithListener': %w\", err)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.GaClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/Ga\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(\"ga.cn-hangzhou.aliyuncs.com\"),\n\t}\n\n\tclient, err := internal.NewGaClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ga/aliyun_ga_test.go",
"content": "package aliyunga_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-ga\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfAcceleratorId string\n\tfListenerId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNGA_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fAcceleratorId, argsPrefix+\"ACCELERATORID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_ga_test.go -args \\\n\t--ALIYUNGA_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNGA_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNGA_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNGA_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNGA_ACCELERATORID=\"your-ga-accelerator-id\" \\\n\t--ALIYUNGA_LISTENERID=\"your-ga-listener-id\" \\\n\t--ALIYUNGA_DOMAIN=\"your-ga-sni-domain\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToAccelerator\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"ACCELERATORID: %v\", fAcceleratorId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tResourceType: provider.RESOURCE_TYPE_ACCELERATOR,\n\t\t\tAcceleratorId: fAcceleratorId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ga/consts.go",
"content": "package aliyunga\n\nconst (\n\t// 资源类型:部署到指定全球加速器。\n\tRESOURCE_TYPE_ACCELERATOR = \"accelerator\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-ga/internal/client.go",
"content": "package internal\n\nimport (\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\taliga \"github.com/alibabacloud-go/ga-20191120/v4/client\"\n\topenapiutil \"github.com/alibabacloud-go/openapi-util/service\"\n\tutil \"github.com/alibabacloud-go/tea-utils/v2/service\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/ga-20191120/blob/master/client/client.go\n// to lightweight the vendor packages in the built binary.\ntype GaClient struct {\n\topenapi.Client\n}\n\nfunc NewGaClient(config *openapi.Config) (*GaClient, error) {\n\tclient := new(GaClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *GaClient) Init(config *openapi.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *GaClient) AssociateAdditionalCertificatesWithListenerWithOptions(request *aliga.AssociateAdditionalCertificatesWithListenerRequest, runtime *util.RuntimeOptions) (_result *aliga.AssociateAdditionalCertificatesWithListenerResponse, _err error) {\n\t_err = util.ValidateModel(request)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !tea.BoolValue(util.IsUnset(request.AcceleratorId)) {\n\t\tquery[\"AcceleratorId\"] = request.AcceleratorId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Certificates)) {\n\t\tquery[\"Certificates\"] = request.Certificates\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ClientToken)) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ListenerId)) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.RegionId)) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"AssociateAdditionalCertificatesWithListener\"),\n\t\tVersion: tea.String(\"2019-11-20\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/\"),\n\t\tMethod: tea.String(\"POST\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"RPC\"),\n\t\tReqBodyType: tea.String(\"formData\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &aliga.AssociateAdditionalCertificatesWithListenerResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *GaClient) AssociateAdditionalCertificatesWithListener(request *aliga.AssociateAdditionalCertificatesWithListenerRequest) (_result *aliga.AssociateAdditionalCertificatesWithListenerResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\t_result = &aliga.AssociateAdditionalCertificatesWithListenerResponse{}\n\t_body, _err := client.AssociateAdditionalCertificatesWithListenerWithOptions(request, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n\nfunc (client *GaClient) ListListenersWithOptions(request *aliga.ListListenersRequest, runtime *util.RuntimeOptions) (_result *aliga.ListListenersResponse, _err error) {\n\t_err = util.ValidateModel(request)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !tea.BoolValue(util.IsUnset(request.AcceleratorId)) {\n\t\tquery[\"AcceleratorId\"] = request.AcceleratorId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.PageNumber)) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.PageSize)) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.Protocol) {\n\t\tquery[\"Protocol\"] = request.Protocol\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.RegionId)) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"ListListeners\"),\n\t\tVersion: tea.String(\"2019-11-20\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/\"),\n\t\tMethod: tea.String(\"POST\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"RPC\"),\n\t\tReqBodyType: tea.String(\"formData\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &aliga.ListListenersResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *GaClient) ListListeners(request *aliga.ListListenersRequest) (_result *aliga.ListListenersResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\t_result = &aliga.ListListenersResponse{}\n\t_body, _err := client.ListListenersWithOptions(request, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n\nfunc (client *GaClient) ListListenerCertificatesWithOptions(request *aliga.ListListenerCertificatesRequest, runtime *util.RuntimeOptions) (_result *aliga.ListListenerCertificatesResponse, _err error) {\n\t_err = util.ValidateModel(request)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !tea.BoolValue(util.IsUnset(request.AcceleratorId)) {\n\t\tquery[\"AcceleratorId\"] = request.AcceleratorId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ListenerId)) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.MaxResults)) {\n\t\tquery[\"MaxResults\"] = request.MaxResults\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.NextToken)) {\n\t\tquery[\"NextToken\"] = request.NextToken\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.RegionId)) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Role)) {\n\t\tquery[\"Role\"] = request.Role\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"ListListenerCertificates\"),\n\t\tVersion: tea.String(\"2019-11-20\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/\"),\n\t\tMethod: tea.String(\"POST\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"RPC\"),\n\t\tReqBodyType: tea.String(\"formData\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &aliga.ListListenerCertificatesResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *GaClient) ListListenerCertificates(request *aliga.ListListenerCertificatesRequest) (_result *aliga.ListListenerCertificatesResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\t_result = &aliga.ListListenerCertificatesResponse{}\n\t_body, _err := client.ListListenerCertificatesWithOptions(request, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n\nfunc (client *GaClient) UpdateAdditionalCertificateWithListenerWithOptions(request *aliga.UpdateAdditionalCertificateWithListenerRequest, runtime *util.RuntimeOptions) (_result *aliga.UpdateAdditionalCertificateWithListenerResponse, _err error) {\n\t_err = util.ValidateModel(request)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !tea.BoolValue(util.IsUnset(request.AcceleratorId)) {\n\t\tquery[\"AcceleratorId\"] = request.AcceleratorId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.CertificateId)) {\n\t\tquery[\"CertificateId\"] = request.CertificateId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ClientToken)) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Domain)) {\n\t\tquery[\"Domain\"] = request.Domain\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.DryRun)) {\n\t\tquery[\"DryRun\"] = request.DryRun\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ListenerId)) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.RegionId)) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"UpdateAdditionalCertificateWithListener\"),\n\t\tVersion: tea.String(\"2019-11-20\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/\"),\n\t\tMethod: tea.String(\"POST\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"RPC\"),\n\t\tReqBodyType: tea.String(\"formData\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &aliga.UpdateAdditionalCertificateWithListenerResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *GaClient) UpdateAdditionalCertificateWithListener(request *aliga.UpdateAdditionalCertificateWithListenerRequest) (_result *aliga.UpdateAdditionalCertificateWithListenerResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\t_result = &aliga.UpdateAdditionalCertificateWithListenerResponse{}\n\t_body, _err := client.UpdateAdditionalCertificateWithListenerWithOptions(request, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n\nfunc (client *GaClient) UpdateListenerWithOptions(request *aliga.UpdateListenerRequest, runtime *util.RuntimeOptions) (_result *aliga.UpdateListenerResponse, _err error) {\n\t_err = util.ValidateModel(request)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !tea.BoolValue(util.IsUnset(request.BackendPorts)) {\n\t\tquery[\"BackendPorts\"] = request.BackendPorts\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Certificates)) {\n\t\tquery[\"Certificates\"] = request.Certificates\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ClientAffinity)) {\n\t\tquery[\"ClientAffinity\"] = request.ClientAffinity\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ClientToken)) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Description)) {\n\t\tquery[\"Description\"] = request.Description\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.HttpVersion)) {\n\t\tquery[\"HttpVersion\"] = request.HttpVersion\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.IdleTimeout)) {\n\t\tquery[\"IdleTimeout\"] = request.IdleTimeout\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ListenerId)) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Name)) {\n\t\tquery[\"Name\"] = request.Name\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.PortRanges)) {\n\t\tquery[\"PortRanges\"] = request.PortRanges\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.Protocol)) {\n\t\tquery[\"Protocol\"] = request.Protocol\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.ProxyProtocol)) {\n\t\tquery[\"ProxyProtocol\"] = request.ProxyProtocol\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.RegionId)) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.RequestTimeout)) {\n\t\tquery[\"RequestTimeout\"] = request.RequestTimeout\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.SecurityPolicyId)) {\n\t\tquery[\"SecurityPolicyId\"] = request.SecurityPolicyId\n\t}\n\n\tif !tea.BoolValue(util.IsUnset(request.XForwardedForConfig)) {\n\t\tquery[\"XForwardedForConfig\"] = request.XForwardedForConfig\n\t}\n\n\treq := &openapi.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapi.Params{\n\t\tAction: tea.String(\"UpdateListener\"),\n\t\tVersion: tea.String(\"2019-11-20\"),\n\t\tProtocol: tea.String(\"HTTPS\"),\n\t\tPathname: tea.String(\"/\"),\n\t\tMethod: tea.String(\"POST\"),\n\t\tAuthType: tea.String(\"AK\"),\n\t\tStyle: tea.String(\"RPC\"),\n\t\tReqBodyType: tea.String(\"formData\"),\n\t\tBodyType: tea.String(\"json\"),\n\t}\n\t_result = &aliga.UpdateListenerResponse{}\n\t_body, _err := client.CallApi(params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = tea.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *GaClient) UpdateListener(request *aliga.UpdateListenerRequest) (_result *aliga.UpdateListenerResponse, _err error) {\n\truntime := &util.RuntimeOptions{}\n\t_result = &aliga.UpdateListenerResponse{}\n\t_body, _err := client.UpdateListenerWithOptions(request, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_result = _body\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-live/aliyun_live.go",
"content": "package aliyunlive\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\talilive \"github.com/alibabacloud-go/live-20161101/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-live/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 直播流域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.LiveClient\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\t// \"*.example.com\" → \".example.com\",适配阿里云 Live 要求的泛域名格式\n\t\t\tdomain := strings.TrimPrefix(d.config.Domain, \"*\")\n\t\t\tdomains = []string{domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain) ||\n\t\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil ||\n\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no live domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found live domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询用户名下所有的直播域名\n\t// REF: https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-describeliveuserdomains\n\tdescribeUserLiveDomainsPageNumber := 1\n\tdescribeUserLiveDomainsPageSize := 50\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeUserLiveDomainsReq := &alilive.DescribeLiveUserDomainsRequest{\n\t\t\tResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\t\tRegionName: tea.String(d.config.Region),\n\t\t\tDomainStatus: tea.String(\"online\"),\n\t\t\tPageNumber: tea.Int32(int32(describeUserLiveDomainsPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(describeUserLiveDomainsPageSize)),\n\t\t}\n\t\tdescribeUserLiveDomainsResp, err := d.sdkClient.DescribeLiveUserDomainsWithContext(ctx, describeUserLiveDomainsReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'live.DescribeLiveUserDomains'\", slog.Any(\"request\", describeUserLiveDomainsReq), slog.Any(\"response\", describeUserLiveDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'live.DescribeLiveUserDomains': %w\", err)\n\t\t}\n\n\t\tif describeUserLiveDomainsResp.Body == nil || describeUserLiveDomainsResp.Body.Domains == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range describeUserLiveDomainsResp.Body.Domains.PageData {\n\t\t\tdomains = append(domains, tea.StringValue(domainItem.DomainName))\n\t\t}\n\n\t\tif len(describeUserLiveDomainsResp.Body.Domains.PageData) < describeUserLiveDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeUserLiveDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, certPEM, privkeyPEM string) error {\n\t// 设置域名证书\n\t// REF: https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-setlivedomaincertificate\n\tsetLiveDomainSSLCertificateReq := &alilive.SetLiveDomainCertificateRequest{\n\t\tDomainName: tea.String(domain),\n\t\tCertName: tea.String(fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())),\n\t\tCertType: tea.String(\"upload\"),\n\t\tSSLProtocol: tea.String(\"on\"),\n\t\tSSLPub: tea.String(certPEM),\n\t\tSSLPri: tea.String(privkeyPEM),\n\t}\n\tsetLiveDomainSSLCertificateResp, err := d.sdkClient.SetLiveDomainCertificateWithContext(ctx, setLiveDomainSSLCertificateReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'live.SetLiveDomainCertificate'\", slog.Any(\"request\", setLiveDomainSSLCertificateReq), slog.Any(\"response\", setLiveDomainSSLCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'live.SetLiveDomainCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.LiveClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/live\n\tvar endpoint string\n\tswitch region {\n\tcase \"\",\n\t\t\"cn-qingdao\",\n\t\t\"cn-beijing\",\n\t\t\"cn-shanghai\",\n\t\t\"cn-shenzhen\",\n\t\t\"ap-northeast-1\",\n\t\t\"ap-southeast-5\",\n\t\t\"me-central-1\":\n\t\tendpoint = \"live.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"live.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewLiveClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-live/aliyun_live_test.go",
"content": "package aliyunlive_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-live\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNLIVE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_live_test.go -args \\\n\t--ALIYUNLIVE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNLIVE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNLIVE_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNLIVE_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNLIVE_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNLIVE_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-live/consts.go",
"content": "package aliyunlive\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-live/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\talilive \"github.com/alibabacloud-go/live-20161101/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/live-20161101/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype LiveClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewLiveClient(config *openapiutil.Config) (*LiveClient, error) {\n\tclient := new(LiveClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *LiveClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *LiveClient) DescribeLiveUserDomainsWithContext(ctx context.Context, request *alilive.DescribeLiveUserDomainsRequest, runtime *dara.RuntimeOptions) (_result *alilive.DescribeLiveUserDomainsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.DomainSearchType) {\n\t\tquery[\"DomainSearchType\"] = request.DomainSearchType\n\t}\n\n\tif !dara.IsNil(request.DomainStatus) {\n\t\tquery[\"DomainStatus\"] = request.DomainStatus\n\t}\n\n\tif !dara.IsNil(request.LiveDomainType) {\n\t\tquery[\"LiveDomainType\"] = request.LiveDomainType\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.RegionName) {\n\t\tquery[\"RegionName\"] = request.RegionName\n\t}\n\n\tif !dara.IsNil(request.ResourceGroupId) {\n\t\tquery[\"ResourceGroupId\"] = request.ResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeLiveUserDomains\"),\n\t\tVersion: dara.String(\"2016-11-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alilive.DescribeLiveUserDomainsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *LiveClient) SetLiveDomainCertificateWithContext(ctx context.Context, request *alilive.SetLiveDomainCertificateRequest, runtime *dara.RuntimeOptions) (_result *alilive.SetLiveDomainCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertName) {\n\t\tquery[\"CertName\"] = request.CertName\n\t}\n\n\tif !dara.IsNil(request.CertType) {\n\t\tquery[\"CertType\"] = request.CertType\n\t}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.ForceSet) {\n\t\tquery[\"ForceSet\"] = request.ForceSet\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.SSLPri) {\n\t\tquery[\"SSLPri\"] = request.SSLPri\n\t}\n\n\tif !dara.IsNil(request.SSLProtocol) {\n\t\tquery[\"SSLProtocol\"] = request.SSLProtocol\n\t}\n\n\tif !dara.IsNil(request.SSLPub) {\n\t\tquery[\"SSLPub\"] = request.SSLPub\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetLiveDomainCertificate\"),\n\t\tVersion: dara.String(\"2016-11-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alilive.SetLiveDomainCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb.go",
"content": "package aliyunnlb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\talinlb \"github.com/alibabacloud-go/nlb-20220430/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-nlb/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.NlbClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.ExtendedData[\"CertIdentifier\"].(string)); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.ExtendedData[\"CertIdentifier\"].(string)); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询负载均衡实例的详细信息\n\t// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute\n\tgetLoadBalancerAttributeReq := &alinlb.GetLoadBalancerAttributeRequest{\n\t\tLoadBalancerId: tea.String(d.config.LoadbalancerId),\n\t}\n\tgetLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttributeWithContext(ctx, getLoadBalancerAttributeReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'nlb.GetLoadBalancerAttribute'\", slog.Any(\"request\", getLoadBalancerAttributeReq), slog.Any(\"response\", getLoadBalancerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'nlb.GetLoadBalancerAttribute': %w\", err)\n\t}\n\n\t// 查询 TCPSSL 监听列表\n\t// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners\n\tlistenerIds := make([]string, 0)\n\tlistListenersToken := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistListenersReq := &alinlb.ListListenersRequest{\n\t\t\tNextToken: listListenersToken,\n\t\t\tMaxResults: tea.Int32(100),\n\t\t\tLoadBalancerIds: tea.StringSlice([]string{d.config.LoadbalancerId}),\n\t\t\tListenerProtocol: tea.String(\"TCPSSL\"),\n\t\t}\n\t\tlistListenersResp, err := d.sdkClient.ListListenersWithContext(ctx, listListenersReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'nlb.ListListeners'\", slog.Any(\"request\", listListenersReq), slog.Any(\"response\", listListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'nlb.ListListeners': %w\", err)\n\t\t}\n\n\t\tif listListenersResp.Body == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, listener := range listListenersResp.Body.Listeners {\n\t\t\tlistenerIds = append(listenerIds, tea.StringValue(listener.ListenerId))\n\t\t}\n\n\t\tif len(listListenersResp.Body.Listeners) == 0 || listListenersResp.Body.NextToken == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistListenersToken = listListenersResp.Body.NextToken\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no nlb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found tcpssl listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 更新监听\n\tif err := d.updateListenerCertificate(ctx, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {\n\t// 查询监听的属性\n\t// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getlistenerattribute\n\tgetListenerAttributeReq := &alinlb.GetListenerAttributeRequest{\n\t\tListenerId: tea.String(cloudListenerId),\n\t}\n\tgetListenerAttributeResp, err := d.sdkClient.GetListenerAttributeWithContext(ctx, getListenerAttributeReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'nlb.GetListenerAttribute'\", slog.Any(\"request\", getListenerAttributeReq), slog.Any(\"response\", getListenerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'nlb.GetListenerAttribute': %w\", err)\n\t}\n\n\t// 修改监听的属性\n\t// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-updatelistenerattribute\n\tupdateListenerAttributeReq := &alinlb.UpdateListenerAttributeRequest{\n\t\tListenerId: tea.String(cloudListenerId),\n\t\tCertificateIds: []*string{tea.String(cloudCertId)},\n\t}\n\tupdateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttributeWithContext(ctx, updateListenerAttributeReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'nlb.UpdateListenerAttribute'\", slog.Any(\"request\", updateListenerAttributeReq), slog.Any(\"response\", updateListenerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'nlb.UpdateListenerAttribute': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.NlbClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/Nlb\n\tvar endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tendpoint = \"nlb.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"nlb.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewNlbClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-nlb/aliyun_nlb_test.go",
"content": "package aliyunnlb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-nlb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfLoadbalancerId string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNNLB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_nlb_test.go -args \\\n\t--ALIYUNNLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNNLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNNLB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNNLB_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNNLB_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNNLB_LOADBALANCERID=\"your-nlb-instance-id\" \\\n\t--ALIYUNNLB_LISTENERID=\"your-nlb-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToLoadbalancer\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-nlb/consts.go",
"content": "package aliyunnlb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-nlb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\talinlb \"github.com/alibabacloud-go/nlb-20220430/v4/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/nlb-20220430/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype NlbClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewNlbClient(config *openapiutil.Config) (*NlbClient, error) {\n\tclient := new(NlbClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *NlbClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *NlbClient) GetListenerAttributeWithContext(ctx context.Context, request *alinlb.GetListenerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alinlb.GetListenerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.ClientToken) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !dara.IsNil(request.DryRun) {\n\t\tquery[\"DryRun\"] = request.DryRun\n\t}\n\n\tif !dara.IsNil(request.ListenerId) {\n\t\tquery[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"GetListenerAttribute\"),\n\t\tVersion: dara.String(\"2022-04-30\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alinlb.GetListenerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *NlbClient) GetLoadBalancerAttributeWithContext(ctx context.Context, request *alinlb.GetLoadBalancerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alinlb.GetLoadBalancerAttributeResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.ClientToken) {\n\t\tquery[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !dara.IsNil(request.DryRun) {\n\t\tquery[\"DryRun\"] = request.DryRun\n\t}\n\n\tif !dara.IsNil(request.LoadBalancerId) {\n\t\tquery[\"LoadBalancerId\"] = request.LoadBalancerId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"GetLoadBalancerAttribute\"),\n\t\tVersion: dara.String(\"2022-04-30\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alinlb.GetLoadBalancerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *NlbClient) ListListenersWithContext(ctx context.Context, request *alinlb.ListListenersRequest, runtime *dara.RuntimeOptions) (_result *alinlb.ListListenersResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.ListenerIds) {\n\t\tquery[\"ListenerIds\"] = request.ListenerIds\n\t}\n\n\tif !dara.IsNil(request.ListenerProtocol) {\n\t\tquery[\"ListenerProtocol\"] = request.ListenerProtocol\n\t}\n\n\tif !dara.IsNil(request.LoadBalancerIds) {\n\t\tquery[\"LoadBalancerIds\"] = request.LoadBalancerIds\n\t}\n\n\tif !dara.IsNil(request.MaxResults) {\n\t\tquery[\"MaxResults\"] = request.MaxResults\n\t}\n\n\tif !dara.IsNil(request.NextToken) {\n\t\tquery[\"NextToken\"] = request.NextToken\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.SecSensorEnabled) {\n\t\tquery[\"SecSensorEnabled\"] = request.SecSensorEnabled\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ListListeners\"),\n\t\tVersion: dara.String(\"2022-04-30\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alinlb.ListListenersResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *NlbClient) UpdateListenerAttributeWithContext(ctx context.Context, tmpReq *alinlb.UpdateListenerAttributeRequest, runtime *dara.RuntimeOptions) (_result *alinlb.UpdateListenerAttributeResponse, _err error) {\n\t_err = tmpReq.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\trequest := &alinlb.UpdateListenerAttributeShrinkRequest{}\n\topenapiutil.Convert(tmpReq, request)\n\tif !dara.IsNil(tmpReq.ProxyProtocolV2Config) {\n\t\trequest.ProxyProtocolV2ConfigShrink = openapiutil.ArrayToStringWithSpecifiedStyle(tmpReq.ProxyProtocolV2Config, dara.String(\"ProxyProtocolV2Config\"), dara.String(\"json\"))\n\t}\n\n\tbody := map[string]interface{}{}\n\tif !dara.IsNil(request.AlpnEnabled) {\n\t\tbody[\"AlpnEnabled\"] = request.AlpnEnabled\n\t}\n\n\tif !dara.IsNil(request.AlpnPolicy) {\n\t\tbody[\"AlpnPolicy\"] = request.AlpnPolicy\n\t}\n\n\tif !dara.IsNil(request.CaCertificateIds) {\n\t\tbody[\"CaCertificateIds\"] = request.CaCertificateIds\n\t}\n\n\tif !dara.IsNil(request.CaEnabled) {\n\t\tbody[\"CaEnabled\"] = request.CaEnabled\n\t}\n\n\tif !dara.IsNil(request.CertificateIds) {\n\t\tbody[\"CertificateIds\"] = request.CertificateIds\n\t}\n\n\tif !dara.IsNil(request.ClientToken) {\n\t\tbody[\"ClientToken\"] = request.ClientToken\n\t}\n\n\tif !dara.IsNil(request.Cps) {\n\t\tbody[\"Cps\"] = request.Cps\n\t}\n\n\tif !dara.IsNil(request.DryRun) {\n\t\tbody[\"DryRun\"] = request.DryRun\n\t}\n\n\tif !dara.IsNil(request.IdleTimeout) {\n\t\tbody[\"IdleTimeout\"] = request.IdleTimeout\n\t}\n\n\tif !dara.IsNil(request.ListenerDescription) {\n\t\tbody[\"ListenerDescription\"] = request.ListenerDescription\n\t}\n\n\tif !dara.IsNil(request.ListenerId) {\n\t\tbody[\"ListenerId\"] = request.ListenerId\n\t}\n\n\tif !dara.IsNil(request.Mss) {\n\t\tbody[\"Mss\"] = request.Mss\n\t}\n\n\tif !dara.IsNil(request.ProxyProtocolEnabled) {\n\t\tbody[\"ProxyProtocolEnabled\"] = request.ProxyProtocolEnabled\n\t}\n\n\tif !dara.IsNil(request.ProxyProtocolV2ConfigShrink) {\n\t\tbody[\"ProxyProtocolV2Config\"] = request.ProxyProtocolV2ConfigShrink\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tbody[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.SecSensorEnabled) {\n\t\tbody[\"SecSensorEnabled\"] = request.SecSensorEnabled\n\t}\n\n\tif !dara.IsNil(request.SecurityPolicyId) {\n\t\tbody[\"SecurityPolicyId\"] = request.SecurityPolicyId\n\t}\n\n\tif !dara.IsNil(request.ServerGroupId) {\n\t\tbody[\"ServerGroupId\"] = request.ServerGroupId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tBody: openapiutil.ParseToMap(body),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"UpdateListenerAttribute\"),\n\t\tVersion: dara.String(\"2022-04-30\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alinlb.UpdateListenerAttributeResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-oss/aliyun_oss.go",
"content": "package aliyunoss\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/alibabacloud-go/tea/tea\"\n\t\"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss\"\n\t\"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 存储桶名。\n\tBucket string `json:\"bucket\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *oss.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Bucket == \"\" {\n\t\treturn nil, errors.New(\"config `bucket` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 为存储空间绑定自定义域名\n\t// REF: https://help.aliyun.com/zh/oss/developer-reference/putcname\n\tputCnameReq := &oss.PutCnameRequest{\n\t\tBucket: tea.String(d.config.Bucket),\n\t\tBucketCnameConfiguration: &oss.BucketCnameConfiguration{\n\t\t\tDomain: tea.String(d.config.Domain),\n\t\t\tCertificateConfiguration: &oss.CertificateConfiguration{\n\t\t\t\tCertificate: tea.String(certPEM),\n\t\t\t\tPrivateKey: tea.String(privkeyPEM),\n\t\t\t\tForce: tea.Bool(true),\n\t\t\t},\n\t\t},\n\t}\n\tputCnameResp, err := d.sdkClient.PutCname(ctx, putCnameReq)\n\td.logger.Debug(\"sdk request 'oss.PutCname'\", slog.Any(\"request\", putCnameReq), slog.Any(\"response\", putCnameResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'oss.PutCname': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*oss.Client, error) {\n\t// 接入点一览 https://api.aliyun.com/product/Oss\n\tvar endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tendpoint = \"oss.aliyuncs.com\"\n\tcase\n\t\t\"cn-hzjbp\",\n\t\t\"cn-hzjbp-a\",\n\t\t\"cn-hzjbp-b\":\n\t\tendpoint = \"oss-cn-hzjbp-a-internal.aliyuncs.com\"\n\tcase\n\t\t\"cn-shanghai-finance-1\",\n\t\t\"cn-shenzhen-finance-1\",\n\t\t\"cn-beijing-finance-1\",\n\t\t\"cn-north-2-gov-1\":\n\t\tendpoint = fmt.Sprintf(\"oss-%s-internal.aliyuncs.com\", region)\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"oss-%s.aliyuncs.com\", region)\n\t}\n\n\tprovider := credentials.NewStaticCredentialsProvider(accessKeyId, accessKeySecret)\n\tconfig := oss.LoadDefaultConfig().\n\t\tWithCredentialsProvider(provider).\n\t\tWithEndpoint(endpoint)\n\tif region != \"\" {\n\t\tconfig = config.WithRegion(region)\n\t}\n\n\tclient := oss.NewClient(config)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-oss/aliyun_oss_test.go",
"content": "package aliyunoss_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-oss\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfBucket string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNOSS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fBucket, argsPrefix+\"BUCKET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_oss_test.go -args \\\n\t--ALIYUNOSS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNOSS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNOSS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNOSS_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNOSS_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNOSS_BUCKET=\"your-oss-bucket\" \\\n\t--ALIYUNOSS_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"BUCKET: %v\", fBucket),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tBucket: fBucket,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-vod/aliyun_vod.go",
"content": "package aliyunvod\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\talivod \"github.com/alibabacloud-go/vod-20170321/v4/client\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-vod/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 点播加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.VodClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no vod domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found vod domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tcertIdentifier := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\tcertIdentifierSeps := strings.SplitN(certIdentifier, \"-\", 2)\n\t\tif len(certIdentifierSeps) != 2 {\n\t\t\treturn nil, fmt.Errorf(\"received invalid certificate identifier: '%s'\", certIdentifier)\n\t\t}\n\n\t\tcertId, _ := strconv.ParseInt(certIdentifierSeps[0], 10, 64)\n\t\tcertName := upres.CertName\n\t\tcertRegion := certIdentifierSeps[1]\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certId, certName, certRegion); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询加速域名列表\n\t// REF: https://help.aliyun.com/zh/live/developer-reference/api-live-2016-11-01-describeliveuserdomains\n\tdescribeVodUserDomainsPageNumber := 1\n\tdescribeVodUserDomainsPageSize := 50\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeVodUserDomainsReq := &alivod.DescribeVodUserDomainsRequest{\n\t\t\tDomainStatus: tea.String(\"online\"),\n\t\t\tPageNumber: tea.Int32(int32(describeVodUserDomainsPageNumber)),\n\t\t\tPageSize: tea.Int32(int32(describeVodUserDomainsPageSize)),\n\t\t}\n\t\tdescribeVodUserDomainsResp, err := d.sdkClient.DescribeVodUserDomainsWithContext(ctx, describeVodUserDomainsReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'vod.DescribeVodUserDomains'\", slog.Any(\"request\", describeVodUserDomainsReq), slog.Any(\"response\", describeVodUserDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'vod.DescribeLiveUserDomains': %w\", err)\n\t\t}\n\n\t\tif describeVodUserDomainsResp.Body == nil || describeVodUserDomainsResp.Body.Domains == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range describeVodUserDomainsResp.Body.Domains.PageData {\n\t\t\tdomains = append(domains, tea.StringValue(domainItem.DomainName))\n\t\t}\n\n\t\tif len(describeVodUserDomainsResp.Body.Domains.PageData) < describeVodUserDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeVodUserDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId int64, cloudCertName, cloudCertRegion string) error {\n\t// 设置域名证书\n\t// REF: https://help.aliyun.com/zh/vod/developer-reference/api-vod-2017-03-21-setvoddomainsslcertificate\n\tsetVodDomainSSLCertificateReq := &alivod.SetVodDomainSSLCertificateRequest{\n\t\tDomainName: tea.String(domain),\n\t\tCertType: tea.String(\"cas\"),\n\t\tCertId: tea.Int64(cloudCertId),\n\t\tCertName: tea.String(cloudCertName),\n\t\tCertRegion: tea.String(cloudCertRegion),\n\t\tSSLProtocol: tea.String(\"on\"),\n\t}\n\tsetVodDomainSSLCertificateResp, err := d.sdkClient.SetVodDomainSSLCertificateWithContext(ctx, setVodDomainSSLCertificateReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'live.SetVodDomainSSLCertificate'\", slog.Any(\"request\", setVodDomainSSLCertificateReq), slog.Any(\"response\", setVodDomainSSLCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'live.SetVodDomainSSLCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.VodClient, error) {\n\t// 接入点一览 https://api.aliyun.com/product/vod\n\tvar endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tendpoint = \"vod.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"vod.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewVodClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-vod/aliyun_vod_test.go",
"content": "package aliyunvod_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-vod\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNVOD_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_vod_test.go -args \\\n\t--ALIYUNVOD_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNVOD_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNVOD_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNVOD_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNVOD_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNVOD_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-vod/consts.go",
"content": "package aliyunvod\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-vod/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\talivod \"github.com/alibabacloud-go/vod-20170321/v4/client\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/vod-20170321/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype VodClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewVodClient(config *openapiutil.Config) (*VodClient, error) {\n\tclient := new(VodClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *VodClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *VodClient) DescribeVodUserDomainsWithContext(ctx context.Context, request *alivod.DescribeVodUserDomainsRequest, runtime *dara.RuntimeOptions) (_result *alivod.DescribeVodUserDomainsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.DomainSearchType) {\n\t\tquery[\"DomainSearchType\"] = request.DomainSearchType\n\t}\n\n\tif !dara.IsNil(request.DomainStatus) {\n\t\tquery[\"DomainStatus\"] = request.DomainStatus\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\tif !dara.IsNil(request.Tag) {\n\t\tquery[\"Tag\"] = request.Tag\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeVodUserDomains\"),\n\t\tVersion: dara.String(\"2017-03-21\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alivod.DescribeVodUserDomainsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *VodClient) SetVodDomainSSLCertificateWithContext(ctx context.Context, request *alivod.SetVodDomainSSLCertificateRequest, runtime *dara.RuntimeOptions) (_result *alivod.SetVodDomainSSLCertificateResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertId) {\n\t\tquery[\"CertId\"] = request.CertId\n\t}\n\n\tif !dara.IsNil(request.CertName) {\n\t\tquery[\"CertName\"] = request.CertName\n\t}\n\n\tif !dara.IsNil(request.CertRegion) {\n\t\tquery[\"CertRegion\"] = request.CertRegion\n\t}\n\n\tif !dara.IsNil(request.CertType) {\n\t\tquery[\"CertType\"] = request.CertType\n\t}\n\n\tif !dara.IsNil(request.DomainName) {\n\t\tquery[\"DomainName\"] = request.DomainName\n\t}\n\n\tif !dara.IsNil(request.Env) {\n\t\tquery[\"Env\"] = request.Env\n\t}\n\n\tif !dara.IsNil(request.OwnerId) {\n\t\tquery[\"OwnerId\"] = request.OwnerId\n\t}\n\n\tif !dara.IsNil(request.SSLPri) {\n\t\tquery[\"SSLPri\"] = request.SSLPri\n\t}\n\n\tif !dara.IsNil(request.SSLProtocol) {\n\t\tquery[\"SSLProtocol\"] = request.SSLProtocol\n\t}\n\n\tif !dara.IsNil(request.SSLPub) {\n\t\tquery[\"SSLPub\"] = request.SSLPub\n\t}\n\n\tif !dara.IsNil(request.SecurityToken) {\n\t\tquery[\"SecurityToken\"] = request.SecurityToken\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"SetVodDomainSSLCertificate\"),\n\t\tVersion: dara.String(\"2017-03-21\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &alivod.SetVodDomainSSLCertificateResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-waf/aliyun_waf.go",
"content": "package aliyunwaf\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\taliopen \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\t\"github.com/alibabacloud-go/tea/tea\"\n\taliwaf \"github.com/alibabacloud-go/waf-openapi-20211001/v7/client\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aliyun-cas\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-waf/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 阿里云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 阿里云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 阿里云资源组 ID。\n\tResourceGroupId string `json:\"resourceGroupId,omitempty\"`\n\t// 阿里云地域。\n\tRegion string `json:\"region\"`\n\t// 服务版本。\n\t// 可取值 \"3.0\"。\n\tServiceVersion string `json:\"serviceVersion\"`\n\t// 服务类型。\n\tServiceType string `json:\"serviceType\"`\n\t// WAF 实例 ID。\n\tInstanceId string `json:\"instanceId\"`\n\t// 云产品类型。\n\t// 服务类型为 [SERVICE_TYPE_CLOUDRESOURCE] 时必填。\n\tResourceProduct string `json:\"resourceProduct,omitempty\"`\n\t// 云产品资源 ID。\n\t// 服务类型为 [SERVICE_TYPE_CLOUDRESOURCE] 时必填。\n\tResourceId string `json:\"resourceId,omitempty\"`\n\t// 云产品资源端口。\n\t// 服务类型为 [SERVICE_TYPE_CLOUDRESOURCE] 时必填。\n\tResourcePort int32 `json:\"resourcePort,omitempty\"`\n\t// 扩展域名(支持泛域名)。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.WafClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tResourceGroupId: config.ResourceGroupId,\n\t\tRegion: lo.\n\t\t\tIf(config.Region == \"\" || strings.HasPrefix(config.Region, \"cn-\"), \"cn-hangzhou\").\n\t\t\tElse(\"ap-southeast-1\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tswitch d.config.ServiceVersion {\n\tcase \"3\", \"3.0\":\n\t\tif err := d.deployToWAF3(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported service version '%s'\", d.config.ServiceVersion)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToWAF3(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.InstanceId == \"\" {\n\t\treturn errors.New(\"config `instanceId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据接入方式决定部署方式\n\tswitch d.config.ServiceType {\n\tcase SERVICE_TYPE_CLOUDRESOURCE:\n\t\tcertId := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\tif err := d.deployToWAF3WithCloudResource(ctx, certId); err != nil {\n\t\t\treturn err\n\t\t}\n\n\tcase SERVICE_TYPE_CNAME:\n\t\tcertId := upres.ExtendedData[\"CertIdentifier\"].(string)\n\t\tif err := d.deployToWAF3WithCNAME(ctx, certId); err != nil {\n\t\t\treturn err\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported service version '%s'\", d.config.ServiceVersion)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToWAF3WithCloudResource(ctx context.Context, cloudCertId string) error {\n\tif d.config.ResourceProduct == \"\" {\n\t\treturn errors.New(\"config `resourceProduct` is required\")\n\t}\n\tif d.config.ResourceId == \"\" {\n\t\treturn errors.New(\"config `resourceId` is required\")\n\t}\n\tif d.config.ResourcePort == 0 {\n\t\treturn errors.New(\"config `resourcePort` is required\")\n\t}\n\n\t// 查询云产品实例已同步的证书列表\n\t// REF: https://www.alibabacloud.com/help/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describeresourceinstancecerts\n\t//\n\t// 注意,虽然文档中描述为分页查询,但实际调用不支持分页\n\t// https://github.com/certimate-go/certimate/issues/1122\n\tvar wafResourceInstanceCertificates []*aliwaf.DescribeResourceInstanceCertsResponseBodyCerts\n\tdescribeResourceInstanceCertsReq := &aliwaf.DescribeResourceInstanceCertsRequest{\n\t\tRegionId: tea.String(d.config.Region),\n\t\tResourceManagerResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\tInstanceId: tea.String(d.config.InstanceId),\n\t\tResourceInstanceId: tea.String(d.config.ResourceId),\n\t}\n\tdescribeResourceInstanceCertsResp, err := d.sdkClient.DescribeResourceInstanceCertsWithContext(ctx, describeResourceInstanceCertsReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'waf.DescribeResourceInstanceCerts'\", slog.Any(\"request\", describeResourceInstanceCertsReq), slog.Any(\"response\", describeResourceInstanceCertsResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.DescribeResourceInstanceCerts': %w\", err)\n\t} else {\n\t\twafResourceInstanceCertificates = describeResourceInstanceCertsResp.Body.Certs\n\t}\n\n\t// 获取云产品实例的接入端口详情\n\t// REF: https://www.alibabacloud.com/help/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describecloudresourceaccessportdetails\n\tvar wafCloudResourceCloudAccessPort *aliwaf.DescribeCloudResourceAccessPortDetailsResponseBodyAccessPortDetails\n\tvar wafCloudResourceCertificates []*aliwaf.DescribeCloudResourceAccessPortDetailsResponseBodyAccessPortDetailsCertificates\n\tdescribeCloudResourceAccessPortDetailsRequest := &aliwaf.DescribeCloudResourceAccessPortDetailsRequest{\n\t\tRegionId: tea.String(d.config.Region),\n\t\tResourceManagerResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\tInstanceId: tea.String(d.config.InstanceId),\n\t\tResourceInstanceId: tea.String(d.config.ResourceId),\n\t\tPort: tea.String(fmt.Sprintf(\"%d\", d.config.ResourcePort)),\n\t}\n\tdescribeCloudResourceAccessPortDetailsResponse, err := d.sdkClient.DescribeCloudResourceAccessPortDetailsWithContext(ctx, describeCloudResourceAccessPortDetailsRequest, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'waf.DescribeCloudResourceAccessPortDetails'\", slog.Any(\"request\", describeCloudResourceAccessPortDetailsRequest), slog.Any(\"response\", describeCloudResourceAccessPortDetailsResponse))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.DescribeCloudResourceAccessPortDetails': %w\", err)\n\t} else if len(describeCloudResourceAccessPortDetailsResponse.Body.AccessPortDetails) == 0 {\n\t\treturn fmt.Errorf(\"could not get access port details of waf '%s' cloud resource '%s %s:%d'\", d.config.InstanceId, d.config.ResourceProduct, d.config.ResourceId, d.config.ResourcePort)\n\t} else {\n\t\twafCloudResourceCloudAccessPort = describeCloudResourceAccessPortDetailsResponse.Body.AccessPortDetails[0]\n\t\twafCloudResourceCertificates = wafCloudResourceCloudAccessPort.Certificates\n\t\tif len(wafCloudResourceCertificates) == 0 {\n\t\t\treturn fmt.Errorf(\"could not get access port certificates of waf '%s' cloud resource '%s %s:%d'\", d.config.InstanceId, d.config.ResourceProduct, d.config.ResourceId, d.config.ResourcePort)\n\t\t}\n\t}\n\n\t// 生成请求参数\n\tmodifyCloudResourceCertReq := &aliwaf.ModifyCloudResourceCertRequest{\n\t\tRegionId: tea.String(d.config.Region),\n\t\tInstanceId: tea.String(d.config.InstanceId),\n\t\tCloudResourceId: wafCloudResourceCloudAccessPort.CloudResourceId,\n\t}\n\tif d.config.Domain == \"\" {\n\t\t// 未指定扩展域名,只需替换默认证书\n\t\tconst certAppliedTypeDefault = \"default\"\n\n\t\t// 已部署过,直接跳过更新\n\t\tfor _, certItem := range wafCloudResourceCertificates {\n\t\t\tif tea.StringValue(certItem.AppliedType) == certAppliedTypeDefault &&\n\t\t\t\ttea.StringValue(certItem.CertificateId) == cloudCertId {\n\t\t\t\treturn nil\n\t\t\t}\n\t\t}\n\n\t\t// 移除原默认证书,添加新默认证书\n\t\tmodifyCloudResourceCertReq.Certificates = lo.Map(wafCloudResourceCertificates, func(c *aliwaf.DescribeCloudResourceAccessPortDetailsResponseBodyAccessPortDetailsCertificates, _ int) *aliwaf.ModifyCloudResourceCertRequestCertificates {\n\t\t\treturn &aliwaf.ModifyCloudResourceCertRequestCertificates{\n\t\t\t\tCertificateId: c.CertificateId,\n\t\t\t\tAppliedType: c.AppliedType,\n\t\t\t}\n\t\t})\n\t\tmodifyCloudResourceCertReq.Certificates = lo.Filter(modifyCloudResourceCertReq.Certificates, func(c *aliwaf.ModifyCloudResourceCertRequestCertificates, _ int) bool {\n\t\t\tif tea.StringValue(c.AppliedType) == certAppliedTypeDefault {\n\t\t\t\treturn false\n\t\t\t}\n\n\t\t\treturn true\n\t\t})\n\t\tmodifyCloudResourceCertReq.Certificates = append(modifyCloudResourceCertReq.Certificates, &aliwaf.ModifyCloudResourceCertRequestCertificates{\n\t\t\tCertificateId: tea.String(cloudCertId),\n\t\t\tAppliedType: tea.String(certAppliedTypeDefault),\n\t\t})\n\t} else {\n\t\t// 指定扩展域名,替换或新增扩展证书\n\t\tconst certAppliedTypeExtension = \"extension\"\n\n\t\t// 已部署过,直接跳过更新\n\t\tfor _, certItem := range wafCloudResourceCertificates {\n\t\t\tif tea.StringValue(certItem.AppliedType) == certAppliedTypeExtension &&\n\t\t\t\ttea.StringValue(certItem.CertificateId) == cloudCertId {\n\t\t\t\treturn nil\n\t\t\t}\n\t\t}\n\n\t\t// 移除同 CommonName 的原扩展证书,添加新扩展证书\n\t\tmodifyCloudResourceCertReq.Certificates = lo.Map(wafCloudResourceCertificates, func(c *aliwaf.DescribeCloudResourceAccessPortDetailsResponseBodyAccessPortDetailsCertificates, _ int) *aliwaf.ModifyCloudResourceCertRequestCertificates {\n\t\t\treturn &aliwaf.ModifyCloudResourceCertRequestCertificates{\n\t\t\t\tCertificateId: c.CertificateId,\n\t\t\t\tAppliedType: c.AppliedType,\n\t\t\t}\n\t\t})\n\t\tmodifyCloudResourceCertReq.Certificates = lo.Filter(modifyCloudResourceCertReq.Certificates, func(c *aliwaf.ModifyCloudResourceCertRequestCertificates, _ int) bool {\n\t\t\tif tea.StringValue(c.AppliedType) == certAppliedTypeExtension {\n\t\t\t\tif tea.StringValue(c.CertificateId) == cloudCertId {\n\t\t\t\t\treturn false\n\t\t\t\t}\n\n\t\t\t\tvar certCommonName string\n\t\t\t\tfor _, r := range wafResourceInstanceCertificates {\n\t\t\t\t\tif tea.StringValue(c.CertificateId) == tea.StringValue(r.CertIdentifier) {\n\t\t\t\t\t\tcertCommonName = tea.StringValue(r.CommonName)\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\tif certCommonName == d.config.Domain {\n\t\t\t\t\treturn false\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn true\n\t\t})\n\t\tmodifyCloudResourceCertReq.Certificates = append(modifyCloudResourceCertReq.Certificates, &aliwaf.ModifyCloudResourceCertRequestCertificates{\n\t\t\tCertificateId: tea.String(cloudCertId),\n\t\t\tAppliedType: tea.String(certAppliedTypeExtension),\n\t\t})\n\t}\n\n\t// 过滤掉不存在或已过期的证书,防止接口报错\n\tmodifyCloudResourceCertReq.Certificates = lo.Filter(modifyCloudResourceCertReq.Certificates, func(c *aliwaf.ModifyCloudResourceCertRequestCertificates, _ int) bool {\n\t\tif tea.StringValue(c.CertificateId) == cloudCertId {\n\t\t\treturn true\n\t\t}\n\n\t\tresourceInstanceCert, _ := lo.Find(wafResourceInstanceCertificates, func(r *aliwaf.DescribeResourceInstanceCertsResponseBodyCerts) bool {\n\t\t\tcId := tea.StringValue(c.CertificateId)\n\t\t\trId := tea.StringValue(r.CertIdentifier)\n\t\t\treturn cId == rId || strings.Split(cId, \"-\")[0] == strings.Split(rId, \"-\")[0]\n\t\t})\n\t\tif resourceInstanceCert != nil {\n\t\t\tcertNotAfter := time.Unix(tea.Int64Value(resourceInstanceCert.AfterDate)/1000, 0)\n\t\t\treturn certNotAfter.After(time.Now())\n\t\t}\n\n\t\treturn false\n\t})\n\n\t// 修改云产品接入的证书\n\t// REF: https://www.alibabacloud.com/help/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-modifycloudresourcecert\n\tmodifyCloudResourceCertResp, err := d.sdkClient.ModifyCloudResourceCertWithContext(ctx, modifyCloudResourceCertReq, &dara.RuntimeOptions{})\n\td.logger.Debug(\"sdk request 'waf.ModifyCloudResourceCert'\", slog.Any(\"request\", modifyCloudResourceCertReq), slog.Any(\"response\", modifyCloudResourceCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.ModifyCloudResourceCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToWAF3WithCNAME(ctx context.Context, cloudCertId string) error {\n\tif d.config.Domain == \"\" {\n\t\t// 未指定扩展域名,只需替换默认证书\n\n\t\t// 查询默认 SSL/TLS 设置\n\t\t// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describedefaulthttps\n\t\tdescribeDefaultHttpsReq := &aliwaf.DescribeDefaultHttpsRequest{\n\t\t\tResourceManagerResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\tInstanceId: tea.String(d.config.InstanceId),\n\t\t}\n\t\tdescribeDefaultHttpsResp, err := d.sdkClient.DescribeDefaultHttpsWithContext(ctx, describeDefaultHttpsReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'waf.DescribeDefaultHttps'\", slog.Any(\"request\", describeDefaultHttpsReq), slog.Any(\"response\", describeDefaultHttpsResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.DescribeDefaultHttps': %w\", err)\n\t\t}\n\n\t\t// 修改默认 SSL/TLS 设置\n\t\t// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-modifydefaulthttps\n\t\tmodifyDefaultHttpsReq := &aliwaf.ModifyDefaultHttpsRequest{\n\t\t\tResourceManagerResourceGroupId: lo.EmptyableToPtr(d.config.ResourceGroupId),\n\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\tInstanceId: tea.String(d.config.InstanceId),\n\t\t\tCertId: tea.String(cloudCertId),\n\t\t\tTLSVersion: tea.String(\"tlsv1.2\"),\n\t\t\tEnableTLSv3: tea.Bool(true),\n\t\t}\n\t\tif describeDefaultHttpsResp.Body != nil && describeDefaultHttpsResp.Body.DefaultHttps != nil {\n\t\t\tif describeDefaultHttpsResp.Body.DefaultHttps.TLSVersion != nil {\n\t\t\t\tmodifyDefaultHttpsReq.TLSVersion = describeDefaultHttpsResp.Body.DefaultHttps.TLSVersion\n\t\t\t}\n\t\t\tif describeDefaultHttpsResp.Body.DefaultHttps.EnableTLSv3 == nil {\n\t\t\t\tmodifyDefaultHttpsReq.EnableTLSv3 = describeDefaultHttpsResp.Body.DefaultHttps.EnableTLSv3\n\t\t\t}\n\t\t}\n\t\tmodifyDefaultHttpsResp, err := d.sdkClient.ModifyDefaultHttpsWithContext(ctx, modifyDefaultHttpsReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'waf.ModifyDefaultHttps'\", slog.Any(\"request\", modifyDefaultHttpsReq), slog.Any(\"response\", modifyDefaultHttpsResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.ModifyDefaultHttps': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定扩展域名,需替换扩展证书\n\n\t\t// 查询 CNAME 接入详情\n\t\t// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-describedomaindetail\n\t\tdescribeDomainDetailReq := &aliwaf.DescribeDomainDetailRequest{\n\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\tInstanceId: tea.String(d.config.InstanceId),\n\t\t\tDomain: tea.String(d.config.Domain),\n\t\t}\n\t\tdescribeDomainDetailResp, err := d.sdkClient.DescribeDomainDetailWithContext(ctx, describeDomainDetailReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'waf.DescribeDomainDetail'\", slog.Any(\"request\", describeDomainDetailReq), slog.Any(\"response\", describeDomainDetailResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.DescribeDomainDetail': %w\", err)\n\t\t}\n\n\t\t// 修改 CNAME 接入资源\n\t\t// REF: https://help.aliyun.com/zh/waf/web-application-firewall-3-0/developer-reference/api-waf-openapi-2021-10-01-modifydomain\n\t\tmodifyDomainReq := &aliwaf.ModifyDomainRequest{\n\t\t\tRegionId: tea.String(d.config.Region),\n\t\t\tInstanceId: tea.String(d.config.InstanceId),\n\t\t\tDomain: tea.String(d.config.Domain),\n\t\t\tListen: &aliwaf.ModifyDomainRequestListen{CertId: tea.String(cloudCertId)},\n\t\t\tRedirect: &aliwaf.ModifyDomainRequestRedirect{Loadbalance: tea.String(\"iphash\")},\n\t\t}\n\t\tmodifyDomainReq = _assign(modifyDomainReq, describeDomainDetailResp.Body)\n\t\tmodifyDomainResp, err := d.sdkClient.ModifyDomainWithContext(ctx, modifyDomainReq, &dara.RuntimeOptions{})\n\t\td.logger.Debug(\"sdk request 'waf.ModifyDomain'\", slog.Any(\"request\", modifyDomainReq), slog.Any(\"response\", modifyDomainResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.ModifyDomain': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.WafClient, error) {\n\t// 接入点一览:https://api.aliyun.com/product/waf-openapi\n\tvar endpoint string\n\tswitch region {\n\tcase \"\":\n\t\tendpoint = \"wafopenapi.cn-hangzhou.aliyuncs.com\"\n\tdefault:\n\t\tendpoint = fmt.Sprintf(\"wafopenapi.%s.aliyuncs.com\", region)\n\t}\n\n\tconfig := &aliopen.Config{\n\t\tAccessKeyId: tea.String(accessKeyId),\n\t\tAccessKeySecret: tea.String(accessKeySecret),\n\t\tEndpoint: tea.String(endpoint),\n\t}\n\n\tclient, err := internal.NewWafClient(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n\nfunc _assign(source *aliwaf.ModifyDomainRequest, target *aliwaf.DescribeDomainDetailResponseBody) *aliwaf.ModifyDomainRequest {\n\t// `ModifyDomain` 中不传的字段表示使用默认值、而非保留原值,\n\t// 因此这里需要把原配置中的参数重新赋值回去。\n\n\tif target == nil {\n\t\treturn source\n\t}\n\n\tif target.Listen != nil {\n\t\tif source.Listen == nil {\n\t\t\tsource.Listen = &aliwaf.ModifyDomainRequestListen{}\n\t\t}\n\n\t\tif target.Listen.CipherSuite != nil {\n\t\t\tsource.Listen.CipherSuite = tea.Int32(int32(*target.Listen.CipherSuite))\n\t\t}\n\n\t\tif target.Listen.CustomCiphers != nil {\n\t\t\tsource.Listen.CustomCiphers = target.Listen.CustomCiphers\n\t\t}\n\n\t\tif target.Listen.EnableTLSv3 != nil {\n\t\t\tsource.Listen.EnableTLSv3 = target.Listen.EnableTLSv3\n\t\t}\n\n\t\tif target.Listen.ExclusiveIp != nil {\n\t\t\tsource.Listen.ExclusiveIp = target.Listen.ExclusiveIp\n\t\t}\n\n\t\tif target.Listen.FocusHttps != nil {\n\t\t\tsource.Listen.FocusHttps = target.Listen.FocusHttps\n\t\t}\n\n\t\tif target.Listen.Http2Enabled != nil {\n\t\t\tsource.Listen.Http2Enabled = target.Listen.Http2Enabled\n\t\t}\n\n\t\tif target.Listen.HttpPorts != nil {\n\t\t\tsource.Listen.HttpPorts = lo.Map(target.Listen.HttpPorts, func(v *int64, _ int) *int32 {\n\t\t\t\tif v == nil {\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t\treturn tea.Int32(int32(*v))\n\t\t\t})\n\t\t}\n\n\t\tif target.Listen.HttpsPorts != nil {\n\t\t\tsource.Listen.HttpsPorts = lo.Map(target.Listen.HttpsPorts, func(v *int64, _ int) *int32 {\n\t\t\t\tif v == nil {\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t\treturn tea.Int32(int32(*v))\n\t\t\t})\n\t\t}\n\n\t\tif target.Listen.IPv6Enabled != nil {\n\t\t\tsource.Listen.IPv6Enabled = target.Listen.IPv6Enabled\n\t\t}\n\n\t\tif target.Listen.ProtectionResource != nil {\n\t\t\tsource.Listen.ProtectionResource = target.Listen.ProtectionResource\n\t\t}\n\n\t\tif target.Listen.TLSVersion != nil {\n\t\t\tsource.Listen.TLSVersion = target.Listen.TLSVersion\n\t\t}\n\n\t\tif target.Listen.XffHeaderMode != nil {\n\t\t\tsource.Listen.XffHeaderMode = tea.Int32(int32(*target.Listen.XffHeaderMode))\n\t\t}\n\n\t\tif target.Listen.XffHeaders != nil {\n\t\t\tsource.Listen.XffHeaders = target.Listen.XffHeaders\n\t\t}\n\t}\n\n\tif target.Redirect != nil {\n\t\tif source.Redirect == nil {\n\t\t\tsource.Redirect = &aliwaf.ModifyDomainRequestRedirect{}\n\t\t}\n\n\t\tif target.Redirect.Backends != nil {\n\t\t\tsource.Redirect.Backends = lo.Map(target.Redirect.Backends, func(v *aliwaf.DescribeDomainDetailResponseBodyRedirectBackends, _ int) *string {\n\t\t\t\tif v == nil {\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t\treturn v.Backend\n\t\t\t})\n\t\t}\n\n\t\tif target.Redirect.BackupBackends != nil {\n\t\t\tsource.Redirect.BackupBackends = lo.Map(target.Redirect.BackupBackends, func(v *aliwaf.DescribeDomainDetailResponseBodyRedirectBackupBackends, _ int) *string {\n\t\t\t\tif v == nil {\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t\treturn v.Backend\n\t\t\t})\n\t\t}\n\n\t\tif target.Redirect.ConnectTimeout != nil {\n\t\t\tsource.Redirect.ConnectTimeout = target.Redirect.ConnectTimeout\n\t\t}\n\n\t\tif target.Redirect.FocusHttpBackend != nil {\n\t\t\tsource.Redirect.FocusHttpBackend = target.Redirect.FocusHttpBackend\n\t\t}\n\n\t\tif target.Redirect.Keepalive != nil {\n\t\t\tsource.Redirect.Keepalive = target.Redirect.Keepalive\n\t\t}\n\n\t\tif target.Redirect.KeepaliveRequests != nil {\n\t\t\tsource.Redirect.KeepaliveRequests = target.Redirect.KeepaliveRequests\n\t\t}\n\n\t\tif target.Redirect.KeepaliveTimeout != nil {\n\t\t\tsource.Redirect.KeepaliveTimeout = target.Redirect.KeepaliveTimeout\n\t\t}\n\n\t\tif target.Redirect.Loadbalance != nil {\n\t\t\tsource.Redirect.Loadbalance = target.Redirect.Loadbalance\n\t\t}\n\n\t\tif target.Redirect.ReadTimeout != nil {\n\t\t\tsource.Redirect.ReadTimeout = target.Redirect.ReadTimeout\n\t\t}\n\n\t\tif target.Redirect.RequestHeaders != nil {\n\t\t\tsource.Redirect.RequestHeaders = lo.Map(target.Redirect.RequestHeaders, func(v *aliwaf.DescribeDomainDetailResponseBodyRedirectRequestHeaders, _ int) *aliwaf.ModifyDomainRequestRedirectRequestHeaders {\n\t\t\t\tif v == nil {\n\t\t\t\t\treturn nil\n\t\t\t\t}\n\t\t\t\treturn &aliwaf.ModifyDomainRequestRedirectRequestHeaders{\n\t\t\t\t\tKey: v.Key,\n\t\t\t\t\tValue: v.Value,\n\t\t\t\t}\n\t\t\t})\n\t\t}\n\n\t\tif target.Redirect.Retry != nil {\n\t\t\tsource.Redirect.Retry = target.Redirect.Retry\n\t\t}\n\n\t\tif target.Redirect.SniEnabled != nil {\n\t\t\tsource.Redirect.SniEnabled = target.Redirect.SniEnabled\n\t\t}\n\n\t\tif target.Redirect.SniHost != nil {\n\t\t\tsource.Redirect.SniHost = target.Redirect.SniHost\n\t\t}\n\n\t\tif target.Redirect.WriteTimeout != nil {\n\t\t\tsource.Redirect.WriteTimeout = target.Redirect.WriteTimeout\n\t\t}\n\n\t\tif target.Redirect.XffProto != nil {\n\t\t\tsource.Redirect.XffProto = target.Redirect.XffProto\n\t\t}\n\t}\n\n\treturn source\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-waf/aliyun_waf_test.go",
"content": "package aliyunwaf_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aliyun-waf\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfInstanceId string\n)\n\nfunc init() {\n\targsPrefix := \"ALIYUNWAF_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fInstanceId, argsPrefix+\"INSTANCEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aliyun_waf_test.go -args \\\n\t--ALIYUNWAF_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--ALIYUNWAF_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--ALIYUNWAF_ACCESSKEYID=\"your-access-key-id\" \\\n\t--ALIYUNWAF_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--ALIYUNWAF_REGION=\"cn-hangzhou\" \\\n\t--ALIYUNWAF_INSTANCEID=\"your-waf-instance-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"INSTANCEID: %v\", fInstanceId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tInstanceId: fInstanceId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-waf/consts.go",
"content": "package aliyunwaf\n\nconst (\n\t// 服务类型:云产品接入。\n\tSERVICE_TYPE_CLOUDRESOURCE = \"cloudresource\"\n\t// 服务类型:CNAME 接入。\n\tSERVICE_TYPE_CNAME = \"cname\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aliyun-waf/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\n\topenapi \"github.com/alibabacloud-go/darabonba-openapi/v2/client\"\n\topenapiutil \"github.com/alibabacloud-go/darabonba-openapi/v2/utils\"\n\t\"github.com/alibabacloud-go/tea/dara\"\n\taliwaf \"github.com/alibabacloud-go/waf-openapi-20211001/v7/client\"\n)\n\n// This is a partial copy of https://github.com/alibabacloud-go/waf-openapi-20211001/blob/master/client/client_context_func.go\n// to lightweight the vendor packages in the built binary.\ntype WafClient struct {\n\topenapi.Client\n\tDisableSDKError *bool\n}\n\nfunc NewWafClient(config *openapiutil.Config) (*WafClient, error) {\n\tclient := new(WafClient)\n\terr := client.Init(config)\n\treturn client, err\n}\n\nfunc (client *WafClient) Init(config *openapiutil.Config) (_err error) {\n\t_err = client.Client.Init(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\t_err = client.CheckConfig(config)\n\tif _err != nil {\n\t\treturn _err\n\t}\n\n\treturn nil\n}\n\nfunc (client *WafClient) DescribeCloudResourceAccessPortDetailsWithContext(ctx context.Context, request *aliwaf.DescribeCloudResourceAccessPortDetailsRequest, runtime *dara.RuntimeOptions) (_result *aliwaf.DescribeCloudResourceAccessPortDetailsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.InstanceId) {\n\t\tquery[\"InstanceId\"] = request.InstanceId\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.Port) {\n\t\tquery[\"Port\"] = request.Port\n\t}\n\n\tif !dara.IsNil(request.Protocol) {\n\t\tquery[\"Protocol\"] = request.Protocol\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceInstanceId) {\n\t\tquery[\"ResourceInstanceId\"] = request.ResourceInstanceId\n\t}\n\n\tif !dara.IsNil(request.ResourceManagerResourceGroupId) {\n\t\tquery[\"ResourceManagerResourceGroupId\"] = request.ResourceManagerResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.ResourceProduct) {\n\t\tquery[\"ResourceProduct\"] = request.ResourceProduct\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeCloudResourceAccessPortDetails\"),\n\t\tVersion: dara.String(\"2021-10-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliwaf.DescribeCloudResourceAccessPortDetailsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *WafClient) DescribeDefaultHttpsWithContext(ctx context.Context, request *aliwaf.DescribeDefaultHttpsRequest, runtime *dara.RuntimeOptions) (_result *aliwaf.DescribeDefaultHttpsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.InstanceId) {\n\t\tquery[\"InstanceId\"] = request.InstanceId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceManagerResourceGroupId) {\n\t\tquery[\"ResourceManagerResourceGroupId\"] = request.ResourceManagerResourceGroupId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeDefaultHttps\"),\n\t\tVersion: dara.String(\"2021-10-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliwaf.DescribeDefaultHttpsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *WafClient) DescribeDomainDetailWithContext(ctx context.Context, request *aliwaf.DescribeDomainDetailRequest, runtime *dara.RuntimeOptions) (_result *aliwaf.DescribeDomainDetailResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.Domain) {\n\t\tquery[\"Domain\"] = request.Domain\n\t}\n\n\tif !dara.IsNil(request.DomainId) {\n\t\tquery[\"DomainId\"] = request.DomainId\n\t}\n\n\tif !dara.IsNil(request.InstanceId) {\n\t\tquery[\"InstanceId\"] = request.InstanceId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeDomainDetail\"),\n\t\tVersion: dara.String(\"2021-10-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliwaf.DescribeDomainDetailResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *WafClient) DescribeResourceInstanceCertsWithContext(ctx context.Context, request *aliwaf.DescribeResourceInstanceCertsRequest, runtime *dara.RuntimeOptions) (_result *aliwaf.DescribeResourceInstanceCertsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.InstanceId) {\n\t\tquery[\"InstanceId\"] = request.InstanceId\n\t}\n\n\tif !dara.IsNil(request.PageNumber) {\n\t\tquery[\"PageNumber\"] = request.PageNumber\n\t}\n\n\tif !dara.IsNil(request.PageSize) {\n\t\tquery[\"PageSize\"] = request.PageSize\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceInstanceId) {\n\t\tquery[\"ResourceInstanceId\"] = request.ResourceInstanceId\n\t}\n\n\tif !dara.IsNil(request.ResourceManagerResourceGroupId) {\n\t\tquery[\"ResourceManagerResourceGroupId\"] = request.ResourceManagerResourceGroupId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"DescribeResourceInstanceCerts\"),\n\t\tVersion: dara.String(\"2021-10-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliwaf.DescribeResourceInstanceCertsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *WafClient) ModifyCloudResourceCertWithContext(ctx context.Context, request *aliwaf.ModifyCloudResourceCertRequest, runtime *dara.RuntimeOptions) (_result *aliwaf.ModifyCloudResourceCertResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.Certificates) {\n\t\tquery[\"Certificates\"] = request.Certificates\n\t}\n\n\tif !dara.IsNil(request.CloudResourceId) {\n\t\tquery[\"CloudResourceId\"] = request.CloudResourceId\n\t}\n\n\tif !dara.IsNil(request.InstanceId) {\n\t\tquery[\"InstanceId\"] = request.InstanceId\n\t}\n\n\tif !dara.IsNil(request.Port) {\n\t\tquery[\"Port\"] = request.Port\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceInstanceId) {\n\t\tquery[\"ResourceInstanceId\"] = request.ResourceInstanceId\n\t}\n\n\tif !dara.IsNil(request.ResourceProduct) {\n\t\tquery[\"ResourceProduct\"] = request.ResourceProduct\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ModifyCloudResourceCert\"),\n\t\tVersion: dara.String(\"2021-10-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliwaf.ModifyCloudResourceCertResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *WafClient) ModifyDefaultHttpsWithContext(ctx context.Context, request *aliwaf.ModifyDefaultHttpsRequest, runtime *dara.RuntimeOptions) (_result *aliwaf.ModifyDefaultHttpsResponse, _err error) {\n\t_err = request.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\tquery := map[string]interface{}{}\n\n\tif !dara.IsNil(request.CertId) {\n\t\tquery[\"CertId\"] = request.CertId\n\t}\n\n\tif !dara.IsNil(request.CipherSuite) {\n\t\tquery[\"CipherSuite\"] = request.CipherSuite\n\t}\n\n\tif !dara.IsNil(request.CustomCiphers) {\n\t\tquery[\"CustomCiphers\"] = request.CustomCiphers\n\t}\n\n\tif !dara.IsNil(request.EnableTLSv3) {\n\t\tquery[\"EnableTLSv3\"] = request.EnableTLSv3\n\t}\n\n\tif !dara.IsNil(request.InstanceId) {\n\t\tquery[\"InstanceId\"] = request.InstanceId\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\tif !dara.IsNil(request.ResourceManagerResourceGroupId) {\n\t\tquery[\"ResourceManagerResourceGroupId\"] = request.ResourceManagerResourceGroupId\n\t}\n\n\tif !dara.IsNil(request.TLSVersion) {\n\t\tquery[\"TLSVersion\"] = request.TLSVersion\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ModifyDefaultHttps\"),\n\t\tVersion: dara.String(\"2021-10-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliwaf.ModifyDefaultHttpsResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n\nfunc (client *WafClient) ModifyDomainWithContext(ctx context.Context, tmpReq *aliwaf.ModifyDomainRequest, runtime *dara.RuntimeOptions) (_result *aliwaf.ModifyDomainResponse, _err error) {\n\t_err = tmpReq.Validate()\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\n\trequest := &aliwaf.ModifyDomainShrinkRequest{}\n\topenapiutil.Convert(tmpReq, request)\n\tif !dara.IsNil(tmpReq.Listen) {\n\t\trequest.ListenShrink = openapiutil.ArrayToStringWithSpecifiedStyle(tmpReq.Listen, dara.String(\"Listen\"), dara.String(\"json\"))\n\t}\n\n\tif !dara.IsNil(tmpReq.Redirect) {\n\t\trequest.RedirectShrink = openapiutil.ArrayToStringWithSpecifiedStyle(tmpReq.Redirect, dara.String(\"Redirect\"), dara.String(\"json\"))\n\t}\n\n\tquery := map[string]interface{}{}\n\tif !dara.IsNil(request.AccessType) {\n\t\tquery[\"AccessType\"] = request.AccessType\n\t}\n\n\tif !dara.IsNil(request.Domain) {\n\t\tquery[\"Domain\"] = request.Domain\n\t}\n\n\tif !dara.IsNil(request.DomainId) {\n\t\tquery[\"DomainId\"] = request.DomainId\n\t}\n\n\tif !dara.IsNil(request.InstanceId) {\n\t\tquery[\"InstanceId\"] = request.InstanceId\n\t}\n\n\tif !dara.IsNil(request.ListenShrink) {\n\t\tquery[\"Listen\"] = request.ListenShrink\n\t}\n\n\tif !dara.IsNil(request.RedirectShrink) {\n\t\tquery[\"Redirect\"] = request.RedirectShrink\n\t}\n\n\tif !dara.IsNil(request.RegionId) {\n\t\tquery[\"RegionId\"] = request.RegionId\n\t}\n\n\treq := &openapiutil.OpenApiRequest{\n\t\tQuery: openapiutil.Query(query),\n\t}\n\tparams := &openapiutil.Params{\n\t\tAction: dara.String(\"ModifyDomain\"),\n\t\tVersion: dara.String(\"2021-10-01\"),\n\t\tProtocol: dara.String(\"HTTPS\"),\n\t\tPathname: dara.String(\"/\"),\n\t\tMethod: dara.String(\"POST\"),\n\t\tAuthType: dara.String(\"AK\"),\n\t\tStyle: dara.String(\"RPC\"),\n\t\tReqBodyType: dara.String(\"formData\"),\n\t\tBodyType: dara.String(\"json\"),\n\t}\n\t_result = &aliwaf.ModifyDomainResponse{}\n\t_body, _err := client.CallApiWithCtx(ctx, params, req, runtime)\n\tif _err != nil {\n\t\treturn _result, _err\n\t}\n\t_err = dara.Convert(_body, &_result)\n\treturn _result, _err\n}\n"
},
{
"path": "pkg/core/deployer/providers/apisix/apisix.go",
"content": "package apisix\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tapisixsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/apisix\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// APISIX 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// APISIX Admin API Key。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *apisixsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == \"\" {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 更新 SSL 证书\n\t// REF: https://apisix.apache.org/zh/docs/apisix/admin-api/#ssl\n\tsslUpdateReq := &apisixsdk.SslUpdateRequest{\n\t\tID: lo.ToPtr(d.config.CertificateId),\n\t\tCertificate: lo.ToPtr(certPEM),\n\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\tSNIs: lo.ToPtr(certX509.DNSNames),\n\t\tType: lo.ToPtr(\"server\"),\n\t\tStatus: lo.ToPtr(int32(1)),\n\t}\n\tsslUpdateResp, err := d.sdkClient.SslUpdateWithContext(ctx, d.config.CertificateId, sslUpdateReq)\n\td.logger.Debug(\"sdk request 'apisix.SslUpdate'\", slog.Any(\"request\", sslUpdateReq), slog.Any(\"response\", sslUpdateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'apisix.SslUpdate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*apisixsdk.Client, error) {\n\tclient, err := apisixsdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/apisix/apisix_test.go",
"content": "package apisix_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/apisix\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n\tfCertificateId string\n)\n\nfunc init() {\n\targsPrefix := \"APISIX_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.StringVar(&fCertificateId, argsPrefix+\"CERTIFICATEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./apisix_test.go -args \\\n\t--APISIX_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--APISIX_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--APISIX_SERVERURL=\"http://127.0.0.1:9080\" \\\n\t--APISIX_APIKEY=\"your-api-key\" \\\n\t--APISIX_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/apisix/consts.go",
"content": "package apisix\n\nconst (\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aws-acm/aws_acm.go",
"content": "package awsacm\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aws-acm\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// AWS AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// AWS SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// AWS 区域。\n\tRegion string `json:\"region\"`\n\t// ACM 证书 ARN。\n\t// 选填。零值时表示新建证书;否则表示更新证书。\n\tCertificateArn string `json:\"certificateArn,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.CertificateArn == \"\" {\n\t\t// 上传证书\n\t\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t\t}\n\t} else {\n\t\t// 替换证书\n\t\topres, err := d.sdkCertmgr.Replace(ctx, d.config.CertificateArn, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront.go",
"content": "package awscloudfront\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\taws \"github.com/aws/aws-sdk-go-v2/aws\"\n\tawscfg \"github.com/aws/aws-sdk-go-v2/config\"\n\tawscred \"github.com/aws/aws-sdk-go-v2/credentials\"\n\t\"github.com/aws/aws-sdk-go-v2/service/cloudfront\"\n\t\"github.com/aws/aws-sdk-go-v2/service/cloudfront/types\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgracm \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aws-acm\"\n\tmcertmgriam \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aws-iam\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// AWS AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// AWS SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// AWS 区域。\n\tRegion string `json:\"region\"`\n\t// AWS CloudFront 分配 ID。\n\tDistributionId string `json:\"distributionId\"`\n\t// AWS CloudFront 证书来源。\n\t// 可取值 \"ACM\"、\"IAM\"。\n\tCertificateSource string `json:\"certificateSource\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *cloudfront.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tvar pcertmgr certmgr.Provider\n\tswitch config.CertificateSource {\n\tcase CERTIFICATE_SOURCE_ACM:\n\t\tpcertmgr, err = mcertmgracm.NewCertmgr(&mcertmgracm.CertmgrConfig{\n\t\t\tAccessKeyId: config.AccessKeyId,\n\t\t\tSecretAccessKey: config.SecretAccessKey,\n\t\t\tRegion: config.Region,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t\t}\n\n\tcase CERTIFICATE_SOURCE_IAM:\n\t\tpcertmgr, err = mcertmgriam.NewCertmgr(&mcertmgriam.CertmgrConfig{\n\t\t\tAccessKeyId: config.AccessKeyId,\n\t\t\tSecretAccessKey: config.SecretAccessKey,\n\t\t\tRegion: config.Region,\n\t\t\tCertificatePath: \"/cloudfront/\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported certificate source: '%s'\", config.CertificateSource)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.DistributionId == \"\" {\n\t\treturn nil, errors.New(\"config `distribuitionId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取分配配置\n\t// REF: https://docs.aws.amazon.com/en_us/cloudfront/latest/APIReference/API_GetDistributionConfig.html\n\tgetDistributionConfigReq := &cloudfront.GetDistributionConfigInput{\n\t\tId: aws.String(d.config.DistributionId),\n\t}\n\tgetDistributionConfigResp, err := d.sdkClient.GetDistributionConfig(ctx, getDistributionConfigReq)\n\td.logger.Debug(\"sdk request 'cloudfront.GetDistributionConfig'\", slog.Any(\"request\", getDistributionConfigReq), slog.Any(\"response\", getDistributionConfigResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cloudfront.GetDistributionConfig': %w\", err)\n\t}\n\n\t// 更新分配配置\n\t// REF: https://docs.aws.amazon.com/zh_cn/cloudfront/latest/APIReference/API_UpdateDistribution.html\n\tupdateDistributionReq := &cloudfront.UpdateDistributionInput{\n\t\tId: aws.String(d.config.DistributionId),\n\t\tDistributionConfig: getDistributionConfigResp.DistributionConfig,\n\t\tIfMatch: getDistributionConfigResp.ETag,\n\t}\n\tif updateDistributionReq.DistributionConfig.ViewerCertificate == nil {\n\t\tupdateDistributionReq.DistributionConfig.ViewerCertificate = &types.ViewerCertificate{}\n\t}\n\tupdateDistributionReq.DistributionConfig.ViewerCertificate.CloudFrontDefaultCertificate = aws.Bool(false)\n\tswitch d.config.CertificateSource {\n\tcase CERTIFICATE_SOURCE_ACM:\n\t\tupdateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = aws.String(upres.CertId)\n\t\tupdateDistributionReq.DistributionConfig.ViewerCertificate.IAMCertificateId = nil\n\n\tcase CERTIFICATE_SOURCE_IAM:\n\t\tupdateDistributionReq.DistributionConfig.ViewerCertificate.ACMCertificateArn = nil\n\t\tupdateDistributionReq.DistributionConfig.ViewerCertificate.IAMCertificateId = aws.String(upres.CertId)\n\t\tif updateDistributionReq.DistributionConfig.ViewerCertificate.MinimumProtocolVersion == \"\" {\n\t\t\tupdateDistributionReq.DistributionConfig.ViewerCertificate.MinimumProtocolVersion = types.MinimumProtocolVersionTLSv122018\n\t\t}\n\t\tif updateDistributionReq.DistributionConfig.ViewerCertificate.SSLSupportMethod == \"\" {\n\t\t\tupdateDistributionReq.DistributionConfig.ViewerCertificate.SSLSupportMethod = types.SSLSupportMethodSniOnly\n\t\t}\n\t}\n\tupdateDistributionResp, err := d.sdkClient.UpdateDistribution(ctx, updateDistributionReq)\n\td.logger.Debug(\"sdk request 'cloudfront.UpdateDistribution'\", slog.Any(\"request\", updateDistributionReq), slog.Any(\"response\", updateDistributionResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cloudfront.UpdateDistribution': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*cloudfront.Client, error) {\n\tcfg, err := awscfg.LoadDefaultConfig(context.Background())\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := cloudfront.NewFromConfig(cfg, func(o *cloudfront.Options) {\n\t\to.Region = region\n\t\to.Credentials = aws.NewCredentialsCache(awscred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, \"\"))\n\t})\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/aws-cloudfront/aws_cloudfront_test.go",
"content": "package awscloudfront_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/aws-cloudfront\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegion string\n\tfDistribuitionId string\n)\n\nfunc init() {\n\targsPrefix := \"AWSCLOUDFRONT_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDistribuitionId, argsPrefix+\"DISTRIBUTIONID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./aws_cloudfront_test.go -args \\\n\t--AWSCLOUDFRONT_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--AWSCLOUDFRONT_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--AWSCLOUDFRONT_ACCESSKEYID=\"your-access-key-id\" \\\n\t--AWSCLOUDFRONT_SECRETACCESSKEY=\"your-secret-access-id\" \\\n\t--AWSCLOUDFRONT_REGION=\"us-east-1\" \\\n\t--AWSCLOUDFRONT_DISTRIBUTIONID=\"your-distribution-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DISTRIBUTIONID: %v\", fDistribuitionId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegion: fRegion,\n\t\t\tDistributionId: fDistribuitionId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/aws-cloudfront/consts.go",
"content": "package awscloudfront\n\nconst (\n\tCERTIFICATE_SOURCE_ACM = \"ACM\"\n\tCERTIFICATE_SOURCE_IAM = \"IAM\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/aws-iam/aws_iam.go",
"content": "package awsiam\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/aws-iam\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// AWS AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// AWS SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// AWS 区域。\n\tRegion string `json:\"region\"`\n\t// IAM 证书路径。\n\t// 选填。\n\tCertificatePath string `json:\"certificatePath,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t\tRegion: config.Region,\n\t\tCertificatePath: config.CertificatePath,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go",
"content": "package azurekeyvault\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/azure-keyvault\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// Azure TenantId。\n\tTenantId string `json:\"tenantId\"`\n\t// Azure ClientId。\n\tClientId string `json:\"clientId\"`\n\t// Azure ClientSecret。\n\tClientSecret string `json:\"clientSecret\"`\n\t// Azure 主权云环境。\n\tCloudName string `json:\"cloudName,omitempty\"`\n\t// Key Vault 名称。\n\tKeyVaultName string `json:\"keyvaultName\"`\n\t// Key Vault 证书名称。\n\t// 选填。零值时表示新建证书;否则表示更新证书。\n\tCertificateName string `json:\"certificateName,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tTenantId: config.TenantId,\n\t\tClientId: config.ClientId,\n\t\tClientSecret: config.ClientSecret,\n\t\tCloudName: config.CloudName,\n\t\tKeyVaultName: config.KeyVaultName,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.CertificateName == \"\" {\n\t\t// 上传证书\n\t\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t\t}\n\t} else {\n\t\t// 替换证书\n\t\topres, err := d.sdkCertmgr.Replace(ctx, d.config.CertificateName, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-appblb/baiducloud_appblb.go",
"content": "package baiducloudappblb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\tbceappblb \"github.com/baidubce/bce-sdk-go/services/appblb\"\n\t\"github.com/pocketbase/pocketbase/tools/security\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/baiducloud-cert\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 百度智能云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 百度智能云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 百度智能云区域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听端口。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerPort int32 `json:\"listenerPort,omitempty\"`\n\t// SNI 域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *bceappblb.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询 BLB 实例详情\n\t// REF: https://cloud.baidu.com/doc/BLB/s/6jwvxnyhi#describeloadbalancerdetail%E6%9F%A5%E8%AF%A2blb%E5%AE%9E%E4%BE%8B%E8%AF%A6%E6%83%85\n\tdescribeLoadBalancerDetailResp, err := d.sdkClient.DescribeLoadBalancerDetail(d.config.LoadbalancerId)\n\td.logger.Debug(\"sdk request 'appblb.DescribeLoadBalancerAttribute'\", slog.String(\"blbId\", d.config.LoadbalancerId), slog.Any(\"response\", describeLoadBalancerDetailResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'appblb.DescribeLoadBalancerDetail': %w\", err)\n\t}\n\n\t// 获取全部 HTTPS/SSL 监听端口\n\tlisteners := make([]struct {\n\t\tType string\n\t\tPort int32\n\t}, 0)\n\tfor _, listener := range describeLoadBalancerDetailResp.Listener {\n\t\tif listener.Type == \"HTTPS\" || listener.Type == \"SSL\" {\n\t\t\tlistenerPort, err := strconv.Atoi(listener.Port)\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tlisteners = append(listeners, struct {\n\t\t\t\tType string\n\t\t\t\tPort int32\n\t\t\t}{\n\t\t\t\tType: listener.Type,\n\t\t\t\tPort: int32(listenerPort),\n\t\t\t})\n\t\t}\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listeners) == 0 {\n\t\td.logger.Info(\"no blb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https/ssl listeners to deploy\", slog.Any(\"listeners\", listeners))\n\t\tvar errs []error\n\n\t\tfor _, listener := range listeners {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\tif d.config.ListenerPort == 0 {\n\t\treturn errors.New(\"config `listenerPort` is required\")\n\t}\n\n\t// 查询监听\n\t// REF: https://cloud.baidu.com/doc/BLB/s/ujwvxnyux#describeappalllisteners%E6%9F%A5%E8%AF%A2%E6%89%80%E6%9C%89%E7%9B%91%E5%90%AC\n\tdescribeAppAllListenersRequest := &bceappblb.DescribeAppListenerArgs{\n\t\tListenerPort: uint16(d.config.ListenerPort),\n\t}\n\tdescribeAppAllListenersResp, err := d.sdkClient.DescribeAppAllListeners(d.config.LoadbalancerId, describeAppAllListenersRequest)\n\td.logger.Debug(\"sdk request 'appblb.DescribeAppAllListeners'\", slog.String(\"blbId\", d.config.LoadbalancerId), slog.Any(\"request\", describeAppAllListenersRequest), slog.Any(\"response\", describeAppAllListenersResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'appblb.DescribeAppAllListeners': %w\", err)\n\t}\n\n\t// 获取全部 HTTPS/SSL 监听端口\n\tlisteners := make([]struct {\n\t\tType string\n\t\tPort int32\n\t}, 0)\n\tfor _, listener := range describeAppAllListenersResp.ListenerList {\n\t\tif listener.ListenerType == \"HTTPS\" || listener.ListenerType == \"SSL\" {\n\t\t\tlisteners = append(listeners, struct {\n\t\t\t\tType string\n\t\t\t\tPort int32\n\t\t\t}{\n\t\t\t\tType: listener.ListenerType,\n\t\t\t\tPort: int32(listener.ListenerPort),\n\t\t\t})\n\t\t}\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listeners) == 0 {\n\t\td.logger.Info(\"no blb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https/ssl listeners to deploy\", slog.Any(\"listeners\", listeners))\n\t\tvar errs []error\n\n\t\tfor _, listener := range listeners {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudListenerType string, cloudListenerPort int32, cloudCertId string) error {\n\tswitch strings.ToUpper(cloudListenerType) {\n\tcase \"HTTPS\":\n\t\treturn d.updateHttpsListenerCertificate(ctx, cloudLoadbalancerId, cloudListenerPort, cloudCertId)\n\tcase \"SSL\":\n\t\treturn d.updateSslListenerCertificate(ctx, cloudLoadbalancerId, cloudListenerPort, cloudCertId)\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported listener type '%s'\", cloudListenerType)\n\t}\n}\n\nfunc (d *Deployer) updateHttpsListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudHttpsListenerPort int32, cloudCertId string) error {\n\t// 查询 HTTPS 监听器\n\t// REF: https://cloud.baidu.com/doc/BLB/s/ujwvxnyux#describeapphttpslisteners%E6%9F%A5%E8%AF%A2https%E7%9B%91%E5%90%AC%E5%99%A8\n\tdescribeAppHTTPSListenersReq := &bceappblb.DescribeAppListenerArgs{\n\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\tMaxKeys: 1,\n\t}\n\tdescribeAppHTTPSListenersResp, err := d.sdkClient.DescribeAppHTTPSListeners(cloudLoadbalancerId, describeAppHTTPSListenersReq)\n\td.logger.Debug(\"sdk request 'appblb.DescribeAppHTTPSListeners'\", slog.String(\"blbId\", cloudLoadbalancerId), slog.Any(\"request\", describeAppHTTPSListenersReq), slog.Any(\"response\", describeAppHTTPSListenersResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'appblb.DescribeAppHTTPSListeners': %w\", err)\n\t} else if len(describeAppHTTPSListenersResp.ListenerList) == 0 {\n\t\treturn fmt.Errorf(\"could not find listener '%s:%d'\", cloudLoadbalancerId, cloudHttpsListenerPort)\n\t}\n\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\n\t\t// 更新 HTTPS 监听器\n\t\t// REF: https://cloud.baidu.com/doc/BLB/s/ujwvxnyux#updateapphttpslistener%E6%9B%B4%E6%96%B0https%E7%9B%91%E5%90%AC%E5%99%A8\n\t\tupdateAppHTTPSListenerReq := &bceappblb.UpdateAppHTTPSListenerArgs{\n\t\t\tClientToken: security.RandomString(32),\n\t\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\t\tScheduler: describeAppHTTPSListenersResp.ListenerList[0].Scheduler,\n\t\t\tCertIds: []string{cloudCertId},\n\t\t}\n\t\terr := d.sdkClient.UpdateAppHTTPSListener(cloudLoadbalancerId, updateAppHTTPSListenerReq)\n\t\td.logger.Debug(\"sdk request 'appblb.UpdateAppHTTPSListener'\", slog.Any(\"request\", updateAppHTTPSListenerReq))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'appblb.UpdateAppHTTPSListener': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展域名\n\n\t\t// 更新 HTTPS 监听器\n\t\t// REF: https://cloud.baidu.com/doc/BLB/s/yjwvxnvl6#updatehttpslistener%E6%9B%B4%E6%96%B0https%E7%9B%91%E5%90%AC%E5%99%A8\n\t\tupdateAppHTTPSListenerReq := &bceappblb.UpdateAppHTTPSListenerArgs{\n\t\t\tClientToken: security.RandomString(32),\n\t\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\t\tScheduler: describeAppHTTPSListenersResp.ListenerList[0].Scheduler,\n\t\t\tCertIds: describeAppHTTPSListenersResp.ListenerList[0].CertIds,\n\t\t\tAdditionalCertDomains: lo.Map(describeAppHTTPSListenersResp.ListenerList[0].AdditionalCertDomains, func(domain bceappblb.AdditionalCertDomainsModel, _ int) bceappblb.AdditionalCertDomainsModel {\n\t\t\t\tif domain.Host == d.config.Domain {\n\t\t\t\t\treturn bceappblb.AdditionalCertDomainsModel{\n\t\t\t\t\t\tHost: domain.Host,\n\t\t\t\t\t\tCertId: cloudCertId,\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn bceappblb.AdditionalCertDomainsModel{\n\t\t\t\t\tHost: domain.Host,\n\t\t\t\t\tCertId: domain.CertId,\n\t\t\t\t}\n\t\t\t}),\n\t\t}\n\t\terr := d.sdkClient.UpdateAppHTTPSListener(cloudLoadbalancerId, updateAppHTTPSListenerReq)\n\t\td.logger.Debug(\"sdk request 'appblb.UpdateAppHTTPSListener'\", slog.Any(\"request\", updateAppHTTPSListenerReq))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'appblb.UpdateAppHTTPSListener': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateSslListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudHttpsListenerPort int32, cloudCertId string) error {\n\t// 更新 SSL 监听器\n\t// REF: https://cloud.baidu.com/doc/BLB/s/ujwvxnyux#updateappssllistener%E6%9B%B4%E6%96%B0ssl%E7%9B%91%E5%90%AC%E5%99%A8\n\tupdateAppSSLListenerReq := &bceappblb.UpdateAppSSLListenerArgs{\n\t\tClientToken: security.RandomString(32),\n\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\tCertIds: []string{cloudCertId},\n\t}\n\terr := d.sdkClient.UpdateAppSSLListener(cloudLoadbalancerId, updateAppSSLListenerReq)\n\td.logger.Debug(\"sdk request 'appblb.UpdateAppSSLListener'\", slog.Any(\"request\", updateAppSSLListenerReq))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'appblb.UpdateAppSSLListener': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*bceappblb.Client, error) {\n\tendpoint := \"\"\n\tif region != \"\" {\n\t\tendpoint = fmt.Sprintf(\"blb.%s.baidubce.com\", region)\n\t}\n\n\tclient, err := bceappblb.NewClient(accessKeyId, secretAccessKey, endpoint)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-appblb/baiducloud_appblb_test.go",
"content": "package baiducloudappblb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baiducloud-appblb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegion string\n\tfLoadbalancerId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"BAIDUCLOUDAPPBLB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baiducloud_appblb_test.go -args \\\n\t--BAIDUCLOUDAPPBLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAIDUCLOUDAPPBLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAIDUCLOUDAPPBLB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--BAIDUCLOUDAPPBLB_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--BAIDUCLOUDAPPBLB_REGION=\"bj\" \\\n\t--BAIDUCLOUDAPPBLB_LOADBALANCERID=\"your-blb-loadbalancer-id\" \\\n\t--BAIDUCLOUDAPPBLB_DOMAIN=\"your-blb-sni-domain\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tRegion: fRegion,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-appblb/consts.go",
"content": "package baiducloudappblb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-blb/baiducloud_blb.go",
"content": "package baiducloudblb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\tbceblb \"github.com/baidubce/bce-sdk-go/services/blb\"\n\t\"github.com/pocketbase/pocketbase/tools/security\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/baiducloud-cert\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 百度智能云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 百度智能云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 百度智能云区域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听端口。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerPort int32 `json:\"listenerPort,omitempty\"`\n\t// SNI 域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *bceblb.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询 BLB 实例详情\n\t// REF: https://cloud.baidu.com/doc/BLB/s/njwvxnv79#describeloadbalancerdetail%E6%9F%A5%E8%AF%A2blb%E5%AE%9E%E4%BE%8B%E8%AF%A6%E6%83%85\n\tdescribeLoadBalancerDetailResp, err := d.sdkClient.DescribeLoadBalancerDetail(d.config.LoadbalancerId)\n\td.logger.Debug(\"sdk request 'blb.DescribeLoadBalancerAttribute'\", slog.String(\"blbId\", d.config.LoadbalancerId), slog.Any(\"response\", describeLoadBalancerDetailResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'blb.DescribeLoadBalancerDetail': %w\", err)\n\t}\n\n\t// 获取全部 HTTPS/SSL 监听端口\n\tlisteners := make([]struct {\n\t\tType string\n\t\tPort int32\n\t}, 0)\n\tfor _, listener := range describeLoadBalancerDetailResp.Listener {\n\t\tif listener.Type == \"HTTPS\" || listener.Type == \"SSL\" {\n\t\t\tlistenerPort, err := strconv.Atoi(listener.Port)\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tlisteners = append(listeners, struct {\n\t\t\t\tType string\n\t\t\t\tPort int32\n\t\t\t}{\n\t\t\t\tType: listener.Type,\n\t\t\t\tPort: int32(listenerPort),\n\t\t\t})\n\t\t}\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listeners) == 0 {\n\t\td.logger.Info(\"no blb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https/ssl listeners to deploy\", slog.Any(\"listeners\", listeners))\n\t\tvar errs []error\n\n\t\tfor _, listener := range listeners {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\tif d.config.ListenerPort == 0 {\n\t\treturn errors.New(\"config `listenerPort` is required\")\n\t}\n\n\t// 查询监听\n\t// REF: https://cloud.baidu.com/doc/BLB/s/yjwvxnvl6#describealllisteners%E6%9F%A5%E8%AF%A2%E6%89%80%E6%9C%89%E7%9B%91%E5%90%AC\n\tdescribeAllListenersRequest := &bceblb.DescribeListenerArgs{\n\t\tListenerPort: uint16(d.config.ListenerPort),\n\t}\n\tdescribeAllListenersResp, err := d.sdkClient.DescribeAllListeners(d.config.LoadbalancerId, describeAllListenersRequest)\n\td.logger.Debug(\"sdk request 'blb.DescribeAllListeners'\", slog.String(\"blbId\", d.config.LoadbalancerId), slog.Any(\"request\", describeAllListenersRequest), slog.Any(\"response\", describeAllListenersResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'blb.DescribeAllListeners': %w\", err)\n\t}\n\n\t// 获取全部 HTTPS/SSL 监听端口\n\tlisteners := make([]struct {\n\t\tType string\n\t\tPort int32\n\t}, 0)\n\tfor _, listener := range describeAllListenersResp.AllListenerList {\n\t\tif listener.ListenerType == \"HTTPS\" || listener.ListenerType == \"SSL\" {\n\t\t\tlisteners = append(listeners, struct {\n\t\t\t\tType string\n\t\t\t\tPort int32\n\t\t\t}{\n\t\t\t\tType: listener.ListenerType,\n\t\t\t\tPort: int32(listener.ListenerPort),\n\t\t\t})\n\t\t}\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listeners) == 0 {\n\t\td.logger.Info(\"no blb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https/ssl listeners to deploy\", slog.Any(\"listeners\", listeners))\n\t\tvar errs []error\n\n\t\tfor _, listener := range listeners {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listener.Type, listener.Port, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudListenerType string, cloudListenerPort int32, cloudCertId string) error {\n\tswitch strings.ToUpper(cloudListenerType) {\n\tcase \"HTTPS\":\n\t\treturn d.updateHttpsListenerCertificate(ctx, cloudLoadbalancerId, cloudListenerPort, cloudCertId)\n\tcase \"SSL\":\n\t\treturn d.updateSslListenerCertificate(ctx, cloudLoadbalancerId, cloudListenerPort, cloudCertId)\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported listener type '%s'\", cloudListenerType)\n\t}\n}\n\nfunc (d *Deployer) updateHttpsListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudHttpsListenerPort int32, cloudCertId string) error {\n\t// 查询 HTTPS 监听器\n\t// REF: https://cloud.baidu.com/doc/BLB/s/yjwvxnvl6#describehttpslisteners%E6%9F%A5%E8%AF%A2https%E7%9B%91%E5%90%AC%E5%99%A8\n\tdescribeHTTPSListenersReq := &bceblb.DescribeListenerArgs{\n\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\tMaxKeys: 1,\n\t}\n\tdescribeHTTPSListenersResp, err := d.sdkClient.DescribeHTTPSListeners(cloudLoadbalancerId, describeHTTPSListenersReq)\n\td.logger.Debug(\"sdk request 'blb.DescribeHTTPSListeners'\", slog.String(\"blbId\", cloudLoadbalancerId), slog.Any(\"request\", describeHTTPSListenersReq), slog.Any(\"response\", describeHTTPSListenersResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'blb.DescribeHTTPSListeners': %w\", err)\n\t} else if len(describeHTTPSListenersResp.ListenerList) == 0 {\n\t\treturn fmt.Errorf(\"could not find listener '%s:%d'\", cloudLoadbalancerId, cloudHttpsListenerPort)\n\t}\n\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\n\t\t// 更新 HTTPS 监听器\n\t\t// REF: https://cloud.baidu.com/doc/BLB/s/yjwvxnvl6#updatehttpslistener%E6%9B%B4%E6%96%B0https%E7%9B%91%E5%90%AC%E5%99%A8\n\t\tupdateHTTPSListenerReq := &bceblb.UpdateHTTPSListenerArgs{\n\t\t\tClientToken: security.RandomString(32),\n\t\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\t\tCertIds: []string{cloudCertId},\n\t\t}\n\t\terr := d.sdkClient.UpdateHTTPSListener(cloudLoadbalancerId, updateHTTPSListenerReq)\n\t\td.logger.Debug(\"sdk request 'blb.UpdateHTTPSListener'\", slog.Any(\"request\", updateHTTPSListenerReq))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'blb.UpdateHTTPSListener': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展域名\n\n\t\t// 更新 HTTPS 监听器\n\t\t// REF: https://cloud.baidu.com/doc/BLB/s/yjwvxnvl6#updatehttpslistener%E6%9B%B4%E6%96%B0https%E7%9B%91%E5%90%AC%E5%99%A8\n\t\tupdateHTTPSListenerReq := &bceblb.UpdateHTTPSListenerArgs{\n\t\t\tClientToken: security.RandomString(32),\n\t\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\t\tCertIds: describeHTTPSListenersResp.ListenerList[0].CertIds,\n\t\t\tAdditionalCertDomains: lo.Map(describeHTTPSListenersResp.ListenerList[0].AdditionalCertDomains, func(domain bceblb.AdditionalCertDomainsModel, _ int) bceblb.AdditionalCertDomainsModel {\n\t\t\t\tif domain.Host == d.config.Domain {\n\t\t\t\t\treturn bceblb.AdditionalCertDomainsModel{\n\t\t\t\t\t\tHost: domain.Host,\n\t\t\t\t\t\tCertId: cloudCertId,\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\treturn bceblb.AdditionalCertDomainsModel{\n\t\t\t\t\tHost: domain.Host,\n\t\t\t\t\tCertId: domain.CertId,\n\t\t\t\t}\n\t\t\t}),\n\t\t}\n\t\terr := d.sdkClient.UpdateHTTPSListener(cloudLoadbalancerId, updateHTTPSListenerReq)\n\t\td.logger.Debug(\"sdk request 'blb.UpdateHTTPSListener'\", slog.Any(\"request\", updateHTTPSListenerReq))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'blb.UpdateHTTPSListener': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateSslListenerCertificate(ctx context.Context, cloudLoadbalancerId string, cloudHttpsListenerPort int32, cloudCertId string) error {\n\t// 更新 SSL 监听器\n\t// REF: https://cloud.baidu.com/doc/BLB/s/yjwvxnvl6#updatessllistener%E6%9B%B4%E6%96%B0ssl%E7%9B%91%E5%90%AC%E5%99%A8\n\tupdateSSLListenerReq := &bceblb.UpdateSSLListenerArgs{\n\t\tClientToken: security.RandomString(32),\n\t\tListenerPort: uint16(cloudHttpsListenerPort),\n\t\tCertIds: []string{cloudCertId},\n\t}\n\terr := d.sdkClient.UpdateSSLListener(cloudLoadbalancerId, updateSSLListenerReq)\n\td.logger.Debug(\"sdk request 'blb.UpdateSSLListener'\", slog.Any(\"request\", updateSSLListenerReq))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'blb.UpdateSSLListener': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*bceblb.Client, error) {\n\tendpoint := \"\"\n\tif region != \"\" {\n\t\tendpoint = fmt.Sprintf(\"blb.%s.baidubce.com\", region)\n\t}\n\n\tclient, err := bceblb.NewClient(accessKeyId, secretAccessKey, endpoint)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-blb/baiducloud_blb_test.go",
"content": "package baiducloudblb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baiducloud-blb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegion string\n\tfLoadbalancerId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"BAIDUCLOUDBLB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baiducloud_blb_test.go -args \\\n\t--BAIDUCLOUDBLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAIDUCLOUDBLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAIDUCLOUDBLB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--BAIDUCLOUDBLB_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--BAIDUCLOUDBLB_REGION=\"bj\" \\\n\t--BAIDUCLOUDBLB_LOADBALANCERID=\"your-blb-loadbalancer-id\" \\\n\t--BAIDUCLOUDBLB_DOMAIN=\"your-blb-sni-domain\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tRegion: fRegion,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-blb/consts.go",
"content": "package baiducloudblb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-cdn/baiducloud_cdn.go",
"content": "package baiducloudcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\tbcecdn \"github.com/baidubce/bce-sdk-go/services/cdn\"\n\tbcecdnapi \"github.com/baidubce/bce-sdk-go/services/cdn/api\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/samber/lo\"\n\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 百度智能云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 百度智能云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *bcecdn.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://cloud.baidu.com/doc/CDN/s/sjwvyewt1\n\tlistDomainsMarker := \"\"\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainsRespDomains, listDomainsNextMarker, err := d.sdkClient.ListDomains(listDomainsMarker)\n\t\td.logger.Debug(\"sdk request 'cdn.ListDomains'\", slog.String(\"request.marker\", listDomainsMarker), slog.Any(\"response.domains\", listDomainsRespDomains))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.ListDomains': %w\", err)\n\t\t}\n\n\t\tdomains = append(domains, listDomainsRespDomains...)\n\n\t\tif listDomainsNextMarker == \"\" {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainsMarker = listDomainsNextMarker\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, certPEM, privkeyPEM string) error {\n\t// 修改域名证书\n\t// REF: https://cloud.baidu.com/doc/CDN/s/qjzuz2hp8\n\tputCertResp, err := d.sdkClient.PutCert(\n\t\tdomain,\n\t\t&bcecdnapi.UserCertificate{\n\t\t\tCertName: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\t\tServerData: certPEM,\n\t\t\tPrivateData: privkeyPEM,\n\t\t},\n\t\t\"ON\",\n\t)\n\td.logger.Debug(\"sdk request 'cdn.PutCert'\", slog.String(\"request.domain\", domain), slog.Any(\"response\", putCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.PutCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*bcecdn.Client, error) {\n\tclient, err := bcecdn.NewClient(accessKeyId, secretAccessKey, \"\")\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-cdn/baiducloud_cdn_test.go",
"content": "package baiducloudcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baiducloud-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"BAIDUCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baiducloud_cdn_test.go -args \\\n\t--BAIDUCLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAIDUCLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAIDUCLOUDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--BAIDUCLOUDCDN_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--BAIDUCLOUDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-cdn/consts.go",
"content": "package baiducloudcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/baiducloud-cert/baiducloud_cert.go",
"content": "package baiducloudcert\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/baiducloud-cert\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 百度智能云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 百度智能云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baishan-cdn/baishan_cdn.go",
"content": "package baishancdn\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/baishan-cdn\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbaishansdk \"github.com/certimate-go/certimate/pkg/sdk3rd/baishan\"\n)\n\ntype DeployerConfig struct {\n\t// 白山云 API Token。\n\tApiToken string `json:\"apiToken\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 域名匹配模式。暂时只支持精确匹配。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *baishansdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tApiToken: config.ApiToken,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_DOMAIN:\n\t\tif err := d.deployToDomain(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToDomain(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.Domain == \"\" {\n\t\treturn errors.New(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 查询域名配置\n\t// REF: https://portal.baishancloud.com/track/document/api/1/1065\n\tgetDomainConfigReq := &baishansdk.GetDomainConfigRequest{\n\t\tDomains: lo.ToPtr(d.config.Domain),\n\t\tConfig: lo.ToPtr([]string{\"https\"}),\n\t}\n\tgetDomainConfigResp, err := d.sdkClient.GetDomainConfigWithContext(ctx, getDomainConfigReq)\n\td.logger.Debug(\"sdk request 'baishan.GetDomainConfig'\", slog.Any(\"request\", getDomainConfigReq), slog.Any(\"response\", getDomainConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'baishan.GetDomainConfig': %w\", err)\n\t} else if len(getDomainConfigResp.Data) == 0 {\n\t\treturn fmt.Errorf(\"could not find domain '%s'\", d.config.Domain)\n\t}\n\n\t// 设置域名配置\n\t// REF: https://portal.baishancloud.com/track/document/api/1/1045\n\tsetDomainConfigReq := &baishansdk.SetDomainConfigRequest{\n\t\tDomains: lo.ToPtr(d.config.Domain),\n\t\tConfig: &baishansdk.DomainConfig{\n\t\t\tHttps: &baishansdk.DomainConfigHttps{\n\t\t\t\tCertId: json.Number(upres.CertId),\n\t\t\t\tForceHttps: getDomainConfigResp.Data[0].Config.Https.ForceHttps,\n\t\t\t\tEnableHttp2: getDomainConfigResp.Data[0].Config.Https.EnableHttp2,\n\t\t\t\tEnableOcsp: getDomainConfigResp.Data[0].Config.Https.EnableOcsp,\n\t\t\t},\n\t\t},\n\t}\n\tsetDomainConfigResp, err := d.sdkClient.SetDomainConfigWithContext(ctx, setDomainConfigReq)\n\td.logger.Debug(\"sdk request 'baishan.SetDomainConfig'\", slog.Any(\"request\", setDomainConfigReq), slog.Any(\"response\", setDomainConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'baishan.SetDomainConfig': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == \"\" {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 替换证书\n\topres, err := d.sdkCertmgr.Replace(ctx, d.config.CertificateId, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(apiToken string) (*baishansdk.Client, error) {\n\treturn baishansdk.NewClient(apiToken)\n}\n"
},
{
"path": "pkg/core/deployer/providers/baishan-cdn/baishan_cdn_test.go",
"content": "package baishancdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baishan-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiToken string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"BAISHANCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baishan_cdn_test.go -args \\\n\t--BAISHANCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAISHANCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAISHANCDN_APITOKEN=\"your-api-token\" \\\n\t--BAISHANCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiToken: fApiToken,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baishan-cdn/consts.go",
"content": "package baishancdn\n\nconst (\n\t// 资源类型:替换指定域名的证书。\n\tRESOURCE_TYPE_DOMAIN = \"domain\"\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/baotapanel/baotapanel.go",
"content": "package baotapanel\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbtsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/btpanel\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 宝塔面板服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 宝塔面板接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 网站类型。\n\tSiteType string `json:\"siteType\"`\n\t// 网站名称。\n\tSiteNames []string `json:\"siteNames,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *btsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nvar btProjectTypes = []string{\"php\", \"java\", \"nodejs\", \"go\", \"python\", \"proxy\", \"html\", \"general\"}\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif len(d.config.SiteNames) == 0 {\n\t\treturn nil, errors.New(\"config `siteNames` is required\")\n\t}\n\n\tswitch d.config.SiteType {\n\tcase \"any\":\n\t\t{\n\t\t\t// 上传证书\n\t\t\tsslCertSaveCertReq := &btsdk.SSLCertSaveCertRequest{\n\t\t\t\tCertificate: certPEM,\n\t\t\t\tPrivateKey: privkeyPEM,\n\t\t\t}\n\t\t\tsslCertSaveCertResp, err := d.sdkClient.SSLCertSaveCertWithContext(ctx, sslCertSaveCertReq)\n\t\t\td.logger.Debug(\"sdk request 'bt.SSLCertSaveCert'\", slog.Any(\"request\", sslCertSaveCertReq), slog.Any(\"response\", sslCertSaveCertResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.SSLCertSaveCert': %w\", err)\n\t\t\t}\n\n\t\t\t// 设置站点证书\n\t\t\tsslSetBatchCertToSiteReq := &btsdk.SSLSetBatchCertToSiteRequest{\n\t\t\t\tBatchInfo: lo.Map(d.config.SiteNames, func(siteName string, _ int) *btsdk.SSLSetBatchCertToSiteRequestBatchInfo {\n\t\t\t\t\treturn &btsdk.SSLSetBatchCertToSiteRequestBatchInfo{\n\t\t\t\t\t\tSiteName: siteName,\n\t\t\t\t\t\tSSLHash: sslCertSaveCertResp.SSLHash,\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t\t}\n\t\t\tsslSetBatchCertToSiteResp, err := d.sdkClient.SSLSetBatchCertToSiteWithContext(ctx, sslSetBatchCertToSiteReq)\n\t\t\td.logger.Debug(\"sdk request 'bt.SSLSetBatchCertToSite'\", slog.Any(\"request\", sslSetBatchCertToSiteReq), slog.Any(\"response\", sslSetBatchCertToSiteResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.SSLSetBatchCertToSite': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\t{\n\t\t\tif d.config.SiteType != \"\" {\n\t\t\t\tif !lo.Contains(btProjectTypes, d.config.SiteType) {\n\t\t\t\t\treturn nil, fmt.Errorf(\"unsupported site type: '%s'\", d.config.SiteType)\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 遍历更新站点证书\n\t\t\tvar errs []error\n\t\t\tfor i, siteName := range d.config.SiteNames {\n\t\t\t\tselect {\n\t\t\t\tcase <-ctx.Done():\n\t\t\t\t\treturn nil, ctx.Err()\n\t\t\t\tdefault:\n\t\t\t\t\tif err := d.updateSiteCertificate(ctx, d.config.SiteType, siteName, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t\t}\n\t\t\t\t\tif i < len(d.config.SiteNames)-1 {\n\t\t\t\t\t\txwait.DelayWithContext(ctx, time.Second*5)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tif len(errs) > 0 {\n\t\t\t\treturn nil, errors.Join(errs...)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) updateSiteCertificate(ctx context.Context, siteType, siteName string, certPEM, privkeyPEM string) error {\n\tswitch siteType {\n\tcase \"proxy\":\n\t\t{\n\t\t\t// 设置代理 SSL 证书\n\t\t\tmodProxyComSetSSLReq := &btsdk.ModProxyComSetSSLRequest{\n\t\t\t\tSiteName: siteName,\n\t\t\t\tCertificate: certPEM,\n\t\t\t\tPrivateKey: privkeyPEM,\n\t\t\t}\n\t\t\tmodProxyComSetSSLResp, err := d.sdkClient.ModProxyComSetSSLWithContext(ctx, modProxyComSetSSLReq)\n\t\t\td.logger.Debug(\"sdk request 'bt.ModProxyComSetSSL'\", slog.Any(\"request\", modProxyComSetSSLReq), slog.Any(\"response\", modProxyComSetSSLResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'bt.ModProxyComSetSSL': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\t{\n\t\t\t// 设置站点 SSL 证书\n\t\t\tsiteSetSSLReq := &btsdk.SiteSetSSLRequest{\n\t\t\t\tType: \"0\",\n\t\t\t\tSiteName: siteName,\n\t\t\t\tCertificate: certPEM,\n\t\t\t\tPrivateKey: privkeyPEM,\n\t\t\t}\n\t\t\tsiteSetSSLResp, err := d.sdkClient.SiteSetSSLWithContext(ctx, siteSetSSLReq)\n\t\t\td.logger.Debug(\"sdk request 'bt.SiteSetSSL'\", slog.Any(\"request\", siteSetSSLReq), slog.Any(\"response\", siteSetSSLResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'bt.SiteSetSSL': %w\", err)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {\n\tclient, err := btsdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotapanel/baotapanel_test.go",
"content": "package baotapanel_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanel\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n\tfSiteType string\n\tfSiteName string\n)\n\nfunc init() {\n\targsPrefix := \"BAOTAPANEL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.StringVar(&fSiteType, argsPrefix+\"SITETYPE\", \"\", \"\")\n\tflag.StringVar(&fSiteName, argsPrefix+\"SITENAME\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baotapanel_test.go -args \\\n\t--BAOTAPANEL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAOTAPANEL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAOTAPANEL_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--BAOTAPANEL_APIKEY=\"your-api-key\" \\\n\t--BAOTAPANEL_SITETYPE=\"php\" \\\n\t--BAOTAPANEL_SITENAME=\"your-site-name\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"SITETYPE: %v\", fSiteType),\n\t\t\tfmt.Sprintf(\"SITENAME: %v\", fSiteName),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tSiteType: fSiteType,\n\t\t\tSiteNames: []string{fSiteName},\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go",
"content": "package baotapanelconsole\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbtsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/btpanel\"\n)\n\ntype DeployerConfig struct {\n\t// 宝塔面板服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 宝塔面板接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 是否自动重启。\n\tAutoRestart bool `json:\"autoRestart\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *btsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 设置面板 SSL 证书\n\tconfigSavePanelSSLReq := &btsdk.ConfigSavePanelSSLRequest{\n\t\tPrivateKey: privkeyPEM,\n\t\tCertificate: certPEM,\n\t}\n\tconfigSavePanelSSLResp, err := d.sdkClient.ConfigSavePanelSSLWithContext(ctx, configSavePanelSSLReq)\n\td.logger.Debug(\"sdk request 'bt.ConfigSavePanelSSL'\", slog.Any(\"request\", configSavePanelSSLReq), slog.Any(\"response\", configSavePanelSSLResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.ConfigSavePanelSSL': %w\", err)\n\t}\n\n\tif d.config.AutoRestart {\n\t\t// 重启面板(无需关心响应,因为宝塔重启时会断开连接产生 error)\n\t\tsystemServiceAdminReq := &btsdk.SystemServiceAdminRequest{\n\t\t\tName: \"nginx\",\n\t\t\tType: \"restart\",\n\t\t}\n\t\tsystemServiceAdminResp, _ := d.sdkClient.SystemServiceAdminWithContext(ctx, systemServiceAdminReq)\n\t\td.logger.Debug(\"sdk request 'bt.SystemServiceAdmin'\", slog.Any(\"request\", systemServiceAdminReq), slog.Any(\"response\", systemServiceAdminResp))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {\n\tclient, err := btsdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotapanel-console/baotapanel_console_test.go",
"content": "package baotapanelconsole_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanel-console\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"BAOTAPANELCONSOLE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baotapanel_console_test.go -args \\\n\t--BAOTAPANELCONSOLE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAOTAPANELCONSOLE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAOTAPANELCONSOLE_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--BAOTAPANELCONSOLE_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tAutoRestart: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotapanelgo/baotapanelgo.go",
"content": "package baotapanelgo\n\nimport (\n\t\"context\"\n\t\"crypto/sha256\"\n\t\"crypto/tls\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbtsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/btpanelgo\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 宝塔面板服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 宝塔面板接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 网站类型。\n\tSiteType string `json:\"siteType\"`\n\t// 网站名称。\n\tSiteNames []string `json:\"siteNames,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *btsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nvar (\n\tbtProjectTypes = []string{\"php\", \"java\", \"asp\", \"go\", \"python\", \"nodejs\", \"proxy\", \"general\"}\n\tbtProjectTypesInIIS = []string{\"php\", \"asp\", \"aspx\"}\n)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif len(d.config.SiteNames) == 0 {\n\t\treturn nil, errors.New(\"config `siteNames` is required\")\n\t}\n\n\tif d.config.SiteType != \"\" {\n\t\tif !lo.Contains(btProjectTypes, d.config.SiteType) && !lo.Contains(btProjectTypesInIIS, d.config.SiteType) {\n\t\t\treturn nil, fmt.Errorf(\"unsupported site type: '%s'\", d.config.SiteType)\n\t\t}\n\t}\n\n\t// 遍历更新站点证书\n\tvar errs []error\n\tfor i, siteName := range d.config.SiteNames {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t\tif err := d.updateSiteCertificate(ctx, d.config.SiteType, siteName, certPEM, privkeyPEM); err != nil {\n\t\t\t\terrs = append(errs, err)\n\t\t\t}\n\t\t\tif i < len(d.config.SiteNames)-1 {\n\t\t\t\txwait.DelayWithContext(ctx, time.Second*5)\n\t\t\t}\n\t\t}\n\t}\n\tif len(errs) > 0 {\n\t\treturn nil, errors.Join(errs...)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) findSiteByName(ctx context.Context, siteType, siteName string) (*btsdk.SiteData, error) {\n\tif siteType == \"\" || lo.Contains(btProjectTypesInIIS, siteType) {\n\t\t// 查询网站列表\n\t\tdatalistGetDataListPage := 1\n\t\tdatalistGetDataListLimit := 10\n\t\tfor {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t}\n\n\t\t\tdatalistGetDataListReq := &btsdk.DatalistGetDataListRequest{\n\t\t\t\tTable: lo.ToPtr(\"sites\"),\n\t\t\t\tSearchString: lo.ToPtr(siteName),\n\t\t\t\tPage: lo.ToPtr(int32(datalistGetDataListPage)),\n\t\t\t\tLimit: lo.ToPtr(int32(datalistGetDataListLimit)),\n\t\t\t}\n\t\t\tdatalistGetDataListResp, err := d.sdkClient.DatalistGetDataListWithContext(ctx, datalistGetDataListReq)\n\t\t\td.logger.Debug(\"sdk request 'bt.DatalistGetDataList'\", slog.Any(\"request\", datalistGetDataListReq), slog.Any(\"response\", datalistGetDataListResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.DatalistGetDataList': %w\", err)\n\t\t\t}\n\n\t\t\tfor _, siteItem := range datalistGetDataListResp.Data {\n\t\t\t\tif strings.EqualFold(siteItem.Name, siteName) {\n\t\t\t\t\treturn siteItem, nil\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif len(datalistGetDataListResp.Data) < datalistGetDataListLimit {\n\t\t\t\tbreak\n\t\t\t}\n\n\t\t\tdatalistGetDataListPage++\n\t\t}\n\t} else {\n\t\t// 查询网站列表\n\t\tsiteGetProjectListPage := 1\n\t\tsiteGetProjectListLimit := 10\n\t\tfor {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t}\n\n\t\t\tsiteGetProjectListReq := &btsdk.SiteGetProjectListRequest{\n\t\t\t\tSearchType: lo.ToPtr(siteType),\n\t\t\t\tSearchString: lo.ToPtr(siteName),\n\t\t\t\tPage: lo.ToPtr(int32(siteGetProjectListPage)),\n\t\t\t\tLimit: lo.ToPtr(int32(siteGetProjectListLimit)),\n\t\t\t}\n\t\t\tsiteGetProjectListResp, err := d.sdkClient.SiteGetProjectListWithContext(ctx, siteGetProjectListReq)\n\t\t\td.logger.Debug(\"sdk request 'bt.SiteGetProjectList'\", slog.Any(\"request\", siteGetProjectListReq), slog.Any(\"response\", siteGetProjectListResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.SiteGetProjectList': %w\", err)\n\t\t\t}\n\n\t\t\tfor _, siteItem := range siteGetProjectListResp.Data {\n\t\t\t\tif strings.EqualFold(siteItem.Name, siteName) {\n\t\t\t\t\treturn siteItem, nil\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif len(siteGetProjectListResp.Data) < siteGetProjectListLimit {\n\t\t\t\tbreak\n\t\t\t}\n\n\t\t\tsiteGetProjectListPage++\n\t\t}\n\t}\n\n\treturn nil, fmt.Errorf(\"could not find site '%s'\", siteName)\n}\n\nfunc (d *Deployer) updateSiteCertificate(ctx context.Context, siteType, siteName string, certPEM, privkeyPEM string) error {\n\t// 获取面板配置\n\tpanelGetConfigReq := &btsdk.PanelGetConfigRequest{}\n\tpanelGetConfigResp, err := d.sdkClient.PanelGetConfigWithContext(ctx, panelGetConfigReq)\n\td.logger.Debug(\"sdk request 'bt.PanelGetConfig'\", slog.Any(\"request\", panelGetConfigReq), slog.Any(\"response\", panelGetConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'bt.PanelGetConfig': %w\", err)\n\t}\n\n\t// 获取网站\n\tsiteData, err := d.findSiteByName(ctx, siteType, siteName)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 根据服务器类型部署证书\n\tpfxRequried := panelGetConfigResp.Site != nil && strings.EqualFold(panelGetConfigResp.Site.WebServer, \"iis\")\n\tif pfxRequried {\n\t\t// 转换证书格式\n\t\tcertPFXPassword := \"certimate\"\n\t\tcertPFX, err := xcert.TransformCertificateFromPEMToPFX(certPEM, privkeyPEM, certPFXPassword)\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to transform certificate from PEM to PFX: %w\", err)\n\t\t}\n\n\t\t// 上传证书\n\t\tcertPFXHash := sha256.Sum256([]byte(certPFX))\n\t\tcertPFXHashHex := hex.EncodeToString(certPFXHash[:])\n\t\tcertPFXPath := panelGetConfigResp.Paths.Soft + \"/temp/ssl/certimate\"\n\t\tcertPFXFileName := fmt.Sprintf(\"%s.pfx\", certPFXHashHex)\n\t\tfilesUploadReq := &btsdk.FilesUploadRequest{\n\t\t\tPath: lo.ToPtr(certPFXPath),\n\t\t\tName: lo.ToPtr(certPFXFileName),\n\t\t\tStart: lo.ToPtr(int32(0)),\n\t\t\tSize: lo.ToPtr(int32(len(certPFX))),\n\t\t\tBlob: certPFX,\n\t\t\tForce: lo.ToPtr(true),\n\t\t}\n\t\tfilesUploadResp, err := d.sdkClient.FilesUploadWithContext(ctx, filesUploadReq)\n\t\td.logger.Debug(\"sdk request 'bt.FilesUpload'\", slog.Any(\"request\", filesUploadReq), slog.Any(\"response\", filesUploadResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'bt.FilesUpload': %w\", err)\n\t\t}\n\n\t\t// 服务器为 IIS,设置网站 SSL\n\t\tsiteSetSitePFXSSLReq := &btsdk.SiteSetSitePFXSSLRequest{\n\t\t\tSiteId: lo.ToPtr(siteData.Id),\n\t\t\tPFX: lo.ToPtr(fmt.Sprintf(\"%s/%s\", certPFXPath, certPFXFileName)),\n\t\t\tPassword: lo.ToPtr(certPFXPassword),\n\t\t}\n\t\tsiteSetSitePFXSSLResp, err := d.sdkClient.SiteSetSitePFXSSLWithContext(ctx, siteSetSitePFXSSLReq)\n\t\td.logger.Debug(\"sdk request 'bt.SiteSetSitePFXSSL'\", slog.Any(\"request\", siteSetSitePFXSSLReq), slog.Any(\"response\", siteSetSitePFXSSLResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'bt.SiteSetSitePFXSSL': %w\", err)\n\t\t}\n\t} else {\n\t\t// 服务器非 IIS,设置网站 SSL\n\t\tsiteSetSiteSSLReq := &btsdk.SiteSetSiteSSLRequest{\n\t\t\tSiteId: lo.ToPtr(siteData.Id),\n\t\t\tStatus: lo.ToPtr(true),\n\t\t\tKey: lo.ToPtr(privkeyPEM),\n\t\t\tCert: lo.ToPtr(certPEM),\n\t\t}\n\t\tsiteSetSiteSSLResp, err := d.sdkClient.SiteSetSiteSSLWithContext(ctx, siteSetSiteSSLReq)\n\t\td.logger.Debug(\"sdk request 'bt.SiteSetSiteSSL'\", slog.Any(\"request\", siteSetSiteSSLReq), slog.Any(\"response\", siteSetSiteSSLResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'bt.SiteSetSiteSSL': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {\n\tclient, err := btsdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotapanelgo/baotapanelgo_test.go",
"content": "package baotapanelgo_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanelgo\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n\tfSiteType string\n\tfSiteName string\n)\n\nfunc init() {\n\targsPrefix := \"BAOTAPANELGO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.StringVar(&fSiteType, argsPrefix+\"SITETYPE\", \"\", \"\")\n\tflag.StringVar(&fSiteName, argsPrefix+\"SITENAME\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baotapanelgo_test.go -args \\\n\t--BAOTAPANELGO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAOTAPANELGO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAOTAPANELGO_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--BAOTAPANELGO_APIKEY=\"your-api-key\" \\\n\t--BAOTAPANELGO_SITETYPE=\"your-site-type\" \\\n\t--BAOTAPANELGO_SITENAME=\"your-site-name\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"SITETYPE: %v\", fSiteType),\n\t\t\tfmt.Sprintf(\"SITENAME: %v\", fSiteName),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tSiteType: fSiteType,\n\t\t\tSiteNames: []string{fSiteName},\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotapanelgo-console/baotapanelgo_console.go",
"content": "package baotapanelgoconsole\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbtsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/btpanelgo\"\n)\n\ntype DeployerConfig struct {\n\t// 宝塔面板服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 宝塔面板接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *btsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 设置面板 SSL 证书\n\tconfigSetPanelSSLReq := &btsdk.ConfigSetPanelSSLRequest{\n\t\tSSLStatus: lo.ToPtr(int32(1)),\n\t\tSSLKey: lo.ToPtr(privkeyPEM),\n\t\tSSLPem: lo.ToPtr(certPEM),\n\t}\n\tconfigSetPanelSSLResp, err := d.sdkClient.ConfigSetPanelSSLWithContext(ctx, configSetPanelSSLReq)\n\td.logger.Debug(\"sdk request 'bt.ConfigSetPanelSSL'\", slog.Any(\"request\", configSetPanelSSLReq), slog.Any(\"response\", configSetPanelSSLResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.ConfigSetPanelSSL': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {\n\tclient, err := btsdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotapanelgo-console/baotapanelgo_console_test.go",
"content": "package baotapanelgoconsole_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotapanelgo-console\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"BAOTAPANELGOCONSOLE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baotapanelgo_console_test.go -args \\\n\t--BAOTAPANELGOCONSOLE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAOTAPANELGOCONSOLE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAOTAPANELGOCONSOLE_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--BAOTAPANELGOCONSOLE_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotawaf/baotawaf.go",
"content": "package baotawaf\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbtwafsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/btwaf\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 堡塔云 WAF 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 堡塔云 WAF 接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 网站名称。\n\tSiteNames []string `json:\"siteNames\"`\n\t// 网站 SSL 端口。\n\t// 零值时默认值 443。\n\tSitePort int32 `json:\"sitePort,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *btwafsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif len(d.config.SiteNames) == 0 {\n\t\treturn nil, errors.New(\"config `siteNames` is required\")\n\t}\n\n\t// 遍历更新站点证书\n\tvar errs []error\n\tfor i, siteName := range d.config.SiteNames {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t\tif err := d.updateSiteCertificate(ctx, siteName, d.config.SitePort, certPEM, privkeyPEM); err != nil {\n\t\t\t\terrs = append(errs, err)\n\t\t\t}\n\t\t\tif i < len(d.config.SiteNames)-1 {\n\t\t\t\txwait.DelayWithContext(ctx, time.Second*5)\n\t\t\t}\n\t\t}\n\t}\n\tif len(errs) > 0 {\n\t\treturn nil, errors.Join(errs...)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) findSiteByName(ctx context.Context, siteName string) (*btwafsdk.SiteRecord, error) {\n\t// 查询网站列表\n\tgetSiteListPage := 1\n\tgetSiteListPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetSiteListReq := &btwafsdk.GetSiteListRequest{\n\t\t\tSiteName: lo.ToPtr(siteName),\n\t\t\tPage: lo.ToPtr(int32(getSiteListPage)),\n\t\t\tPageSize: lo.ToPtr(int32(getSiteListPageSize)),\n\t\t}\n\t\tgetSiteListResp, err := d.sdkClient.GetSiteListWithContext(ctx, getSiteListReq)\n\t\td.logger.Debug(\"sdk request 'bt.GetSiteList'\", slog.Any(\"request\", getSiteListReq), slog.Any(\"response\", getSiteListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.GetSiteList': %w\", err)\n\t\t}\n\n\t\tif getSiteListResp.Result == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, siteItem := range getSiteListResp.Result.List {\n\t\t\tif siteItem.SiteName == siteName {\n\t\t\t\treturn siteItem, nil\n\t\t\t}\n\t\t}\n\n\t\tif len(getSiteListResp.Result.List) < getSiteListPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tgetSiteListPage++\n\t}\n\n\treturn nil, fmt.Errorf(\"could not find site '%s'\", siteName)\n}\n\nfunc (d *Deployer) updateSiteCertificate(ctx context.Context, siteName string, sitePort int32, certPEM, privkeyPEM string) error {\n\tif sitePort == 0 {\n\t\tsitePort = 443\n\t}\n\n\t// 获取网站配置\n\tsiteData, err := d.findSiteByName(ctx, siteName)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 修改网站配置\n\tmodifySiteReq := &btwafsdk.ModifySiteRequest{\n\t\tSiteId: lo.ToPtr(siteData.SiteId),\n\t\tType: lo.ToPtr(\"openCert\"),\n\t\tServer: &btwafsdk.SiteServerInfoMod{\n\t\t\tListenSSLPorts: lo.ToPtr([]string{fmt.Sprintf(\"%d\", d.config.SitePort)}),\n\t\t\tSSL: &btwafsdk.SiteServerSSLInfo{\n\t\t\t\tIsSSL: lo.ToPtr(int32(1)),\n\t\t\t\tFullChain: lo.ToPtr(certPEM),\n\t\t\t\tPrivateKey: lo.ToPtr(privkeyPEM),\n\t\t\t},\n\t\t},\n\t}\n\tmodifySiteResp, err := d.sdkClient.ModifySiteWithContext(ctx, modifySiteReq)\n\td.logger.Debug(\"sdk request 'bt.ModifySite'\", slog.Any(\"request\", modifySiteReq), slog.Any(\"response\", modifySiteResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'bt.ModifySite': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*btwafsdk.Client, error) {\n\tclient, err := btwafsdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotawaf/baotawaf_test.go",
"content": "package baotawaf_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotawaf\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n\tfSiteName string\n\tfSitePort int64\n)\n\nfunc init() {\n\targsPrefix := \"BAOTAWAF_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.StringVar(&fSiteName, argsPrefix+\"SITENAME\", \"\", \"\")\n\tflag.Int64Var(&fSitePort, argsPrefix+\"SITEPORT\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baotawaf_test.go -args \\\n\t--BAOTAWAF_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAOTAWAF_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAOTAWAF_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--BAOTAWAF_APIKEY=\"your-api-key\" \\\n\t--BAOTAWAF_SITENAME=\"your-site-name\" \\\n\t--BAOTAWAF_SITEPORT=443\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"SITENAME: %v\", fSiteName),\n\t\t\tfmt.Sprintf(\"SITEPORT: %v\", fSitePort),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tSiteNames: []string{fSiteName},\n\t\t\tSitePort: int32(fSitePort),\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotawaf-console/baotawaf_console.go",
"content": "package baotapanelconsole\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbtwafsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/btwaf\"\n)\n\ntype DeployerConfig struct {\n\t// 堡塔云 WAF 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 堡塔云 WAF 接口密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *btwafsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 设置面板 SSL\n\tconfigSetCertReq := &btwafsdk.ConfigSetCertRequest{\n\t\tCertContent: lo.ToPtr(certPEM),\n\t\tKeyContent: lo.ToPtr(privkeyPEM),\n\t}\n\tconfigSetCertResp, err := d.sdkClient.ConfigSetCertWithContext(ctx, configSetCertReq)\n\td.logger.Debug(\"sdk request 'bt.ConfigSetCert'\", slog.Any(\"request\", configSetCertReq), slog.Any(\"response\", configSetCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bt.ConfigSetCert': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(serverUrl, apiKey string, skipTlsVerify bool) (*btwafsdk.Client, error) {\n\tclient, err := btwafsdk.NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/baotawaf-console/baotawaf_console_test.go",
"content": "package baotapanelconsole_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/baotawaf-console\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n\tfSiteName string\n\tfSitePort int64\n)\n\nfunc init() {\n\targsPrefix := \"BAOTAWAFCONSOLE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./baotawaf_console_test.go -args \\\n\t--BAOTAWAFCONSOLE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BAOTAWAFCONSOLE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BAOTAWAFCONSOLE_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--BAOTAWAFCONSOLE_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go",
"content": "package bunnycdn\n\nimport (\n\t\"context\"\n\t\"encoding/base64\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tbunnysdk \"github.com/certimate-go/certimate/pkg/sdk3rd/bunny\"\n)\n\ntype DeployerConfig struct {\n\t// Bunny API Key。\n\tApiKey string `json:\"apiKey\"`\n\t// Bunny Pull Zone ID。\n\tPullZoneId string `json:\"pullZoneId\"`\n\t// Bunny CDN Hostname。\n\tHostname string `json:\"hostname\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *bunnysdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.PullZoneId == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `pullZoneId` is required\")\n\t}\n\tif d.config.Hostname == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `hostname` is required\")\n\t}\n\n\t// 上传证书\n\tcreateCertificateReq := &bunnysdk.AddCustomCertificateRequest{\n\t\tHostname: d.config.Hostname,\n\t\tCertificate: base64.StdEncoding.EncodeToString([]byte(certPEM)),\n\t\tCertificateKey: base64.StdEncoding.EncodeToString([]byte(privkeyPEM)),\n\t}\n\terr := d.sdkClient.AddCustomCertificateWithContext(ctx, d.config.PullZoneId, createCertificateReq)\n\td.logger.Debug(\"sdk request 'bunny.AddCustomCertificate'\", slog.Any(\"request\", createCertificateReq))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'bunny.AddCustomCertificate': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(apiKey string) (*bunnysdk.Client, error) {\n\treturn bunnysdk.NewClient(apiKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go",
"content": "package bunnycdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/bunny-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiKey string\n\tfPullZoneId string\n\tfHostName string\n)\n\nfunc init() {\n\targsPrefix := \"BUNNYCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.StringVar(&fPullZoneId, argsPrefix+\"PULLZONEID\", \"\", \"\")\n\tflag.StringVar(&fHostName, argsPrefix+\"HOSTNAME\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./bunny_cdn_test.go -args \\\n\t--BUNNYCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BUNNYCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BUNNYCDN_APITOKEN=\"your-api-token\" \\\n\t--BUNNYCDN_PULLZONEID=\"your-pull-zone-id\" \\\n\t--BUNNYCDN_HOSTNAME=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"PULLZONEID: %v\", fPullZoneId),\n\t\t\tfmt.Sprintf(\"HOSTNAME: %v\", fHostName),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiKey: fApiKey,\n\t\t\tPullZoneId: fPullZoneId,\n\t\t\tHostname: fHostName,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn.go",
"content": "package bytepluscdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\tbpcdn \"github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn\"\n\tbp \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/byteplus-cdn\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// BytePlus AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// BytePlus SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *bpcdn.CDN\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient := bpcdn.NewInstance()\n\tclient.Client.SetAccessKey(config.AccessKey)\n\tclient.Client.SetSecretKey(config.SecretKey)\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKey: config.AccessKey,\n\t\tSecretKey: config.SecretKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getMatchedDomainsByWildcard(ctx, d.config.Domain)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = domainCandidates\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tdomainCandidates, err := d.getMatchedDomainsByCertId(ctx, upres.CertId)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = domainCandidates\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历绑定证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByWildcard(ctx context.Context, wildcardDomain string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询加速域名列表,获取匹配的域名\n\t// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/ListCdnDomains_en-us\n\tlistCdnDomainsPageNum := 1\n\tlistCdnDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCdnDomainsReq := &bpcdn.ListCdnDomainsRequest{\n\t\t\tDomain: bp.String(strings.TrimPrefix(wildcardDomain, \"*.\")),\n\t\t\tStatus: bp.String(\"online\"),\n\t\t\tPageNum: bp.Int64(int64(listCdnDomainsPageNum)),\n\t\t\tPageSize: bp.Int64(int64(listCdnDomainsPageSize)),\n\t\t}\n\t\tlistCdnDomainsResp, err := d.sdkClient.ListCdnDomains(listCdnDomainsReq)\n\t\td.logger.Debug(\"sdk request 'cdn.ListCdnDomains'\", slog.Any(\"request\", listCdnDomainsReq), slog.Any(\"response\", listCdnDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.ListCdnDomains': %w\", err)\n\t\t}\n\n\t\tfor _, domainItem := range listCdnDomainsResp.Result.Data {\n\t\t\tif xcerthostname.IsMatch(wildcardDomain, domainItem.Domain) {\n\t\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t\t}\n\t\t}\n\n\t\tif len(listCdnDomainsResp.Result.Data) < listCdnDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCdnDomainsPageSize++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByCertId(ctx context.Context, cloudCertId string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 获取指定证书可关联的域名\n\t// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-describecertconfig-9ea17\n\tdescribeCertConfigReq := &bpcdn.DescribeCertConfigRequest{\n\t\tCertId: cloudCertId,\n\t}\n\tdescribeCertConfigResp, err := d.sdkClient.DescribeCertConfig(describeCertConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.DescribeCertConfig'\", slog.Any(\"request\", describeCertConfigReq), slog.Any(\"response\", describeCertConfigResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeCertConfig': %w\", err)\n\t}\n\n\tif describeCertConfigResp.Result.CertNotConfig != nil {\n\t\tfor i := range describeCertConfigResp.Result.CertNotConfig {\n\t\t\tdomains = append(domains, describeCertConfigResp.Result.CertNotConfig[i].Domain)\n\t\t}\n\t}\n\n\tif describeCertConfigResp.Result.OtherCertConfig != nil {\n\t\tfor i := range describeCertConfigResp.Result.OtherCertConfig {\n\t\t\tdomains = append(domains, describeCertConfigResp.Result.OtherCertConfig[i].Domain)\n\t\t}\n\t}\n\n\tif len(domains) == 0 {\n\t\tif len(describeCertConfigResp.Result.SpecifiedCertConfig) == 0 {\n\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t}\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 关联证书与加速域名\n\t// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-batchdeploycert\n\tbatchDeployCertReq := &bpcdn.BatchDeployCertRequest{\n\t\tCertId: cloudCertId,\n\t\tDomain: domain,\n\t}\n\tbatchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)\n\td.logger.Debug(\"sdk request 'cdn.BatchDeployCert'\", slog.Any(\"request\", batchDeployCertReq), slog.Any(\"response\", batchDeployCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.BatchDeployCert': %w\", err)\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/byteplus-cdn/byteplus_cdn_test.go",
"content": "package bytepluscdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/byteplus-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKey string\n\tfSecretKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"BYTEPLUSCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./byteplus_cdn_test.go -args \\\n\t--BYTEPLUSCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--BYTEPLUSCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--BYTEPLUSCDN_ACCESSKEY=\"your-access-key\" \\\n\t--BYTEPLUSCDN_SECRETKEY=\"your-secret-key\" \\\n\t--BYTEPLUSCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKey: fAccessKey,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/byteplus-cdn/consts.go",
"content": "package bytepluscdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/cachefly/cachefly.go",
"content": "package cachefly\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tcacheflysdk \"github.com/certimate-go/certimate/pkg/sdk3rd/cachefly\"\n)\n\ntype DeployerConfig struct {\n\t// CacheFly API Token。\n\tApiToken string `json:\"apiToken\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *cacheflysdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\t// REF: https://api.cachefly.com/api/2.5/docs#tag/Certificates/paths/~1certificates/post\n\tcreateCertificateReq := &cacheflysdk.CreateCertificateRequest{\n\t\tCertificate: lo.ToPtr(certPEM),\n\t\tCertificateKey: lo.ToPtr(privkeyPEM),\n\t}\n\tcreateCertificateResp, err := d.sdkClient.CreateCertificateWithContext(ctx, createCertificateReq)\n\td.logger.Debug(\"sdk request 'cachefly.CreateCertificate'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cachefly.CreateCertificate': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(apiToken string) (*cacheflysdk.Client, error) {\n\treturn cacheflysdk.NewClient(apiToken)\n}\n"
},
{
"path": "pkg/core/deployer/providers/cachefly/cachefly_test.go",
"content": "package cachefly_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/cachefly\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiToken string\n)\n\nfunc init() {\n\targsPrefix := \"CACHEFLY_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./cachefly_test.go -args \\\n\t--CACHEFLY_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CACHEFLY_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CACHEFLY_APITOKEN=\"your-api-token\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiToken: fApiToken,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/cdnfly/cdnfly.go",
"content": "package cdnfly\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tcdnflysdk \"github.com/certimate-go/certimate/pkg/sdk3rd/cdnfly\"\n)\n\ntype DeployerConfig struct {\n\t// Cdnfly 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// Cdnfly 用户端 API Key。\n\tApiKey string `json:\"apiKey\"`\n\t// Cdnfly 用户端 API Secret。\n\tApiSecret string `json:\"apiSecret\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 网站 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。\n\tSiteId string `json:\"siteId,omitempty\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *cdnflysdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiKey, config.ApiSecret, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_WEBSITE:\n\t\tif err := d.deployToSite(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToSite(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.SiteId == \"\" {\n\t\treturn errors.New(\"config `siteId` is required\")\n\t}\n\n\t// 获取单个网站详情\n\t// REF: https://doc.cdnfly.cn/wangzhanguanli-v1-sites.html#%E8%8E%B7%E5%8F%96%E5%8D%95%E4%B8%AA%E7%BD%91%E7%AB%99%E8%AF%A6%E6%83%85\n\tgetSiteResp, err := d.sdkClient.GetSiteWithContext(ctx, d.config.SiteId)\n\td.logger.Debug(\"sdk request 'cdnfly.GetSite'\", slog.String(\"siteId\", d.config.SiteId), slog.Any(\"response\", getSiteResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdnfly.GetSite': %w\", err)\n\t}\n\n\t// 添加单个证书\n\t// REF: https://doc.cdnfly.cn/wangzhanzhengshu-v1-certs.html#%E6%B7%BB%E5%8A%A0%E5%8D%95%E4%B8%AA%E6%88%96%E5%A4%9A%E4%B8%AA%E8%AF%81%E4%B9%A6-%E5%A4%9A%E4%B8%AA%E8%AF%81%E4%B9%A6%E6%97%B6%E6%95%B0%E6%8D%AE%E6%A0%BC%E5%BC%8F%E4%B8%BA%E6%95%B0%E7%BB%84\n\tcreateCertificateReq := &cdnflysdk.CreateCertRequest{\n\t\tName: lo.ToPtr(fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli())),\n\t\tType: lo.ToPtr(\"custom\"),\n\t\tCert: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tcreateCertificateResp, err := d.sdkClient.CreateCertWithContext(ctx, createCertificateReq)\n\td.logger.Debug(\"sdk request 'cdnfly.CreateCert'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdnfly.CreateCert': %w\", err)\n\t}\n\n\t// 修改单个网站\n\t// REF: https://doc.cdnfly.cn/wangzhanguanli-v1-sites.html#%E4%BF%AE%E6%94%B9%E5%8D%95%E4%B8%AA%E7%BD%91%E7%AB%99\n\tupdateSiteHttpsListenMap := make(map[string]any)\n\t_ = json.Unmarshal([]byte(getSiteResp.Data.HttpsListen), &updateSiteHttpsListenMap)\n\tupdateSiteHttpsListenMap[\"cert\"] = createCertificateResp.Data\n\tupdateSiteHttpsListenData, _ := json.Marshal(updateSiteHttpsListenMap)\n\tupdateSiteReq := &cdnflysdk.UpdateSiteRequest{\n\t\tHttpsListen: lo.ToPtr(string(updateSiteHttpsListenData)),\n\t}\n\tupdateSiteResp, err := d.sdkClient.UpdateSiteWithContext(ctx, d.config.SiteId, updateSiteReq)\n\td.logger.Debug(\"sdk request 'cdnfly.UpdateSite'\", slog.String(\"siteId\", d.config.SiteId), slog.Any(\"request\", updateSiteReq), slog.Any(\"response\", updateSiteResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdnfly.UpdateSite': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == \"\" {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 修改单个证书\n\t// REF: https://doc.cdnfly.cn/wangzhanzhengshu-v1-certs.html#%E4%BF%AE%E6%94%B9%E5%8D%95%E4%B8%AA%E8%AF%81%E4%B9%A6\n\tupdateCertReq := &cdnflysdk.UpdateCertRequest{\n\t\tType: lo.ToPtr(\"custom\"),\n\t\tCert: lo.ToPtr(certPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t}\n\tupdateCertResp, err := d.sdkClient.UpdateCertWithContext(ctx, d.config.CertificateId, updateCertReq)\n\td.logger.Debug(\"sdk request 'cdnfly.UpdateCert'\", slog.String(\"certId\", d.config.CertificateId), slog.Any(\"request\", updateCertReq), slog.Any(\"response\", updateCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdnfly.UpdateCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiKey, apiSecret string, skipTlsVerify bool) (*cdnflysdk.Client, error) {\n\tclient, err := cdnflysdk.NewClient(serverUrl, apiKey, apiSecret)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/cdnfly/cdnfly_test.go",
"content": "package cdnfly_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/cdnfly\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n\tfApiSecret string\n\tfCertificateId string\n)\n\nfunc init() {\n\targsPrefix := \"CDNFLY_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.StringVar(&fApiSecret, argsPrefix+\"APISECRET\", \"\", \"\")\n\tflag.StringVar(&fCertificateId, argsPrefix+\"CERTIFICATEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./cdnfly_test.go -args \\\n\t--CDNFLY_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CDNFLY_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CDNFLY_SERVERURL=\"http://127.0.0.1:88\" \\\n\t--CDNFLY_APIKEY=\"your-api-key\" \\\n\t--CDNFLY_APISECRET=\"your-api-secret\" \\\n\t--CDNFLY_CERTIFICATEID=\"your-cert-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"APISECRET: %v\", fApiSecret),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tApiSecret: fApiSecret,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/cdnfly/consts.go",
"content": "package cdnfly\n\nconst (\n\t// 资源类型:替换指定网站的证书。\n\tRESOURCE_TYPE_WEBSITE = \"website\"\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/cpanel/consts.go",
"content": "package cpanel\n\nconst (\n\t// 资源类型:替换指定网站的证书。\n\tRESOURCE_TYPE_WEBSITE = \"website\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/cpanel/cpanel.go",
"content": "package cpanel\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tcpanelsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/cpanel\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// cPanel 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// cPanel 用户名。\n\tUsername string `json:\"username\"`\n\t// cPanel 接口密钥。\n\tApiToken string `json:\"apiToken\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 网站域名(不支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *cpanelsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.Username, config.ApiToken, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_WEBSITE:\n\t\tif err := d.deployToWebsite(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToWebsite(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.Domain == \"\" {\n\t\treturn errors.New(\"config `domain` is required\")\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 安装 SSL 证书\n\t// REF: https://api.docs.cpanel.net/openapi/cpanel/operation/install_ssl/\n\tsslInstallSSLReq := &cpanelsdk.SSLInstallSSLRequest{\n\t\tDomain: lo.ToPtr(d.config.Domain),\n\t\tCert: lo.ToPtr(serverCertPEM),\n\t\tKey: lo.ToPtr(privkeyPEM),\n\t\tCABundle: lo.ToPtr(intermediaCertPEM),\n\t}\n\tsslInstallSSLResp, err := d.sdkClient.SSLInstallSSL(sslInstallSSLReq)\n\td.logger.Debug(\"sdk request 'SSL.install_ssl'\", slog.Any(\"request\", sslInstallSSLReq), slog.Any(\"response\", sslInstallSSLResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'SSL.install_ssl': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, username, apiToken string, skipTlsVerify bool) (*cpanelsdk.Client, error) {\n\tclient, err := cpanelsdk.NewClient(serverUrl, username, apiToken)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/cpanel/cpanel_test.go",
"content": "package cpanel_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/cpanel\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfUsername string\n\tfApiToken string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"CPANEL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./cpanel_test.go -args \\\n\t--CPANEL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CPANEL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CPANEL_SERVERURL=\"http://127.0.0.1:2082\" \\\n\t--CPANEL_USERNAME=\"your-username\" \\\n\t--CPANEL_APITOKEN=\"your-api-token\" \\\n\t--CPANEL_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tUsername: fUsername,\n\t\t\tApiToken: fApiToken,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_WEBSITE,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-ao/consts.go",
"content": "package ctcccloudao\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-ao/ctcccloud_ao.go",
"content": "package ctcccloudao\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-ao\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctyunao \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/ao\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunao.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no accessone domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found accessone domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertName); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=113&api=13816&data=174&isNormal=1&vid=167\n\tqueryDomainsPage := 1\n\tqueryDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tqueryDomainsReq := &ctyunao.QueryDomainsRequest{\n\t\t\tPage: lo.ToPtr(int32(queryDomainsPage)),\n\t\t\tPageSize: lo.ToPtr(int32(queryDomainsPageSize)),\n\t\t\tProductCode: lo.ToPtr(\"020\"),\n\t\t}\n\t\tqueryDomainsResp, err := d.sdkClient.QueryDomainsWithContext(ctx, queryDomainsReq)\n\t\td.logger.Debug(\"sdk request 'cdn.QueryDomains'\", slog.Any(\"request\", queryDomainsReq), slog.Any(\"response\", queryDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.QueryDomains': %w\", err)\n\t\t}\n\n\t\tif queryDomainsResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []int32{1, 5, 6, 7, 8, 9, 11, 12}\n\t\tfor _, domainItem := range queryDomainsResp.ReturnObj.Results {\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t}\n\n\t\tif len(queryDomainsResp.ReturnObj.Results) < queryDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tqueryDomainsPage++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertName string) error {\n\t// 域名基础及加速配置查询\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=113&api=13412&data=174&isNormal=1&vid=167\n\tgetDomainConfigReq := &ctyunao.GetDomainConfigRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t\tProductCode: lo.ToPtr(\"020\"),\n\t}\n\tgetDomainConfigResp, err := d.sdkClient.GetDomainConfigWithContext(ctx, getDomainConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.GetDomainConfig'\", slog.Any(\"request\", getDomainConfigReq), slog.Any(\"response\", getDomainConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.GetDomainConfig': %w\", err)\n\t}\n\n\t// 域名基础及加速配置修改\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=113&api=13413&data=174&isNormal=1&vid=167\n\tmodifyDomainConfigReq := &ctyunao.ModifyDomainConfigRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t\tProductCode: lo.ToPtr(getDomainConfigResp.ReturnObj.ProductCode),\n\t\tOrigin: lo.Map(getDomainConfigResp.ReturnObj.Origin, func(item *ctyunao.DomainOriginConfigWithWeight, _ int) *ctyunao.DomainOriginConfig {\n\t\t\tweight := item.Weight\n\t\t\tif weight == 0 {\n\t\t\t\tweight = 1\n\t\t\t}\n\t\t\treturn &ctyunao.DomainOriginConfig{\n\t\t\t\tOrigin: item.Origin,\n\t\t\t\tRole: item.Role,\n\t\t\t\tWeight: strconv.Itoa(int(weight)),\n\t\t\t}\n\t\t}),\n\t\tHttpsStatus: lo.ToPtr(\"on\"),\n\t\tCertName: lo.ToPtr(cloudCertName),\n\t}\n\tmodifyDomainConfigResp, err := d.sdkClient.ModifyDomainConfigWithContext(ctx, modifyDomainConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.ModifyDomainConfig'\", slog.Any(\"request\", modifyDomainConfigReq), slog.Any(\"response\", modifyDomainConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.ModifyDomainConfig': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunao.Client, error) {\n\treturn ctyunao.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-ao/ctcccloud_ao_test.go",
"content": "package ctcccloudao_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-ao\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDAO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_ao_test.go -args \\\n\t--CTCCCLOUDAO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDAO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDAO_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDAO_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--CTCCCLOUDAO_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-cdn/consts.go",
"content": "package ctcccloudcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-cdn/ctcccloud_cdn.go",
"content": "package ctcccloudcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-cdn\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctyuncdn \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/cdn\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyuncdn.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertName); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=11307&data=161&isNormal=1&vid=154\n\tqueryDomainListPage := 1\n\tqueryDomainListPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tqueryDomainListReq := &ctyuncdn.QueryDomainListRequest{\n\t\t\tPage: lo.ToPtr(int32(queryDomainListPage)),\n\t\t\tPageSize: lo.ToPtr(int32(queryDomainListPageSize)),\n\t\t\tProductCode: lo.ToPtr(\"020\"),\n\t\t}\n\t\tqueryDomainListResp, err := d.sdkClient.QueryDomainListWithContext(ctx, queryDomainListReq)\n\t\td.logger.Debug(\"sdk request 'cdn.QueryDomainList'\", slog.Any(\"request\", queryDomainListReq), slog.Any(\"response\", queryDomainListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.QueryDomainList': %w\", err)\n\t\t}\n\n\t\tif queryDomainListResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfilteredProductCodes := []string{\"001\", \"003\", \"004\", \"008\"}\n\t\tignoredStatuses := []int32{1, 5, 6, 7, 8, 9, 11, 12}\n\t\tfor _, domainItem := range queryDomainListResp.ReturnObj.Results {\n\t\t\tif !lo.Contains(filteredProductCodes, domainItem.ProductCode) {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t}\n\n\t\tif len(queryDomainListResp.ReturnObj.Results) < queryDomainListPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tqueryDomainListPage++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertName string) error {\n\t// 查询域名配置信息\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=11304&data=161&isNormal=1&vid=154\n\tqueryDomainDetailReq := &ctyuncdn.QueryDomainDetailRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t}\n\tqueryDomainDetailResp, err := d.sdkClient.QueryDomainDetailWithContext(ctx, queryDomainDetailReq)\n\td.logger.Debug(\"sdk request 'cdn.QueryDomainDetail'\", slog.Any(\"request\", queryDomainDetailReq), slog.Any(\"response\", queryDomainDetailResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.QueryDomainDetail': %w\", err)\n\t}\n\n\t// 修改域名配置\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=11308&data=161&isNormal=1&vid=154\n\tupdateDomainReq := &ctyuncdn.UpdateDomainRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t\tHttpsStatus: lo.ToPtr(\"on\"),\n\t\tCertName: lo.ToPtr(cloudCertName),\n\t}\n\tupdateDomainResp, err := d.sdkClient.UpdateDomainWithContext(ctx, updateDomainReq)\n\td.logger.Debug(\"sdk request 'cdn.UpdateDomain'\", slog.Any(\"request\", updateDomainReq), slog.Any(\"response\", updateDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.UpdateDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyuncdn.Client, error) {\n\treturn ctyuncdn.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-cdn/ctcccloud_cdn_test.go",
"content": "package ctcccloudcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_cdn_test.go -args \\\n\t--CTCCCLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDCDN_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--CTCCCLOUDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-cms/ctcccloud_cms.go",
"content": "package ctcccloudcms\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-cms\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-cms/ctcccloud_cms_test.go",
"content": "package ctcccloudcms_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-cms\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDCMS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_cms_test.go -args \\\n\t--CTCCCLOUDCMS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDCMS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDCMS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDCMS_SECRETACCESSKEY=\"your-secret-access-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-elb/consts.go",
"content": "package ctcccloudelb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-elb/ctcccloud_elb.go",
"content": "package ctcccloudelb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-elb\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctyunelb \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/elb\"\n)\n\ntype DeployerConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 天翼云资源池 ID。\n\tRegionId string `json:\"regionId\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunelb.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t\tRegionId: config.RegionId,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询监听列表\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=24&api=5654&data=88&isNormal=1&vid=82\n\tlistenerIds := make([]string, 0)\n\t{\n\t\tlistListenersReq := &ctyunelb.ListListenersRequest{\n\t\t\tRegionID: lo.ToPtr(d.config.RegionId),\n\t\t\tLoadBalancerID: lo.ToPtr(d.config.LoadbalancerId),\n\t\t}\n\t\tlistListenersResp, err := d.sdkClient.ListListenersWithContext(ctx, listListenersReq)\n\t\td.logger.Debug(\"sdk request 'elb.ListListeners'\", slog.Any(\"request\", listListenersReq), slog.Any(\"response\", listListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.ListListeners': %w\", err)\n\t\t}\n\n\t\tfor _, listener := range listListenersResp.ReturnObj {\n\t\t\tif strings.EqualFold(listener.Protocol, \"HTTPS\") {\n\t\t\t\tlistenerIds = append(listenerIds, listener.ID)\n\t\t\t}\n\t\t}\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no elb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 更新监听\n\tif err := d.updateListenerCertificate(ctx, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {\n\t// 更新监听器\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=24&api=5652&data=88&isNormal=1&vid=82\n\tsetLoadBalancerHTTPSListenerAttributeReq := &ctyunelb.UpdateListenerRequest{\n\t\tRegionID: lo.ToPtr(d.config.RegionId),\n\t\tListenerID: lo.ToPtr(cloudListenerId),\n\t\tCertificateID: lo.ToPtr(cloudCertId),\n\t}\n\tsetLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.UpdateListenerWithContext(ctx, setLoadBalancerHTTPSListenerAttributeReq)\n\td.logger.Debug(\"sdk request 'elb.UpdateListener'\", slog.Any(\"request\", setLoadBalancerHTTPSListenerAttributeReq), slog.Any(\"response\", setLoadBalancerHTTPSListenerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.UpdateListener': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunelb.Client, error) {\n\treturn ctyunelb.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-elb/ctcccloud_elb_test.go",
"content": "package ctcccloudelb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-elb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegionId string\n\tfLoadbalancerId string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDELB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegionId, argsPrefix+\"REGIONID\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_elb_test.go -args \\\n\t--CTCCCLOUDELB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDELB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDELB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDELB_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--CTCCCLOUDELB_REGIONID=\"your-region-id\" \\\n\t--CTCCCLOUDELB_LOADBALANCERID=\"your-elb-instance-id\" \\\n\t--CTCCCLOUDELB_LISTENERID=\"your-elb-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToLoadbalancer\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGIONID: %v\", fRegionId),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegionId: fRegionId,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGIONID: %v\", fRegionId),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegionId: fRegionId,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-faas/ctcccloud_faas.go",
"content": "package ctcccloudfaas\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctyunfaas \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/faas\"\n)\n\ntype DeployerConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 天翼云资源池 ID。\n\tRegionId string `json:\"regionId\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunfaas.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.RegionId == \"\" {\n\t\treturn nil, errors.New(\"config `regionId` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 获取自定义域名配置\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=53&api=16002&data=42&isNormal=1&vid=40\n\tvar faasCustomDomain *ctyunfaas.CustomDomainRecord\n\tgetCustomDomainReq := &ctyunfaas.GetCustomDomainRequest{\n\t\tRegionId: lo.ToPtr(d.config.RegionId),\n\t\tDomainName: lo.ToPtr(d.config.Domain),\n\t\tCnameCheck: lo.ToPtr(false),\n\t}\n\tgetCustomDomainResp, err := d.sdkClient.GetCustomDomainWithContext(ctx, getCustomDomainReq)\n\td.logger.Debug(\"sdk request 'faas.GetCustomDomain'\", slog.Any(\"request\", getCustomDomainReq), slog.Any(\"response\", getCustomDomainResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'faas.GetCustomDomain': %w\", err)\n\t} else {\n\t\tfaasCustomDomain = getCustomDomainResp.ReturnObj\n\n\t\t// 已部署过此域名,跳过\n\t\tif faasCustomDomain.CertConfig != nil &&\n\t\t\tfaasCustomDomain.CertConfig.Certificate == certPEM &&\n\t\t\tfaasCustomDomain.CertConfig.PrivateKey == privkeyPEM {\n\t\t\treturn &deployer.DeployResult{}, nil\n\t\t}\n\t}\n\n\t// 更新自定义域名\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=53&api=16004&data=42&isNormal=1&vid=40\n\tupdateCustomDomainReq := &ctyunfaas.UpdateCustomDomainRequest{\n\t\tRegionId: lo.ToPtr(d.config.RegionId),\n\t\tDomainName: lo.ToPtr(d.config.Domain),\n\t\tProtocol: lo.ToPtr(faasCustomDomain.Protocol),\n\t\tAuthConfig: faasCustomDomain.AuthConfig,\n\t\tCertConfig: &ctyunfaas.CustomDomainCertConfig{\n\t\t\tCertName: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\t\tCertificate: certPEM,\n\t\t\tPrivateKey: privkeyPEM,\n\t\t},\n\t}\n\tif !strings.Contains(*updateCustomDomainReq.Protocol, \"HTTPS\") {\n\t\tif *updateCustomDomainReq.Protocol == \"\" {\n\t\t\tupdateCustomDomainReq.Protocol = lo.ToPtr(\"HTTPS\")\n\t\t} else {\n\t\t\tupdateCustomDomainReq.Protocol = lo.ToPtr(*updateCustomDomainReq.Protocol + \",HTTPS\")\n\t\t}\n\t}\n\tupdateCustomDomainResp, err := d.sdkClient.UpdateCustomDomainWithContext(ctx, updateCustomDomainReq)\n\td.logger.Debug(\"sdk request 'faas.UpdateCustomDomain'\", slog.Any(\"request\", updateCustomDomainReq), slog.Any(\"response\", updateCustomDomainResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'faas.UpdateCustomDomain': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunfaas.Client, error) {\n\treturn ctyunfaas.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-faas/ctcccloud_faas_test.go",
"content": "package ctcccloudfaas_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-faas\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegionId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDFAAS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegionId, argsPrefix+\"REGIONID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_faas_test.go -args \\\n\t--CTCCCLOUDFAAS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDFAAS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDFAAS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDFAAS_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--CTCCCLOUDFAAS_REGIONID=\"your-region-id\" \\\n\t--CTCCCLOUDFAAS_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGIONID: %v\", fRegionId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegionId: fRegionId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-icdn/consts.go",
"content": "package ctcccloudicdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-icdn/ctcccloud_icdn.go",
"content": "package ctcccloudicdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-icdn\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctyunicdn \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/icdn\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunicdn.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no icdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found icdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertName); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=112&api=10852&data=173&isNormal=1&vid=166\n\tqueryDomainsPage := 1\n\tqueryDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tqueryDomainListReq := &ctyunicdn.QueryDomainListRequest{\n\t\t\tPage: lo.ToPtr(int32(queryDomainsPage)),\n\t\t\tPageSize: lo.ToPtr(int32(queryDomainsPageSize)),\n\t\t\tProductCode: lo.ToPtr(\"006\"),\n\t\t}\n\t\tqueryDomainListResp, err := d.sdkClient.QueryDomainListWithContext(ctx, queryDomainListReq)\n\t\td.logger.Debug(\"sdk request 'cdn.QueryDomainList'\", slog.Any(\"request\", queryDomainListReq), slog.Any(\"response\", queryDomainListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.QueryDomainList': %w\", err)\n\t\t}\n\n\t\tif queryDomainListResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []int32{1, 5, 6, 7, 8, 9, 11, 12}\n\t\tfor _, domainItem := range queryDomainListResp.ReturnObj.Results {\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t}\n\n\t\tif len(queryDomainListResp.ReturnObj.Results) < queryDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tqueryDomainsPage++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertName string) error {\n\t// 查询域名配置信息\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=112&api=10849&data=173&isNormal=1&vid=166\n\tqueryDomainDetailReq := &ctyunicdn.QueryDomainDetailRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t}\n\tqueryDomainDetailResp, err := d.sdkClient.QueryDomainDetailWithContext(ctx, queryDomainDetailReq)\n\td.logger.Debug(\"sdk request 'icdn.QueryDomainDetail'\", slog.Any(\"request\", queryDomainDetailReq), slog.Any(\"response\", queryDomainDetailResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'icdn.QueryDomainDetail': %w\", err)\n\t}\n\n\t// 修改域名配置\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=112&api=10853&data=173&isNormal=1&vid=166\n\tupdateDomainReq := &ctyunicdn.UpdateDomainRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t\tHttpsStatus: lo.ToPtr(\"on\"),\n\t\tCertName: lo.ToPtr(cloudCertName),\n\t}\n\tupdateDomainResp, err := d.sdkClient.UpdateDomainWithContext(ctx, updateDomainReq)\n\td.logger.Debug(\"sdk request 'icdn.UpdateDomain'\", slog.Any(\"request\", updateDomainReq), slog.Any(\"response\", updateDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'icdn.UpdateDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunicdn.Client, error) {\n\treturn ctyunicdn.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-icdn/ctcccloud_icdn_test.go",
"content": "package ctcccloudicdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-icdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_cdn_test.go -args \\\n\t--CTCCCLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDCDN_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--CTCCCLOUDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-lvdn/consts.go",
"content": "package ctcccloudlvdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-lvdn/ctcccloud_lvdn.go",
"content": "package ctcccloudlvdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ctcccloud-lvdn\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tctyunlvdn \"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/lvdn\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 天翼云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 天翼云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ctyunlvdn.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no lvdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found lvdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertName); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=125&api=11559&data=183&isNormal=1&vid=261\n\tqueryDomainsPage := 1\n\tqueryDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tqueryDomainListReq := &ctyunlvdn.QueryDomainListRequest{\n\t\t\tPage: lo.ToPtr(int32(queryDomainsPage)),\n\t\t\tPageSize: lo.ToPtr(int32(queryDomainsPageSize)),\n\t\t\tProductCode: lo.ToPtr(\"005\"),\n\t\t}\n\t\tqueryDomainListResp, err := d.sdkClient.QueryDomainListWithContext(ctx, queryDomainListReq)\n\t\td.logger.Debug(\"sdk request 'cdn.QueryDomainList'\", slog.Any(\"request\", queryDomainListReq), slog.Any(\"response\", queryDomainListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.QueryDomainList': %w\", err)\n\t\t}\n\n\t\tif queryDomainListResp.ReturnObj == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []int32{1, 5, 6, 7, 8, 9, 11, 12}\n\t\tfor _, domainItem := range queryDomainListResp.ReturnObj.Results {\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t}\n\n\t\tif len(queryDomainListResp.ReturnObj.Results) < queryDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tqueryDomainsPage++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertName string) error {\n\t// 查询域名配置信息\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=125&api=11473&data=183&isNormal=1&vid=261\n\tqueryDomainDetailReq := &ctyunlvdn.QueryDomainDetailRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t\tProductCode: lo.ToPtr(\"005\"),\n\t}\n\tqueryDomainDetailResp, err := d.sdkClient.QueryDomainDetailWithContext(ctx, queryDomainDetailReq)\n\td.logger.Debug(\"sdk request 'lvdn.QueryDomainDetail'\", slog.Any(\"request\", queryDomainDetailReq), slog.Any(\"response\", queryDomainDetailResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'lvdn.QueryDomainDetail': %w\", err)\n\t}\n\n\t// 修改域名配置\n\t// REF: https://eop.ctyun.cn/ebp/ctapiDocument/search?sid=108&api=11308&data=161&isNormal=1&vid=154\n\tupdateDomainReq := &ctyunlvdn.UpdateDomainRequest{\n\t\tDomain: lo.ToPtr(domain),\n\t\tProductCode: lo.ToPtr(\"005\"),\n\t\tHttpsSwitch: lo.ToPtr(int32(1)),\n\t\tCertName: lo.ToPtr(cloudCertName),\n\t}\n\tupdateDomainResp, err := d.sdkClient.UpdateDomainWithContext(ctx, updateDomainReq)\n\td.logger.Debug(\"sdk request 'lvdn.UpdateDomain'\", slog.Any(\"request\", updateDomainReq), slog.Any(\"response\", updateDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'lvdn.UpdateDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ctyunlvdn.Client, error) {\n\treturn ctyunlvdn.NewClient(accessKeyId, secretAccessKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/ctcccloud-lvdn/ctcccloud_lvdn_test.go",
"content": "package ctcccloudlvdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ctcccloud-lvdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"CTCCCLOUDLVDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ctcccloud_lvdn_test.go -args \\\n\t--CTCCCLOUDLVDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--CTCCCLOUDLVDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--CTCCCLOUDLVDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--CTCCCLOUDLVDN_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--CTCCCLOUDLVDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/dogecloud-cdn/consts.go",
"content": "package dogecloudcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn.go",
"content": "package dogecloudcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/dogecloud\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tdogesdk \"github.com/certimate-go/certimate/pkg/sdk3rd/dogecloud\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 多吉云 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 多吉云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *dogesdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKey, config.SecretKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKey: config.AccessKey,\n\t\tSecretKey: config.SecretKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tcertId, _ := strconv.ParseInt(upres.CertId, 10, 64)\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 获取域名列表\n\t// REF: https://docs.dogecloud.com/cdn/api-domain-list\n\tlistCdnDomainResp, err := d.sdkClient.ListCdnDomainWithContext(ctx)\n\td.logger.Debug(\"sdk request 'cdn.ListCdnDomain'\", slog.Any(\"response\", listCdnDomainResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.ListCdnDomain': %w\", err)\n\t}\n\n\tif listCdnDomainResp.Data != nil {\n\t\tignoredStatuses := []string{\"offline\"}\n\t\tfor _, domainItem := range listCdnDomainResp.Data.Domains {\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Name)\n\t\t}\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId int64) error {\n\t// 绑定证书\n\t// REF: https://docs.dogecloud.com/cdn/api-cert-bind\n\tbindCdnCertReq := &dogesdk.BindCdnCertRequest{\n\t\tCertId: cloudCertId,\n\t\tDomain: domain,\n\t}\n\tbindCdnCertResp, err := d.sdkClient.BindCdnCertWithContext(ctx, bindCdnCertReq)\n\td.logger.Debug(\"sdk request 'cdn.BindCdnCert'\", slog.Any(\"request\", bindCdnCertReq), slog.Any(\"response\", bindCdnCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.BindCdnCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKey, secretKey string) (*dogesdk.Client, error) {\n\treturn dogesdk.NewClient(accessKey, secretKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/dogecloud-cdn/dogecloud_cdn_test.go",
"content": "package dogecloudcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/dogecloud-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKey string\n\tfSecretKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"DOGECLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./dogecloud_cdn_test.go -args \\\n\t--DOGECLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--DOGECLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--DOGECLOUDCDN_ACCESSKEY=\"your-access-key\" \\\n\t--DOGECLOUDCDN_SECRETKEY=\"your-secret-key\" \\\n\t--DOGECLOUDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKey: fAccessKey,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/dokploy/dokploy.go",
"content": "package dokploy\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/dokploy\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// Dokploy 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// Dokploy API Key。\n\tApiKey string `json:\"apiKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tServerUrl: config.ServerUrl,\n\t\tApiKey: config.ApiKey,\n\t\tAllowInsecureConnections: config.AllowInsecureConnections,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/dokploy/dokploy_test.go",
"content": "package dokploy_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/dokploy\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"DOKPLOY_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./1panel_console_test.go -args \\\n\t--DOKPLOY_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--DOKPLOY_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--DOKPLOY_SERVERURL=\"http://127.0.0.1:3000\" \\\n\t--DOKPLOY_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiKey: fApiKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/flexcdn/consts.go",
"content": "package flexcdn\n\nconst (\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/flexcdn/flexcdn.go",
"content": "package flexcdn\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/base64\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tflexcdnsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/flexcdn\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// FlexCDN 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// FlexCDN 用户角色。\n\t// 可取值 \"user\"、\"admin\"。\n\tApiRole string `json:\"apiRole\"`\n\t// FlexCDN AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// FlexCDN AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *flexcdnsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiRole, config.AccessKeyId, config.AccessKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == 0 {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 修改证书\n\t// REF: https://flexcdn.cloud/dev/api/service/SSLCertService?role=user#updateSSLCert\n\tupdateSSLCertReq := &flexcdnsdk.UpdateSSLCertRequest{\n\t\tSSLCertId: d.config.CertificateId,\n\t\tIsOn: true,\n\t\tName: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\tDescription: \"upload from certimate\",\n\t\tServerName: certX509.Subject.CommonName,\n\t\tIsCA: false,\n\t\tCertData: base64.StdEncoding.EncodeToString([]byte(certPEM)),\n\t\tKeyData: base64.StdEncoding.EncodeToString([]byte(privkeyPEM)),\n\t\tTimeBeginAt: certX509.NotBefore.Unix(),\n\t\tTimeEndAt: certX509.NotAfter.Unix(),\n\t\tDNSNames: certX509.DNSNames,\n\t\tCommonNames: []string{certX509.Subject.CommonName},\n\t}\n\tupdateSSLCertResp, err := d.sdkClient.UpdateSSLCertWithContext(ctx, updateSSLCertReq)\n\td.logger.Debug(\"sdk request 'flexcdn.UpdateSSLCert'\", slog.Any(\"request\", updateSSLCertReq), slog.Any(\"response\", updateSSLCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'flexcdn.UpdateSSLCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiRole, accessKeyId, accessKey string, skipTlsVerify bool) (*flexcdnsdk.Client, error) {\n\tclient, err := flexcdnsdk.NewClient(serverUrl, apiRole, accessKeyId, accessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/flexcdn/flexcdn_test.go",
"content": "package flexcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/flexcdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfAccessKeyId string\n\tfAccessKey string\n\tfCertificateId int64\n)\n\nfunc init() {\n\targsPrefix := \"FLEXCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.Int64Var(&fCertificateId, argsPrefix+\"CERTIFICATEID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./flexcdn_test.go -args \\\n\t--FLEXCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--FLEXCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--FLEXCDN_SERVERURL=\"http://127.0.0.1:7788\" \\\n\t--FLEXCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--FLEXCDN_ACCESSKEY=\"your-access-key\" \\\n\t--FLEXCDN_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToCertificate\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiRole: \"user\",\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKey: fAccessKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/flyio/flyio.go",
"content": "package flyio\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tflyiosdk \"github.com/certimate-go/certimate/pkg/sdk3rd/flyio\"\n)\n\ntype DeployerConfig struct {\n\t// Fly.io API Token。\n\tApiToken string `json:\"apiToken\"`\n\t// Fly.io 应用名称。\n\tAppName string `json:\"appName\"`\n\t// 自定义域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *flyiosdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.AppName == \"\" {\n\t\treturn nil, errors.New(\"config `appName` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 导入自定义证书\n\t// REF: https://fly.io/docs/machines/api/certificates-resource/#import-custom-certificate\n\timportCustomCertificateReq := &flyiosdk.ImportCustomCertificateRequest{\n\t\tAppName: d.config.AppName,\n\t\tHostname: d.config.Domain,\n\t\tFullchain: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t}\n\timportCustomCertificateResp, err := d.sdkClient.ImportCustomCertificateWithContext(ctx, importCustomCertificateReq)\n\td.logger.Debug(\"sdk request 'flyio.ImportCustomCertificate'\", slog.Any(\"request\", importCustomCertificateReq), slog.Any(\"response\", importCustomCertificateResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'flyio.ImportCustomCertificate': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(apiToken string) (*flyiosdk.Client, error) {\n\treturn flyiosdk.NewClient(apiToken)\n}\n"
},
{
"path": "pkg/core/deployer/providers/flyio/flyio_test.go",
"content": "package flyio_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/flyio\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiToken string\n\tfAppName string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"FLYIO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fAppName, argsPrefix+\"APPNAME\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./flyio_test.go -args \\\n\t--FLYIO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--FLYIO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--FLYIO_APITOKEN=\"your-api-token\" \\\n\t--FLYIO_APPNAME=\"your-app-name\" \\\n\t--FLYIO_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"APPNAME: %v\", fAppName),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiToken: fApiToken,\n\t\t\tAppName: fAppName,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/gcore-cdn/gcore_cdn.go",
"content": "package gcorecdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\n\t\"github.com/G-Core/gcorelabscdn-go/gcore\"\n\t\"github.com/G-Core/gcorelabscdn-go/gcore/provider\"\n\t\"github.com/G-Core/gcorelabscdn-go/resources\"\n\t\"github.com/G-Core/gcorelabscdn-go/sslcerts\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/gcore-cdn\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tgcoresdk \"github.com/certimate-go/certimate/pkg/sdk3rd/gcore\"\n)\n\ntype DeployerConfig struct {\n\t// G-Core API Token。\n\tApiToken string `json:\"apiToken\"`\n\t// CDN 资源 ID。\n\tResourceId int64 `json:\"resourceId\"`\n\t// 证书 ID。\n\t// 选填。零值时表示新建证书;否则表示更新证书。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClients *wSDKClients\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\ntype wSDKClients struct {\n\tResources *resources.Service\n\tSSLCerts *sslcerts.Service\n}\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclients, err := createSDKClients(config.ApiToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tApiToken: config.ApiToken,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClients: clients,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.ResourceId == 0 {\n\t\treturn nil, errors.New(\"config `resourceId` is required\")\n\t}\n\n\t// 如果原证书 ID 为空,则创建证书;否则更新证书。\n\tvar cloudCertId int64\n\tif d.config.CertificateId == 0 {\n\t\t// 上传证书\n\t\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t\t}\n\n\t\tcloudCertId, _ = strconv.ParseInt(upres.CertId, 10, 64)\n\t} else {\n\t\t// 获取证书\n\t\t// REF: https://api.gcore.com/docs/cdn#tag/SSL-certificates/paths/~1cdn~1sslData~1%7Bssl_id%7D/get\n\t\tgetCertificateDetailResp, err := d.sdkClients.SSLCerts.Get(ctx, d.config.CertificateId)\n\t\td.logger.Debug(\"sdk request 'sslcerts.Get'\", slog.Int64(\"sslId\", d.config.CertificateId), slog.Any(\"response\", getCertificateDetailResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'sslcerts.Get': %w\", err)\n\t\t}\n\n\t\t// 更新证书\n\t\t// REF: https://api.gcore.com/docs/cdn#tag/SSL-certificates/paths/~1cdn~1sslData~1%7Bssl_id%7D/get\n\t\tchangeCertificateReq := &sslcerts.UpdateRequest{\n\t\t\tName: getCertificateDetailResp.Name,\n\t\t\tCert: certPEM,\n\t\t\tPrivateKey: privkeyPEM,\n\t\t\tValidateRootCA: false,\n\t\t}\n\t\tchangeCertificateResp, err := d.sdkClients.SSLCerts.Update(ctx, getCertificateDetailResp.ID, changeCertificateReq)\n\t\td.logger.Debug(\"sdk request 'sslcerts.Update'\", slog.Int64(\"sslId\", getCertificateDetailResp.ID), slog.Any(\"request\", changeCertificateReq), slog.Any(\"response\", changeCertificateResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'sslcerts.Update': %w\", err)\n\t\t}\n\n\t\tcloudCertId = changeCertificateResp.ID\n\t}\n\n\t// 获取 CDN 资源详情\n\t// REF: https://api.gcore.com/docs/cdn#tag/CDN-resources/paths/~1cdn~1resources~1%7Bresource_id%7D/get\n\tgetResourceResp, err := d.sdkClients.Resources.Get(ctx, d.config.ResourceId)\n\td.logger.Debug(\"sdk request 'resources.Get'\", slog.Any(\"resourceId\", d.config.ResourceId), slog.Any(\"response\", getResourceResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'resources.Get': %w\", err)\n\t}\n\n\t// 更新 CDN 资源详情\n\t// REF: https://api.gcore.com/docs/cdn#tag/CDN-resources/operation/change_cdn_resource\n\tupdateResourceReq := &resources.UpdateRequest{\n\t\tDescription: getResourceResp.Description,\n\t\tActive: getResourceResp.Active,\n\t\tOriginGroup: int(getResourceResp.OriginGroup),\n\t\tOriginProtocol: getResourceResp.OriginProtocol,\n\t\tSecondaryHostnames: getResourceResp.SecondaryHostnames,\n\t\tSSlEnabled: true,\n\t\tSSLData: int(cloudCertId),\n\t\tProxySSLEnabled: getResourceResp.ProxySSLEnabled,\n\t\tOptions: &gcore.Options{},\n\t}\n\tif getResourceResp.ProxySSLCA != 0 {\n\t\tupdateResourceReq.ProxySSLCA = &getResourceResp.ProxySSLCA\n\t}\n\tif getResourceResp.ProxySSLData != 0 {\n\t\tupdateResourceReq.ProxySSLData = &getResourceResp.ProxySSLData\n\t}\n\tupdateResourceResp, err := d.sdkClients.Resources.Update(ctx, d.config.ResourceId, updateResourceReq)\n\td.logger.Debug(\"sdk request 'resources.Update'\", slog.Int64(\"resourceId\", d.config.ResourceId), slog.Any(\"request\", updateResourceReq), slog.Any(\"response\", updateResourceResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'resources.Update': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClients(apiToken string) (*wSDKClients, error) {\n\tif apiToken == \"\" {\n\t\treturn nil, errors.New(\"gcore: invalid api token\")\n\t}\n\n\trequester := provider.NewClient(\n\t\tgcoresdk.BASE_URL,\n\t\tprovider.WithSigner(gcoresdk.NewAuthRequestSigner(apiToken)),\n\t)\n\tresourcesSrv := resources.NewService(requester)\n\tsslCertsSrv := sslcerts.NewService(requester)\n\treturn &wSDKClients{\n\t\tResources: resourcesSrv,\n\t\tSSLCerts: sslCertsSrv,\n\t}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/gcore-cdn/gcore_cdn_test.go",
"content": "package gcorecdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/gcore-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiToken string\n\tfResourceId int64\n)\n\nfunc init() {\n\targsPrefix := \"GCORECDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.Int64Var(&fResourceId, argsPrefix+\"RESOURCEID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./gcore_cdn_test.go -args \\\n\t--GCORECDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--GCORECDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--GCORECDN_APITOKEN=\"your-api-token\" \\\n\t--GCORECDN_RESOURCEID=\"your-cdn-resource-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"RESOURCEID: %v\", fResourceId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiToken: fApiToken,\n\t\t\tResourceId: fResourceId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/goedge/consts.go",
"content": "package goedge\n\nconst (\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/goedge/goedge.go",
"content": "package goedge\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/base64\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tgoedgesdk \"github.com/certimate-go/certimate/pkg/sdk3rd/goedge\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// GoEdge 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// GoEdge 用户角色。\n\t// 可取值 \"user\"、\"admin\"。\n\tApiRole string `json:\"apiRole\"`\n\t// GoEdge AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// GoEdge AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *goedgesdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiRole, config.AccessKeyId, config.AccessKey, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == 0 {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 修改证书\n\t// REF: https://goedge.cloud/dev/api/service/SSLCertService?role=user#updateSSLCert\n\tupdateSSLCertReq := &goedgesdk.UpdateSSLCertRequest{\n\t\tSSLCertId: d.config.CertificateId,\n\t\tIsOn: true,\n\t\tName: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\tDescription: \"upload from certimate\",\n\t\tServerName: certX509.Subject.CommonName,\n\t\tIsCA: false,\n\t\tCertData: base64.StdEncoding.EncodeToString([]byte(certPEM)),\n\t\tKeyData: base64.StdEncoding.EncodeToString([]byte(privkeyPEM)),\n\t\tTimeBeginAt: certX509.NotBefore.Unix(),\n\t\tTimeEndAt: certX509.NotAfter.Unix(),\n\t\tDNSNames: certX509.DNSNames,\n\t\tCommonNames: []string{certX509.Subject.CommonName},\n\t}\n\tupdateSSLCertResp, err := d.sdkClient.UpdateSSLCertWithContext(ctx, updateSSLCertReq)\n\td.logger.Debug(\"sdk request 'goedge.UpdateSSLCert'\", slog.Any(\"request\", updateSSLCertReq), slog.Any(\"response\", updateSSLCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'goedge.UpdateSSLCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiRole, accessKeyId, accessKey string, skipTlsVerify bool) (*goedgesdk.Client, error) {\n\tclient, err := goedgesdk.NewClient(serverUrl, apiRole, accessKeyId, accessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/goedge/goedge_test.go",
"content": "package goedge_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/goedge\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfAccessKeyId string\n\tfAccessKey string\n\tfCertificateId int64\n)\n\nfunc init() {\n\targsPrefix := \"GOEDGE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.Int64Var(&fCertificateId, argsPrefix+\"CERTIFICATEID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./goedge_test.go -args \\\n\t--GOEDGE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--GOEDGE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--GOEDGE_SERVERURL=\"http://127.0.0.1:7788\" \\\n\t--GOEDGE_ACCESSKEYID=\"your-access-key-id\" \\\n\t--GOEDGE_ACCESSKEY=\"your-access-key\" \\\n\t--GOEDGE_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToCertificate\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiRole: \"user\",\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKey: fAccessKey,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-cdn/consts.go",
"content": "package huaweicloudcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go",
"content": "package huaweicloudcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global\"\n\thccdn \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2\"\n\thccdnmodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model\"\n\thccdnregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/huaweicloud-scm\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-cdn/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云企业项目 ID。\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n\t// 华为云区域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(\n\t\tconfig.AccessKeyId,\n\t\tconfig.SecretAccessKey,\n\t\tconfig.Region,\n\t)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t\tEnterpriseProjectId: config.EnterpriseProjectId,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tconst MAX_DOMAIN_PER_REQUEST = 50\n\t\tdomainChunks := lo.Chunk(domains, MAX_DOMAIN_PER_REQUEST)\n\t\tfor _, domains := range domainChunks {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainsCertificate(ctx, domains, upres.CertId, upres.CertName); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://support.huaweicloud.com/api-cdn/ListDomains.html\n\tlistDomainsPageNumber := 1\n\tlistDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainsReq := &hccdnmodel.ListDomainsRequest{\n\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\t\tPageNumber: lo.ToPtr(int32(listDomainsPageNumber)),\n\t\t\tPageSize: lo.ToPtr(int32(listDomainsPageSize)),\n\t\t}\n\t\tlistDomainsResp, err := d.sdkClient.ListDomains(listDomainsReq)\n\t\td.logger.Debug(\"sdk request 'cdn.ListDomains'\", slog.Any(\"request\", listDomainsReq), slog.Any(\"response\", listDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.ListDomains': %w\", err)\n\t\t}\n\n\t\tif listDomainsResp.Domains == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []string{\"offline\", \"checking\", \"check_failed\", \"deleting\"}\n\t\tfor _, domainItem := range *listDomainsResp.Domains {\n\t\t\tif lo.Contains(ignoredStatuses, lo.FromPtr(domainItem.DomainStatus)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, lo.FromPtr(domainItem.DomainName))\n\t\t}\n\n\t\tif len(*listDomainsResp.Domains) < listDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainsCertificate(ctx context.Context, domains []string, cloudCertId, cloudCertName string) error {\n\t// 更新加速域名配置\n\t// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html\n\t// REF: https://support.huaweicloud.com/usermanual-cdn/cdn_01_0306.html\n\tupdateDomainMultiCertificatesReq := &hccdnmodel.UpdateDomainMultiCertificatesRequest{\n\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\tBody: &hccdnmodel.UpdateDomainMultiCertificatesRequestBody{\n\t\t\tHttps: &hccdnmodel.UpdateDomainMultiCertificatesRequestBodyContent{\n\t\t\t\tDomainName: strings.Join(domains, \",\"),\n\t\t\t\tHttpsSwitch: 1,\n\t\t\t\tCertificateType: lo.ToPtr(int32(2)),\n\t\t\t\tScmCertificateId: lo.ToPtr(cloudCertId),\n\t\t\t\tCertName: lo.ToPtr(cloudCertName),\n\t\t\t},\n\t\t},\n\t}\n\tupdateDomainMultiCertificatesResp, err := d.sdkClient.UpdateDomainMultiCertificates(updateDomainMultiCertificatesReq)\n\td.logger.Debug(\"sdk request 'cdn.UpdateDomainMultiCertificates'\", slog.Any(\"request\", updateDomainMultiCertificatesReq), slog.Any(\"response\", updateDomainMultiCertificatesResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.UpdateDomainMultiCertificates': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*internal.CdnClient, error) {\n\tif region == \"\" {\n\t\tregion = \"cn-north-1\" // CDN 服务默认区域:华北一北京\n\t}\n\n\tauth, err := global.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcRegion, err := hccdnregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcClient, err := hccdn.CdnClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewCdnClient(hcClient)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn_test.go",
"content": "package huaweicloudcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegion string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"HUAWEICLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./huaweicloud_cdn_test.go -args \\\n\t--HUAWEICLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--HUAWEICLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--HUAWEICLOUDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--HUAWEICLOUDCDN_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--HUAWEICLOUDCDN_REGION=\"cn-north-1\" \\\n\t--HUAWEICLOUDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegion: fRegion,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-cdn/internal/client.go",
"content": "package internal\n\nimport (\n\thttpclient \"github.com/huaweicloud/huaweicloud-sdk-go-v3/core\"\n\thwcdn \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model\"\n)\n\n// This is a partial copy of https://github.com/huaweicloud/huaweicloud-sdk-go-v3/blob/master/services/cdn/v2/cdn_client.go\n// to lightweight the vendor packages in the built binary.\ntype CdnClient struct {\n\tHcClient *httpclient.HcHttpClient\n}\n\nfunc NewCdnClient(hcClient *httpclient.HcHttpClient) *CdnClient {\n\treturn &CdnClient{HcClient: hcClient}\n}\n\nfunc (c *CdnClient) ListDomains(request *model.ListDomainsRequest) (*model.ListDomainsResponse, error) {\n\trequestDef := hwcdn.GenReqDefForListDomains()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListDomainsResponse), nil\n\t}\n}\n\nfunc (c *CdnClient) UpdateDomainMultiCertificates(request *model.UpdateDomainMultiCertificatesRequest) (*model.UpdateDomainMultiCertificatesResponse, error) {\n\trequestDef := hwcdn.GenReqDefForUpdateDomainMultiCertificates()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.UpdateDomainMultiCertificatesResponse), nil\n\t}\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-elb/consts.go",
"content": "package huaweicloudelb\n\nconst (\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go",
"content": "package huaweicloudelb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global\"\n\thcelb \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3\"\n\thcelbmodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model\"\n\thcelbregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region\"\n\thciam \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3\"\n\thciammodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model\"\n\thciamregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/huaweicloud-elb\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-elb/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云企业项目 ID。\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n\t// 华为云区域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n\t// 负载均衡器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.ElbClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t\tEnterpriseProjectId: config.EnterpriseProjectId,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询负载均衡器详情\n\t// REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html\n\tshowLoadBalancerReq := &hcelbmodel.ShowLoadBalancerRequest{\n\t\tLoadbalancerId: d.config.LoadbalancerId,\n\t}\n\tshowLoadBalancerResp, err := d.sdkClient.ShowLoadBalancer(showLoadBalancerReq)\n\td.logger.Debug(\"sdk request 'elb.ShowLoadBalancer'\", slog.Any(\"request\", showLoadBalancerReq), slog.Any(\"response\", showLoadBalancerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.ShowLoadBalancer': %w\", err)\n\t}\n\n\t// 查询监听器列表\n\t// REF: https://support.huaweicloud.com/api-elb/ListListeners.html\n\tlistenerIds := make([]string, 0)\n\tlistListenersMarker := (*string)(nil)\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistListenersReq := &hcelbmodel.ListListenersRequest{\n\t\t\tMarker: listListenersMarker,\n\t\t\tLimit: lo.ToPtr(int32(2000)),\n\t\t\tProtocol: &[]string{\"HTTPS\", \"TERMINATED_HTTPS\"},\n\t\t\tLoadbalancerId: &[]string{showLoadBalancerResp.Loadbalancer.Id},\n\t\t}\n\t\tif d.config.EnterpriseProjectId != \"\" {\n\t\t\tlistListenersReq.EnterpriseProjectId = lo.ToPtr([]string{d.config.EnterpriseProjectId})\n\t\t}\n\t\tlistListenersResp, err := d.sdkClient.ListListeners(listListenersReq)\n\t\td.logger.Debug(\"sdk request 'elb.ListListeners'\", slog.Any(\"request\", listListenersReq), slog.Any(\"response\", listListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.ListListeners': %w\", err)\n\t\t}\n\n\t\tif listListenersResp.Listeners == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, listener := range *listListenersResp.Listeners {\n\t\t\tlistenerIds = append(listenerIds, listener.Id)\n\t\t}\n\n\t\tif len(*listListenersResp.Listeners) == 0 || listListenersResp.PageInfo.NextMarker == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tlistListenersMarker = listListenersResp.PageInfo.NextMarker\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 遍历更新监听器证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, listenerId, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 更新监听器证书\n\tif err := d.updateListenerCertificate(ctx, d.config.ListenerId, upres.CertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == \"\" {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 替换证书\n\topres, err := d.sdkCertmgr.Replace(ctx, d.config.CertificateId, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {\n\t// 查询监听器详情\n\t// REF: https://support.huaweicloud.com/api-elb/ShowListener.html\n\tshowListenerReq := &hcelbmodel.ShowListenerRequest{\n\t\tListenerId: cloudListenerId,\n\t}\n\tshowListenerResp, err := d.sdkClient.ShowListener(showListenerReq)\n\td.logger.Debug(\"sdk request 'elb.ShowListener'\", slog.Any(\"request\", showListenerReq), slog.Any(\"response\", showListenerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.ShowListener': %w\", err)\n\t}\n\n\t// 更新监听器\n\t// REF: https://support.huaweicloud.com/api-elb/UpdateListener.html\n\tupdateListenerReq := &hcelbmodel.UpdateListenerRequest{\n\t\tListenerId: cloudListenerId,\n\t\tBody: &hcelbmodel.UpdateListenerRequestBody{\n\t\t\tListener: &hcelbmodel.UpdateListenerOption{\n\t\t\t\tDefaultTlsContainerRef: lo.ToPtr(cloudCertId),\n\t\t\t},\n\t\t},\n\t}\n\tif showListenerResp.Listener.SniContainerRefs != nil {\n\t\tif len(showListenerResp.Listener.SniContainerRefs) > 0 {\n\t\t\t// 如果开启 SNI,需替换同 SAN 的证书\n\t\t\tsniCertIds := make([]string, 0)\n\t\t\tsniCertIds = append(sniCertIds, cloudCertId)\n\n\t\t\tlistOldCertificateReq := &hcelbmodel.ListCertificatesRequest{\n\t\t\t\tId: &showListenerResp.Listener.SniContainerRefs,\n\t\t\t}\n\t\t\tlistOldCertificateResp, err := d.sdkClient.ListCertificates(listOldCertificateReq)\n\t\t\td.logger.Debug(\"sdk request 'elb.ListCertificates'\", slog.Any(\"request\", listOldCertificateReq), slog.Any(\"response\", listOldCertificateResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.ListCertificates': %w\", err)\n\t\t\t}\n\n\t\t\tshowNewCertificateReq := &hcelbmodel.ShowCertificateRequest{\n\t\t\t\tCertificateId: cloudCertId,\n\t\t\t}\n\t\t\tshowNewCertificateResp, err := d.sdkClient.ShowCertificate(showNewCertificateReq)\n\t\t\td.logger.Debug(\"sdk request 'elb.ShowCertificate'\", slog.Any(\"request\", showNewCertificateReq), slog.Any(\"response\", showNewCertificateResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.ShowCertificate': %w\", err)\n\t\t\t}\n\n\t\t\tfor _, oldCertInfo := range *listOldCertificateResp.Certificates {\n\t\t\t\tnewCertInfo := showNewCertificateResp.Certificate\n\n\t\t\t\tif oldCertInfo.SubjectAlternativeNames != nil && newCertInfo.SubjectAlternativeNames != nil {\n\t\t\t\t\tif strings.Join(*oldCertInfo.SubjectAlternativeNames, \",\") == strings.Join(*newCertInfo.SubjectAlternativeNames, \",\") {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tif oldCertInfo.Domain == newCertInfo.Domain {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tsniCertIds = append(sniCertIds, oldCertInfo.Id)\n\t\t\t}\n\n\t\t\tupdateListenerReq.Body.Listener.SniContainerRefs = &sniCertIds\n\t\t}\n\n\t\tif showListenerResp.Listener.SniMatchAlgo != \"\" {\n\t\t\tupdateListenerReq.Body.Listener.SniMatchAlgo = lo.ToPtr(showListenerResp.Listener.SniMatchAlgo)\n\t\t}\n\t}\n\tupdateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)\n\td.logger.Debug(\"sdk request 'elb.UpdateListener'\", slog.Any(\"request\", updateListenerReq), slog.Any(\"response\", updateListenerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'elb.UpdateListener': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*internal.ElbClient, error) {\n\tprojectId, err := getSDKProjectId(accessKeyId, secretAccessKey, region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tauth, err := basic.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tWithProjectId(projectId).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcRegion, err := hcelbregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcClient, err := hcelb.ElbClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewElbClient(hcClient)\n\treturn client, nil\n}\n\nfunc getSDKProjectId(accessKeyId, secretAccessKey, region string) (string, error) {\n\tif region == \"\" {\n\t\tregion = \"cn-north-4\" // IAM 服务默认区域:华北四北京\n\t}\n\n\tauth, err := global.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcRegion, err := hciamregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcClient, err := hciam.IamClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tclient := hciam.NewIamClient(hcClient)\n\n\trequest := &hciammodel.KeystoneListProjectsRequest{\n\t\tName: ®ion,\n\t}\n\tresponse, err := client.KeystoneListProjects(request)\n\tif err != nil {\n\t\treturn \"\", err\n\t} else if response.Projects == nil || len(*response.Projects) == 0 {\n\t\treturn \"\", errors.New(\"huaweicloud: no project found\")\n\t}\n\n\treturn (*response.Projects)[0].Id, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb_test.go",
"content": "package huaweicloudelb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-elb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegion string\n\tfCertificateId string\n\tfLoadbalancerId string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"HUAWEICLOUDELB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fCertificateId, argsPrefix+\"CERTIFICATEID\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./huaweicloud_elb_test.go -args \\\n\t--HUAWEICLOUDELB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--HUAWEICLOUDELB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--HUAWEICLOUDELB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--HUAWEICLOUDELB_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--HUAWEICLOUDELB_REGION=\"cn-north-1\" \\\n\t--HUAWEICLOUDELB_CERTIFICATEID=\"your-elb-cert-id\" \\\n\t--HUAWEICLOUDELB_LOADBALANCERID=\"your-elb-loadbalancer-id\" \\\n\t--HUAWEICLOUDELB_LISTENERID=\"your-elb-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToCertificate\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToLoadbalancer\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListenerId\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-elb/internal/client.go",
"content": "package internal\n\nimport (\n\thttpclient \"github.com/huaweicloud/huaweicloud-sdk-go-v3/core\"\n\thwelb \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model\"\n)\n\n// This is a partial copy of https://github.com/huaweicloud/huaweicloud-sdk-go-v3/blob/master/services/elb/v3/elb_client.go\n// to lightweight the vendor packages in the built binary.\ntype ElbClient struct {\n\tHcClient *httpclient.HcHttpClient\n}\n\nfunc NewElbClient(hcClient *httpclient.HcHttpClient) *ElbClient {\n\treturn &ElbClient{HcClient: hcClient}\n}\n\nfunc (c *ElbClient) ListCertificates(request *model.ListCertificatesRequest) (*model.ListCertificatesResponse, error) {\n\trequestDef := hwelb.GenReqDefForListCertificates()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListCertificatesResponse), nil\n\t}\n}\n\nfunc (c *ElbClient) ListListeners(request *model.ListListenersRequest) (*model.ListListenersResponse, error) {\n\trequestDef := hwelb.GenReqDefForListListeners()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListListenersResponse), nil\n\t}\n}\n\nfunc (c *ElbClient) ShowCertificate(request *model.ShowCertificateRequest) (*model.ShowCertificateResponse, error) {\n\trequestDef := hwelb.GenReqDefForShowCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ShowCertificateResponse), nil\n\t}\n}\n\nfunc (c *ElbClient) ShowListener(request *model.ShowListenerRequest) (*model.ShowListenerResponse, error) {\n\trequestDef := hwelb.GenReqDefForShowListener()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ShowListenerResponse), nil\n\t}\n}\n\nfunc (c *ElbClient) ShowLoadBalancer(request *model.ShowLoadBalancerRequest) (*model.ShowLoadBalancerResponse, error) {\n\trequestDef := hwelb.GenReqDefForShowLoadBalancer()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ShowLoadBalancerResponse), nil\n\t}\n}\n\nfunc (c *ElbClient) UpdateListener(request *model.UpdateListenerRequest) (*model.UpdateListenerResponse, error) {\n\trequestDef := hwelb.GenReqDefForUpdateListener()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.UpdateListenerResponse), nil\n\t}\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-obs/huaweicloud_obs.go",
"content": "package huaweicloudobs\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/hmac\"\n\t\"crypto/md5\"\n\t\"crypto/sha1\"\n\t\"encoding/base64\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云区域。\n\tRegion string `json:\"region\"`\n\t// 存储桶名。\n\tBucket string `json:\"bucket\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Region == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `region` is required\")\n\t}\n\tif d.config.Bucket == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `bucket` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `domain` is required\")\n\t}\n\n\t// REF: https://support.huaweicloud.com/usermanual-obs/obs_06_3200.html\n\t// REF: https://support.huaweicloud.com/api-obs/obs_04_0059.html\n\turl := fmt.Sprintf(\"https://%s.obs.%s.myhuaweicloud.com/?customdomain=%s\", d.config.Bucket, d.config.Region, d.config.Domain)\n\tbodyXML := fmt.Sprintf(`\n\n\t%s \n\t%s \n\t%s \n\t%s \n `,\n\t\td.config.Bucket+\"_\"+d.config.Domain, certPEM, certPEM, privkeyPEM,\n\t)\n\n\t// 计算 Content-MD5(Base64 编码)\n\tmd5sum := md5.Sum([]byte(bodyXML))\n\tmd5sumEncoded := base64.StdEncoding.EncodeToString(md5sum[:])\n\n\t// 构造签名字符串\n\tdate := time.Now().UTC().Format(http.TimeFormat)\n\tmethod := \"PUT\"\n\tcontentType := \"application/xml\"\n\tcanonicalizedResource := fmt.Sprintf(\"/%s/?customdomain=%s\", d.config.Bucket, d.config.Domain)\n\tstringToSign := fmt.Sprintf(\"%s\\n%s\\n%s\\n%s\\n%s\", method, md5sumEncoded, contentType, date, canonicalizedResource)\n\n\t// HMAC-SHA1 签名\n\th := hmac.New(sha1.New, []byte(d.config.SecretAccessKey))\n\th.Write([]byte(stringToSign))\n\tsignature := base64.StdEncoding.EncodeToString(h.Sum(nil))\n\n\t// Authorization\n\tauthHeader := fmt.Sprintf(\"OBS %s:%s\", d.config.AccessKeyId, signature)\n\n\t// 创建请求\n\treq, err := http.NewRequest(method, url, bytes.NewBuffer([]byte(bodyXML)))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"huaweicloud obs api error: %w\", err)\n\t}\n\treq.Header.Set(\"Date\", date)\n\treq.Header.Set(\"Authorization\", authHeader)\n\treq.Header.Set(\"Content-MD5\", md5sumEncoded)\n\treq.Header.Set(\"Content-Type\", contentType)\n\n\t// 请求\n\tresp, err := http.DefaultClient.Do(req)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"huaweicloud obs api error: %w\", err)\n\t}\n\tdefer resp.Body.Close()\n\n\t// 响应\n\tif resp.StatusCode != http.StatusOK {\n\t\tbody := &bytes.Buffer{}\n\t\tbody.ReadFrom(resp.Body)\n\t\treturn nil, fmt.Errorf(\"huaweicloud obs api error: unexpected status code: %d (resp: %s)\", resp.StatusCode, body.String())\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-obs/huaweicloud_obs_test.go",
"content": "package huaweicloudobs_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-obs\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegion string\n\tfBucket string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"HUAWEICLOUDOBS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fBucket, argsPrefix+\"BUCKET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./huaweicloud_obs_test.go -args \\\n\t--HUAWEICLOUDOBS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--HUAWEICLOUDOBS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--HUAWEICLOUDOBS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--HUAWEICLOUDOBS_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--HUAWEICLOUDOBS_REGION=\"cn-north-4\" \\\n\t--HUAWEICLOUDOBS_BUCKET=\"your-bucket\" \\\n\t--HUAWEICLOUDOBS_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"BUCKET: %v\", fBucket),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegion: fRegion,\n\t\t\tBucket: fBucket,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-scm/huaweicloud_scm.go",
"content": "package huaweicloudscm\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/huaweicloud-scm\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云企业项目 ID。\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t\tEnterpriseProjectId: config.EnterpriseProjectId,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-waf/consts.go",
"content": "package huaweicloudwaf\n\nconst (\n\t// 资源类型:部署到云模式防护网站。\n\tRESOURCE_TYPE_CLOUDSERVER = \"cloudserver\"\n\t// 资源类型:部署到独享模式防护网站。\n\tRESOURCE_TYPE_PREMIUMHOST = \"premiumhost\"\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-waf/huaweicloud_waf.go",
"content": "package huaweicloudwaf\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global\"\n\thciam \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3\"\n\thciamModel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model\"\n\thciamregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region\"\n\thcwaf \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1\"\n\thcwafmodel \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model\"\n\thcwafregion \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/huaweicloud-waf\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-waf/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 华为云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 华为云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 华为云企业项目 ID。\n\tEnterpriseProjectId string `json:\"enterpriseProjectId,omitempty\"`\n\t// 华为云区域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n\t// 防护域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_CLOUDSERVER]、[RESOURCE_TYPE_PREMIUMHOST] 时必填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.WafClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tSecretAccessKey: config.SecretAccessKey,\n\t\tEnterpriseProjectId: config.EnterpriseProjectId,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CLOUDSERVER:\n\t\tif err := d.deployToCloudServer(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_PREMIUMHOST:\n\t\tif err := d.deployToPremiumHost(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == \"\" {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 查询证书\n\t// REF: https://support.huaweicloud.com/api-waf/ShowCertificate.html\n\tshowCertificateReq := &hcwafmodel.ShowCertificateRequest{\n\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\tCertificateId: d.config.CertificateId,\n\t}\n\tshowCertificateResp, err := d.sdkClient.ShowCertificate(showCertificateReq)\n\td.logger.Debug(\"sdk request 'waf.ShowCertificate'\", slog.Any(\"request\", showCertificateReq), slog.Any(\"response\", showCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.ShowCertificate': %w\", err)\n\t}\n\n\t// 更新证书\n\t// REF: https://support.huaweicloud.com/api-waf/UpdateCertificate.html\n\tupdateCertificateReq := &hcwafmodel.UpdateCertificateRequest{\n\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\tCertificateId: d.config.CertificateId,\n\t\tBody: &hcwafmodel.UpdateCertificateRequestBody{\n\t\t\tName: *showCertificateResp.Name,\n\t\t\tContent: lo.ToPtr(certPEM),\n\t\t\tKey: lo.ToPtr(privkeyPEM),\n\t\t},\n\t}\n\tupdateCertificateResp, err := d.sdkClient.UpdateCertificate(updateCertificateReq)\n\td.logger.Debug(\"sdk request 'waf.UpdateCertificate'\", slog.Any(\"request\", updateCertificateReq), slog.Any(\"response\", updateCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.UpdateCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCloudServer(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.Domain == \"\" {\n\t\treturn errors.New(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 查询云模式防护域名列表,获取防护域名 ID\n\t// REF: https://support.huaweicloud.com/api-waf/ListHost.html\n\thostId := \"\"\n\tlistHostPage := 1\n\tlistHostPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistHostReq := &hcwafmodel.ListHostRequest{\n\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\t\tHostname: lo.ToPtr(strings.TrimPrefix(d.config.Domain, \"*\")),\n\t\t\tPage: lo.ToPtr(int32(listHostPage)),\n\t\t\tPagesize: lo.ToPtr(int32(listHostPageSize)),\n\t\t}\n\t\tlistHostResp, err := d.sdkClient.ListHost(listHostReq)\n\t\td.logger.Debug(\"sdk request 'waf.ListHost'\", slog.Any(\"request\", listHostReq), slog.Any(\"response\", listHostResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.ListHost': %w\", err)\n\t\t}\n\n\t\tif listHostResp.Items == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, hostItem := range *listHostResp.Items {\n\t\t\tif strings.TrimPrefix(d.config.Domain, \"*\") == *hostItem.Hostname {\n\t\t\t\thostId = *hostItem.Id\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\tif len(*listHostResp.Items) < listHostPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistHostPage++\n\t}\n\tif hostId == \"\" {\n\t\treturn fmt.Errorf(\"could not find cloudserver host '%s'\", d.config.Domain)\n\t}\n\n\t// 更新云模式防护域名的配置\n\t// REF: https://support.huaweicloud.com/api-waf/UpdateHost.html\n\tupdateHostReq := &hcwafmodel.UpdateHostRequest{\n\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\tInstanceId: hostId,\n\t\tBody: &hcwafmodel.UpdateHostRequestBody{\n\t\t\tCertificateid: lo.ToPtr(upres.CertId),\n\t\t\tCertificatename: lo.ToPtr(upres.CertName),\n\t\t},\n\t}\n\tupdateHostResp, err := d.sdkClient.UpdateHost(updateHostReq)\n\td.logger.Debug(\"sdk request 'waf.UpdateHost'\", slog.Any(\"request\", updateHostReq), slog.Any(\"response\", updateHostResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.UpdateHost': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToPremiumHost(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.Domain == \"\" {\n\t\treturn errors.New(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 查询独享模式域名列表,获取防护域名 ID\n\t// REF: https://support.huaweicloud.com/api-waf/ListPremiumHost.html\n\tvar hostId string\n\tlistPremiumHostPage := 1\n\tlistPremiumHostPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistPremiumHostReq := &hcwafmodel.ListPremiumHostRequest{\n\t\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\t\tHostname: lo.ToPtr(strings.TrimPrefix(d.config.Domain, \"*\")),\n\t\t\tPage: lo.ToPtr(fmt.Sprintf(\"%d\", listPremiumHostPage)),\n\t\t\tPagesize: lo.ToPtr(fmt.Sprintf(\"%d\", listPremiumHostPageSize)),\n\t\t}\n\t\tlistPremiumHostResp, err := d.sdkClient.ListPremiumHost(listPremiumHostReq)\n\t\td.logger.Debug(\"sdk request 'waf.ListPremiumHost'\", slog.Any(\"request\", listPremiumHostReq), slog.Any(\"response\", listPremiumHostResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.ListPremiumHost': %w\", err)\n\t\t}\n\n\t\tif listPremiumHostResp.Items == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, hostItem := range *listPremiumHostResp.Items {\n\t\t\tif strings.TrimPrefix(d.config.Domain, \"*\") == *hostItem.Hostname {\n\t\t\t\thostId = *hostItem.Id\n\t\t\t\tbreak\n\t\t\t}\n\t\t}\n\n\t\tif len(*listPremiumHostResp.Items) < listPremiumHostPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistPremiumHostPage++\n\t}\n\tif hostId == \"\" {\n\t\treturn fmt.Errorf(\"could not find premium host '%s'\", d.config.Domain)\n\t}\n\n\t// 修改独享模式域名配置\n\t// REF: https://support.huaweicloud.com/api-waf/UpdatePremiumHost.html\n\tupdatePremiumHostReq := &hcwafmodel.UpdatePremiumHostRequest{\n\t\tEnterpriseProjectId: lo.EmptyableToPtr(d.config.EnterpriseProjectId),\n\t\tHostId: hostId,\n\t\tBody: &hcwafmodel.UpdatePremiumHostRequestBody{\n\t\t\tCertificateid: lo.ToPtr(upres.CertId),\n\t\t\tCertificatename: lo.ToPtr(upres.CertName),\n\t\t},\n\t}\n\tupdatePremiumHostResp, err := d.sdkClient.UpdatePremiumHost(updatePremiumHostReq)\n\td.logger.Debug(\"sdk request 'waf.UpdatePremiumHost'\", slog.Any(\"request\", updatePremiumHostReq), slog.Any(\"response\", updatePremiumHostResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.UpdatePremiumHost': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey, region string) (*internal.WafClient, error) {\n\tprojectId, err := getSDKProjectId(accessKeyId, secretAccessKey, region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tauth, err := basic.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tWithProjectId(projectId).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcRegion, err := hcwafregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\thcClient, err := hcwaf.WafClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewWafClient(hcClient)\n\treturn client, nil\n}\n\nfunc getSDKProjectId(accessKeyId, secretAccessKey, region string) (string, error) {\n\tauth, err := global.NewCredentialsBuilder().\n\t\tWithAk(accessKeyId).\n\t\tWithSk(secretAccessKey).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcRegion, err := hciamregion.SafeValueOf(region)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\thcClient, err := hciam.IamClientBuilder().\n\t\tWithRegion(hcRegion).\n\t\tWithCredential(auth).\n\t\tSafeBuild()\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tclient := hciam.NewIamClient(hcClient)\n\n\trequest := &hciamModel.KeystoneListProjectsRequest{\n\t\tName: ®ion,\n\t}\n\tresponse, err := client.KeystoneListProjects(request)\n\tif err != nil {\n\t\treturn \"\", err\n\t} else if response.Projects == nil || len(*response.Projects) == 0 {\n\t\treturn \"\", errors.New(\"huaweicloud: no project found\")\n\t}\n\n\treturn (*response.Projects)[0].Id, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-waf/huaweicloud_waf_test.go",
"content": "package huaweicloudwaf_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/huaweicloud-waf\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfRegion string\n\tfResourceType string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"HUAWEICLOUDWAF_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fResourceType, argsPrefix+\"RESOURCETYPE\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./huaweicloud_waf_test.go -args \\\n\t--HUAWEICLOUDWAF_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--HUAWEICLOUDWAF_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--HUAWEICLOUDWAF_ACCESSKEYID=\"your-access-key-id\" \\\n\t--HUAWEICLOUDWAF_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--HUAWEICLOUDWAF_REGION=\"cn-north-1\" \\\n\t--HUAWEICLOUDWAF_RESOURCETYPE=\"premium\" \\\n\t--HUAWEICLOUDWAF_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"RESOURCETYPE: %v\", fResourceType),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: fResourceType,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/huaweicloud-waf/internal/client.go",
"content": "package internal\n\nimport (\n\thttpclient \"github.com/huaweicloud/huaweicloud-sdk-go-v3/core\"\n\thwwaf \"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1\"\n\t\"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model\"\n)\n\n// This is a partial copy of https://github.com/huaweicloud/huaweicloud-sdk-go-v3/blob/master/services/waf/v1/waf_client.go\n// to lightweight the vendor packages in the built binary.\ntype WafClient struct {\n\tHcClient *httpclient.HcHttpClient\n}\n\nfunc NewWafClient(hcClient *httpclient.HcHttpClient) *WafClient {\n\treturn &WafClient{HcClient: hcClient}\n}\n\nfunc (c *WafClient) ListHost(request *model.ListHostRequest) (*model.ListHostResponse, error) {\n\trequestDef := hwwaf.GenReqDefForListHost()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListHostResponse), nil\n\t}\n}\n\nfunc (c *WafClient) ListPremiumHost(request *model.ListPremiumHostRequest) (*model.ListPremiumHostResponse, error) {\n\trequestDef := hwwaf.GenReqDefForListPremiumHost()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ListPremiumHostResponse), nil\n\t}\n}\n\nfunc (c *WafClient) ShowCertificate(request *model.ShowCertificateRequest) (*model.ShowCertificateResponse, error) {\n\trequestDef := hwwaf.GenReqDefForShowCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.ShowCertificateResponse), nil\n\t}\n}\n\nfunc (c *WafClient) UpdateCertificate(request *model.UpdateCertificateRequest) (*model.UpdateCertificateResponse, error) {\n\trequestDef := hwwaf.GenReqDefForUpdateCertificate()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.UpdateCertificateResponse), nil\n\t}\n}\n\nfunc (c *WafClient) UpdateHost(request *model.UpdateHostRequest) (*model.UpdateHostResponse, error) {\n\trequestDef := hwwaf.GenReqDefForUpdateHost()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.UpdateHostResponse), nil\n\t}\n}\n\nfunc (c *WafClient) UpdatePremiumHost(request *model.UpdatePremiumHostRequest) (*model.UpdatePremiumHostResponse, error) {\n\trequestDef := hwwaf.GenReqDefForUpdatePremiumHost()\n\n\tif resp, err := c.HcClient.Sync(request, requestDef); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn resp.(*model.UpdatePremiumHostResponse), nil\n\t}\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-alb/consts.go",
"content": "package jdcloudalb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-alb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\n\t\"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tlb \"github.com/jdcloud-api/jdcloud-sdk-go/services/lb/apis\"\n)\n\n// This is a partial copy of https://github.com/jdcloud-api/jdcloud-sdk-go/blob/master/services/lb/client/LbClient.go\n// to lightweight the vendor packages in the built binary.\ntype LbClient struct {\n\tcore.JDCloudClient\n}\n\nfunc NewLbClient(credential *core.Credential) *LbClient {\n\tif credential == nil {\n\t\treturn nil\n\t}\n\n\tconfig := core.NewConfig()\n\tconfig.SetEndpoint(\"lb.jdcloud-api.com\")\n\n\treturn &LbClient{\n\t\tcore.JDCloudClient{\n\t\t\tCredential: *credential,\n\t\t\tConfig: *config,\n\t\t\tServiceName: \"lb\",\n\t\t\tRevision: \"0.6.6\",\n\t\t\tLogger: core.NewDefaultLogger(core.LogInfo),\n\t\t},\n\t}\n}\n\nfunc (c *LbClient) DescribeListener(request *lb.DescribeListenerRequest) (*lb.DescribeListenerResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &lb.DescribeListenerResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *LbClient) DescribeListeners(request *lb.DescribeListenersRequest) (*lb.DescribeListenersResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &lb.DescribeListenersResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *LbClient) DescribeLoadBalancer(request *lb.DescribeLoadBalancerRequest) (*lb.DescribeLoadBalancerResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &lb.DescribeLoadBalancerResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *LbClient) UpdateListener(request *lb.UpdateListenerRequest) (*lb.UpdateListenerResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &lb.UpdateListenerResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *LbClient) UpdateListenerCertificates(request *lb.UpdateListenerCertificatesRequest) (*lb.UpdateListenerCertificatesResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &lb.UpdateListenerCertificatesResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-alb/jdcloud_alb.go",
"content": "package jdcloudalb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\tjdcore \"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tjdcommon \"github.com/jdcloud-api/jdcloud-sdk-go/services/common/models\"\n\tjdlb \"github.com/jdcloud-api/jdcloud-sdk-go/services/lb/apis\"\n\tjdlbmodel \"github.com/jdcloud-api/jdcloud-sdk-go/services/lb/models\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/jdcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-alb/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 京东云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 京东云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 京东云地域 ID。\n\tRegionId string `json:\"regionId\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 监听器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n\t// SNI 域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.LbClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询负载均衡器详情\n\t// REF: https://docs.jdcloud.com/cn/load-balancer/api/describeloadbalancer\n\tdescribeLoadBalancerReq := jdlb.NewDescribeLoadBalancerRequestWithoutParam()\n\tdescribeLoadBalancerReq.SetRegionId(d.config.RegionId)\n\tdescribeLoadBalancerReq.SetLoadBalancerId(d.config.LoadbalancerId)\n\tdescribeLoadBalancerResp, err := d.sdkClient.DescribeLoadBalancer(describeLoadBalancerReq)\n\td.logger.Debug(\"sdk request 'lb.DescribeLoadBalancer'\", slog.Any(\"request\", describeLoadBalancerReq), slog.Any(\"response\", describeLoadBalancerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'lb.DescribeLoadBalancer': %w\", err)\n\t}\n\n\t// 查询监听器列表\n\t// REF: https://docs.jdcloud.com/cn/load-balancer/api/describelisteners\n\tlistenerIds := make([]string, 0)\n\tdescribeListenersPageNumber := 1\n\tdescribeListenersPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeListenersReq := jdlb.NewDescribeListenersRequestWithoutParam()\n\t\tdescribeListenersReq.SetRegionId(d.config.RegionId)\n\t\tdescribeListenersReq.SetFilters([]jdcommon.Filter{{Name: \"loadBalancerId\", Values: []string{d.config.LoadbalancerId}}})\n\t\tdescribeListenersReq.SetPageSize(describeListenersPageNumber)\n\t\tdescribeListenersReq.SetPageSize(describeListenersPageSize)\n\t\tdescribeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)\n\t\td.logger.Debug(\"sdk request 'lb.DescribeListeners'\", slog.Any(\"request\", describeListenersReq), slog.Any(\"response\", describeListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'lb.DescribeListeners': %w\", err)\n\t\t}\n\n\t\tfor _, listener := range describeListenersResp.Result.Listeners {\n\t\t\tif strings.EqualFold(listener.Protocol, \"https\") || strings.EqualFold(listener.Protocol, \"tls\") {\n\t\t\t\tlistenerIds = append(listenerIds, listener.ListenerId)\n\t\t\t}\n\t\t}\n\n\t\tif len(describeListenersResp.Result.Listeners) < describeListenersPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeListenersPageNumber++\n\t}\n\n\t// 遍历更新监听器证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https/tls listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 更新监听器证书\n\tif err := d.updateListenerCertificate(ctx, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {\n\t// 查询监听器详情\n\t// REF: https://docs.jdcloud.com/cn/load-balancer/api/describelistener\n\tdescribeListenerReq := jdlb.NewDescribeListenerRequestWithoutParam()\n\tdescribeListenerReq.SetRegionId(d.config.RegionId)\n\tdescribeListenerReq.SetListenerId(cloudListenerId)\n\tdescribeListenerResp, err := d.sdkClient.DescribeListener(describeListenerReq)\n\td.logger.Debug(\"sdk request 'lb.DescribeListener'\", slog.Any(\"request\", describeListenerReq), slog.Any(\"response\", describeListenerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'lb.DescribeListener': %w\", err)\n\t}\n\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\n\t\t// 修改监听器信息\n\t\t// REF: https://docs.jdcloud.com/cn/load-balancer/api/updatelistener\n\t\tupdateListenerReq := jdlb.NewUpdateListenerRequestWithoutParam()\n\t\tupdateListenerReq.SetRegionId(d.config.RegionId)\n\t\tupdateListenerReq.SetListenerId(cloudListenerId)\n\t\tupdateListenerReq.SetCertificateSpecs([]jdlbmodel.CertificateSpec{{CertificateId: cloudCertId}})\n\t\tupdateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)\n\t\td.logger.Debug(\"sdk request 'lb.UpdateListener'\", slog.Any(\"request\", updateListenerReq), slog.Any(\"response\", updateListenerResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'lb.UpdateListener': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展证书\n\n\t\textCertSpecs := lo.Filter(describeListenerResp.Result.Listener.ExtensionCertificateSpecs, func(extCertSpec jdlbmodel.ExtensionCertificateSpec, _ int) bool {\n\t\t\treturn extCertSpec.Domain == d.config.Domain\n\t\t})\n\t\tif len(extCertSpecs) == 0 {\n\t\t\treturn errors.New(\"could not find any extension certificates\")\n\t\t}\n\n\t\t// 批量修改扩展证书\n\t\t// REF: https://docs.jdcloud.com/cn/load-balancer/api/updatelistenercertificates\n\t\tupdateListenerCertificatesReq := jdlb.NewUpdateListenerCertificatesRequestWithoutParam()\n\t\tupdateListenerCertificatesReq.SetRegionId(d.config.RegionId)\n\t\tupdateListenerCertificatesReq.SetListenerId(cloudListenerId)\n\t\tupdateListenerCertificatesReq.SetCertificates(lo.Map(extCertSpecs, func(extCertSpec jdlbmodel.ExtensionCertificateSpec, _ int) jdlbmodel.ExtCertificateUpdateSpec {\n\t\t\treturn jdlbmodel.ExtCertificateUpdateSpec{\n\t\t\t\tCertificateBindId: extCertSpec.CertificateBindId,\n\t\t\t\tCertificateId: &cloudCertId,\n\t\t\t\tDomain: &extCertSpec.Domain,\n\t\t\t}\n\t\t}))\n\t\tupdateListenerCertificatesResp, err := d.sdkClient.UpdateListenerCertificates(updateListenerCertificatesReq)\n\t\td.logger.Debug(\"sdk request 'lb.UpdateListenerCertificates'\", slog.Any(\"request\", updateListenerCertificatesReq), slog.Any(\"response\", updateListenerCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'lb.UpdateListenerCertificates': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.LbClient, error) {\n\tclientCredentials := jdcore.NewCredentials(accessKeyId, accessKeySecret)\n\tclient := internal.NewLbClient(clientCredentials)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-alb/jdcloud_alb_test.go",
"content": "package jdcloudalb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-alb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegionId string\n\tfLoadbalancerId string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"JDCLOUDALB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegionId, argsPrefix+\"REGIONID\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./jdcloud_alb_test.go -args \\\n\t--JDCLOUDALB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--JDCLOUDALB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--JDCLOUDALB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--JDCLOUDALB_ACCESSKEYSECRET=\"your-secret-access-key\" \\\n\t--JDCLOUDALB_REGION_ID=\"cn-north-1\" \\\n\t--JDCLOUDALB_LOADBALANCERID=\"your-alb-loadbalancer-id\" \\\n\t--JDCLOUDALB_LISTENERID=\"your-alb-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToLoadbalancer\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGIONID: %v\", fRegionId),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegionId: fRegionId,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGIONID: %v\", fRegionId),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegionId: fRegionId,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-cdn/consts.go",
"content": "package jdcloudcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-cdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\n\t\"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tcdn \"github.com/jdcloud-api/jdcloud-sdk-go/services/cdn/apis\"\n)\n\n// This is a partial copy of https://github.com/jdcloud-api/jdcloud-sdk-go/blob/master/services/cdn/client/CdnClient.go\n// to lightweight the vendor packages in the built binary.\ntype CdnClient struct {\n\tcore.JDCloudClient\n}\n\nfunc NewCdnClient(credential *core.Credential) *CdnClient {\n\tif credential == nil {\n\t\treturn nil\n\t}\n\n\tconfig := core.NewConfig()\n\tconfig.SetEndpoint(\"cdn.jdcloud-api.com\")\n\n\treturn &CdnClient{\n\t\tcore.JDCloudClient{\n\t\t\tCredential: *credential,\n\t\t\tConfig: *config,\n\t\t\tServiceName: \"cdn\",\n\t\t\tRevision: \"0.10.47\",\n\t\t\tLogger: core.NewDummyLogger(),\n\t\t},\n\t}\n}\n\nfunc (c *CdnClient) GetDomainList(request *cdn.GetDomainListRequest) (*cdn.GetDomainListResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &cdn.GetDomainListResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *CdnClient) QueryDomainConfig(request *cdn.QueryDomainConfigRequest) (*cdn.QueryDomainConfigResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &cdn.QueryDomainConfigResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *CdnClient) SetHttpType(request *cdn.SetHttpTypeRequest) (*cdn.SetHttpTypeResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &cdn.SetHttpTypeResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-cdn/jdcloud_cdn.go",
"content": "package jdcloudcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\tjdcore \"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tjdcdn \"github.com/jdcloud-api/jdcloud-sdk-go/services/cdn/apis\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/jdcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-cdn/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 京东云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 京东云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://docs.jdcloud.com/cn/cdn/api/getdomainlist\n\tgetDomainListPageNumber := 1\n\tgetDomainListPageSize := 50\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetDomainListReq := jdcdn.NewGetDomainListRequestWithoutParam()\n\t\tgetDomainListReq.SetPageNumber(getDomainListPageNumber)\n\t\tgetDomainListReq.SetPageSize(getDomainListPageSize)\n\t\tgetDomainListResp, err := d.sdkClient.GetDomainList(getDomainListReq)\n\t\td.logger.Debug(\"sdk request 'cdn.GetDomainList'\", slog.Any(\"request\", getDomainListReq), slog.Any(\"response\", getDomainListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.GetDomainList': %w\", err)\n\t\t}\n\n\t\tignoredStatuses := []string{\"offline\"}\n\t\tfor _, domainItem := range getDomainListResp.Result.Domains {\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t}\n\n\t\tif len(getDomainListResp.Result.Domains) < getDomainListPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tgetDomainListPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 查询域名配置信息\n\t// REF: https://docs.jdcloud.com/cn/cdn/api/querydomainconfig\n\tqueryDomainConfigReq := jdcdn.NewQueryDomainConfigRequestWithoutParam()\n\tqueryDomainConfigReq.SetDomain(domain)\n\tqueryDomainConfigResp, err := d.sdkClient.QueryDomainConfig(queryDomainConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.QueryDomainConfig'\", slog.Any(\"request\", queryDomainConfigReq), slog.Any(\"response\", queryDomainConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.QueryDomainConfig': %w\", err)\n\t}\n\n\t// 设置通讯协议\n\t// REF: https://docs.jdcloud.com/cn/cdn/api/sethttptype\n\tsetHttpTypeReq := jdcdn.NewSetHttpTypeRequestWithoutParam()\n\tsetHttpTypeReq.SetDomain(domain)\n\tsetHttpTypeReq.SetHttpType(\"https\")\n\tsetHttpTypeReq.SetCertFrom(\"ssl\")\n\tsetHttpTypeReq.SetSslCertId(cloudCertId)\n\tsetHttpTypeReq.SetJumpType(queryDomainConfigResp.Result.HttpsJumpType)\n\tsetHttpTypeResp, err := d.sdkClient.SetHttpType(setHttpTypeReq)\n\td.logger.Debug(\"sdk request 'cdn.QueryDomainConfig'\", slog.Any(\"request\", setHttpTypeReq), slog.Any(\"response\", setHttpTypeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.SetHttpType': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.CdnClient, error) {\n\tclientCredentials := jdcore.NewCredentials(accessKeyId, accessKeySecret)\n\tclient := internal.NewCdnClient(clientCredentials)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-cdn/jdcloud_cdn_test.go",
"content": "package jdcloudcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"JDCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./jdcloud_cdn_test.go -args \\\n\t--JDCLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--JDCLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--JDCLOUDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--JDCLOUDCDN_ACCESSKEYSECRET=\"your-secret-access-key\" \\\n\t--JDCLOUDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-live/consts.go",
"content": "package jdcloudlive\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-live/internal/client.go",
"content": "package internal\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\n\t\"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tlive \"github.com/jdcloud-api/jdcloud-sdk-go/services/live/apis\"\n)\n\n// This is a partial copy of https://github.com/jdcloud-api/jdcloud-sdk-go/blob/master/services/live/client/LiveClient.go\n// to lightweight the vendor packages in the built binary.\ntype LiveClient struct {\n\tcore.JDCloudClient\n}\n\nfunc NewLiveClient(credential *core.Credential) *LiveClient {\n\tif credential == nil {\n\t\treturn nil\n\t}\n\n\tconfig := core.NewConfig()\n\tconfig.SetEndpoint(\"live.jdcloud-api.com\")\n\n\treturn &LiveClient{\n\t\tcore.JDCloudClient{\n\t\t\tCredential: *credential,\n\t\t\tConfig: *config,\n\t\t\tServiceName: \"live\",\n\t\t\tRevision: \"1.0.22\",\n\t\t\tLogger: core.NewDummyLogger(),\n\t\t},\n\t}\n}\n\nfunc (c *LiveClient) DescribeLiveDomains(request *live.DescribeLiveDomainsRequest) (*live.DescribeLiveDomainsResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &live.DescribeLiveDomainsResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *LiveClient) SetLiveDomainCertificate(request *live.SetLiveDomainCertificateRequest) (*live.SetLiveDomainCertificateResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &live.SetLiveDomainCertificateResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-live/jdcloud_live.go",
"content": "package jdcloudlive\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\tjdcore \"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tjdlive \"github.com/jdcloud-api/jdcloud-sdk-go/services/live/apis\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-live/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 京东云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 京东云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 直播播放域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.LiveClient\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no live domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found live domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://docs.jdcloud.com/cn/live-video/api/describelivedomains\n\tdescribeLiveDomainsPageNumber := 1\n\tdescribeLiveDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeLiveDomainsReq := jdlive.NewDescribeLiveDomainsRequestWithoutParam()\n\t\tdescribeLiveDomainsReq.SetPageNum(describeLiveDomainsPageNumber)\n\t\tdescribeLiveDomainsReq.SetPageSize(describeLiveDomainsPageSize)\n\t\tdescribeLiveDomainsResp, err := d.sdkClient.DescribeLiveDomains(describeLiveDomainsReq)\n\t\td.logger.Debug(\"sdk request 'live.DescribeLiveDomainsRequest'\", slog.Any(\"request\", describeLiveDomainsReq), slog.Any(\"response\", describeLiveDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'live.DescribeLiveDomainsRequest': %w\", err)\n\t\t}\n\n\t\tignoredStatuses := []string{\"offline\", \"checking\", \"check_failed\"}\n\t\tfor _, domainItem := range describeLiveDomainsResp.Result.DomainDetails {\n\t\t\tfor _, playDomainItem := range domainItem.PlayDomains {\n\t\t\t\tif lo.Contains(ignoredStatuses, playDomainItem.DomainStatus) {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tdomains = append(domains, playDomainItem.PlayDomain)\n\t\t\t}\n\t\t}\n\n\t\tif len(describeLiveDomainsResp.Result.DomainDetails) < describeLiveDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeLiveDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, certPEM, privkeyPEM string) error {\n\t// 设置直播证书\n\t// REF: https://docs.jdcloud.com/cn/live-video/api/setlivedomaincertificate\n\tsetLiveDomainCertificateReq := jdlive.NewSetLiveDomainCertificateRequestWithoutParam()\n\tsetLiveDomainCertificateReq.SetPlayDomain(domain)\n\tsetLiveDomainCertificateReq.SetCertStatus(\"on\")\n\tsetLiveDomainCertificateReq.SetCert(certPEM)\n\tsetLiveDomainCertificateReq.SetKey(privkeyPEM)\n\tsetLiveDomainCertificateResp, err := d.sdkClient.SetLiveDomainCertificate(setLiveDomainCertificateReq)\n\td.logger.Debug(\"sdk request 'live.SetLiveDomainCertificate'\", slog.Any(\"request\", setLiveDomainCertificateReq), slog.Any(\"response\", setLiveDomainCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'live.SetLiveDomainCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.LiveClient, error) {\n\tclientCredentials := jdcore.NewCredentials(accessKeyId, accessKeySecret)\n\tclient := internal.NewLiveClient(clientCredentials)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-live/jdcloud_live_test.go",
"content": "package jdcloudlive_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-live\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"JDCLOUDLIVE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./jdcloud_live_test.go -args \\\n\t--JDCLOUDLIVE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--JDCLOUDLIVE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--JDCLOUDLIVE_ACCESSKEYID=\"your-access-key-id\" \\\n\t--JDCLOUDLIVE_ACCESSKEYSECRET=\"your-secret-access-key\" \\\n\t--JDCLOUDLIVE_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-vod/consts.go",
"content": "package jdcloudvod\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-vod/internal/client.go",
"content": "package internal\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\n\t\"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tvod \"github.com/jdcloud-api/jdcloud-sdk-go/services/vod/apis\"\n)\n\n// This is a partial copy of https://github.com/jdcloud-api/jdcloud-sdk-go/blob/master/services/vod/client/VodClient.go\n// to lightweight the vendor packages in the built binary.\ntype VodClient struct {\n\tcore.JDCloudClient\n}\n\nfunc NewVodClient(credential *core.Credential) *VodClient {\n\tif credential == nil {\n\t\treturn nil\n\t}\n\n\tconfig := core.NewConfig()\n\tconfig.SetEndpoint(\"vod.jdcloud-api.com\")\n\n\treturn &VodClient{\n\t\tcore.JDCloudClient{\n\t\t\tCredential: *credential,\n\t\t\tConfig: *config,\n\t\t\tServiceName: \"vod\",\n\t\t\tRevision: \"1.2.1\",\n\t\t\tLogger: core.NewDummyLogger(),\n\t\t},\n\t}\n}\n\nfunc (c *VodClient) ListDomains(request *vod.ListDomainsRequest) (*vod.ListDomainsResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &vod.ListDomainsResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *VodClient) GetHttpSsl(request *vod.GetHttpSslRequest) (*vod.GetHttpSslResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &vod.GetHttpSslResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n\nfunc (c *VodClient) SetHttpSsl(request *vod.SetHttpSslRequest) (*vod.SetHttpSslResponse, error) {\n\tif request == nil {\n\t\treturn nil, errors.New(\"Request object is nil.\")\n\t}\n\n\tresp, err := c.Send(request, c.ServiceName)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tjdResp := &vod.SetHttpSslResponse{}\n\terr = json.Unmarshal(resp, jdResp)\n\tif err != nil {\n\t\tc.Logger.Log(core.LogError, \"Unmarshal json failed, resp: %s\", string(resp))\n\t\treturn nil, err\n\t}\n\n\treturn jdResp, err\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-vod/jdcloud_vod.go",
"content": "package jdcloudvod\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"time\"\n\n\tjdcore \"github.com/jdcloud-api/jdcloud-sdk-go/core\"\n\tjdvod \"github.com/jdcloud-api/jdcloud-sdk-go/services/vod/apis\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-vod/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 京东云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 京东云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 点播加速域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.VodClient\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no vod domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found vod domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://docs.jdcloud.com/cn/video-on-demand/api/listdomains\n\tlistDomainsPageNumber := 1\n\tlistDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainsReq := jdvod.NewListDomainsRequestWithoutParam()\n\t\tlistDomainsReq.SetPageNumber(listDomainsPageNumber)\n\t\tlistDomainsReq.SetPageSize(listDomainsPageSize)\n\t\tlistDomainsResp, err := d.sdkClient.ListDomains(listDomainsReq)\n\t\td.logger.Debug(\"sdk request 'vod.ListDomains'\", slog.Any(\"request\", listDomainsReq), slog.Any(\"response\", listDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'vod.ListDomains': %w\", err)\n\t\t}\n\n\t\tignoredStatuses := []string{\"init\", \"stopped\"}\n\t\tfor _, domainItem := range listDomainsResp.Result.Content {\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Name)\n\t\t}\n\n\t\tif len(listDomainsResp.Result.Content) < listDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, certPEM, privkeyPEM string) error {\n\t// 获取域名 ID\n\tdomainId, err := d.findDomainIdByDomain(ctx, domain)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 查询域名 SSL 配置\n\t// REF: https://docs.jdcloud.com/cn/video-on-demand/api/gethttpssl\n\tgetHttpSslReq := jdvod.NewGetHttpSslRequestWithoutParam()\n\tgetHttpSslReq.SetDomainId(domainId)\n\tgetHttpSslResp, err := d.sdkClient.GetHttpSsl(getHttpSslReq)\n\td.logger.Debug(\"sdk request 'vod.GetHttpSsl'\", slog.Any(\"request\", getHttpSslReq), slog.Any(\"response\", getHttpSslResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'vod.GetHttpSsl': %w\", err)\n\t}\n\n\t// 设置域名 SSL 配置\n\t// REF: https://docs.jdcloud.com/cn/video-on-demand/api/sethttpssl\n\tsetHttpSslReq := jdvod.NewSetHttpSslRequestWithoutParam()\n\tsetHttpSslReq.SetDomainId(domainId)\n\tsetHttpSslReq.SetTitle(fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()))\n\tsetHttpSslReq.SetSslCert(certPEM)\n\tsetHttpSslReq.SetSslKey(privkeyPEM)\n\tsetHttpSslReq.SetSource(\"default\")\n\tsetHttpSslReq.SetJumpType(getHttpSslResp.Result.JumpType)\n\tsetHttpSslReq.SetEnabled(true)\n\tsetHttpSslResp, err := d.sdkClient.SetHttpSsl(setHttpSslReq)\n\td.logger.Debug(\"sdk request 'vod.SetHttpSsl'\", slog.Any(\"request\", setHttpSslReq), slog.Any(\"response\", setHttpSslResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'vod.SetHttpSsl': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) findDomainIdByDomain(ctx context.Context, domain string) (int, error) {\n\t// 查询域名列表\n\t// REF: https://docs.jdcloud.com/cn/video-on-demand/api/listdomains\n\tlistDomainsPageNumber := 1\n\tlistDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn 0, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainsReq := jdvod.NewListDomainsRequestWithoutParam()\n\t\tlistDomainsReq.SetPageNumber(listDomainsPageNumber)\n\t\tlistDomainsReq.SetPageSize(listDomainsPageSize)\n\t\tlistDomainsResp, err := d.sdkClient.ListDomains(listDomainsReq)\n\t\td.logger.Debug(\"sdk request 'vod.ListDomains'\", slog.Any(\"request\", listDomainsReq), slog.Any(\"response\", listDomainsResp))\n\t\tif err != nil {\n\t\t\treturn 0, fmt.Errorf(\"failed to execute sdk request 'vod.ListDomains': %w\", err)\n\t\t}\n\n\t\tfor _, domainItem := range listDomainsResp.Result.Content {\n\t\t\tif domainItem.Name == domain {\n\t\t\t\tdomainId, _ := strconv.Atoi(domainItem.Id)\n\t\t\t\treturn domainId, nil\n\t\t\t}\n\t\t}\n\n\t\tif len(listDomainsResp.Result.Content) < listDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainsPageNumber++\n\t}\n\n\treturn 0, fmt.Errorf(\"could not find domain '%s'\", domain)\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.VodClient, error) {\n\tclientCredentials := jdcore.NewCredentials(accessKeyId, accessKeySecret)\n\tclient := internal.NewVodClient(clientCredentials)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/jdcloud-vod/jdcloud_vod_test.go",
"content": "package jdcloudvod_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/jdcloud-vod\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"JDCLOUDVOD_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./jdcloud_vod_test.go -args \\\n\t--JDCLOUDVOD_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--JDCLOUDVOD_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--JDCLOUDVOD_ACCESSKEYID=\"your-access-key-id\" \\\n\t--JDCLOUDVOD_ACCESSKEYSECRET=\"your-secret-access-key\" \\\n\t--JDCLOUDVOD_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/k8s-secret/k8s_secret.go",
"content": "package k8ssecret\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\tk8score \"k8s.io/api/core/v1\"\n\tk8serrors \"k8s.io/apimachinery/pkg/api/errors\"\n\tk8smeta \"k8s.io/apimachinery/pkg/apis/meta/v1\"\n\t\"k8s.io/client-go/kubernetes\"\n\t\"k8s.io/client-go/rest\"\n\t\"k8s.io/client-go/tools/clientcmd\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// kubeconfig 文件内容。\n\tKubeConfig string `json:\"kubeConfig,omitempty\"`\n\t// Kubernetes 命名空间。\n\tNamespace string `json:\"namespace,omitempty\"`\n\t// Kubernetes Secret 名称。\n\tSecretName string `json:\"secretName\"`\n\t// Kubernetes Secret 类型。\n\tSecretType string `json:\"secretType\"`\n\t// Kubernetes Secret 中用于存放证书的 Key。\n\tSecretDataKeyForCrt string `json:\"secretDataKeyForCrt,omitempty\"`\n\t// Kubernetes Secret 中用于存放私钥的 Key。\n\tSecretDataKeyForKey string `json:\"secretDataKeyForKey,omitempty\"`\n\t// Kubernetes Secret 注解。\n\tSecretAnnotations map[string]string `json:\"secretAnnotations,omitempty\"`\n\t// Kubernetes Secret 标签。\n\tSecretLabels map[string]string `json:\"secretLabels,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\treturn &Deployer{\n\t\tlogger: slog.Default(),\n\t\tconfig: config,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Namespace == \"\" {\n\t\treturn nil, errors.New(\"config `namespace` is required\")\n\t}\n\tif d.config.SecretName == \"\" {\n\t\treturn nil, errors.New(\"config `secretName` is required\")\n\t}\n\tif d.config.SecretType == \"\" {\n\t\treturn nil, errors.New(\"config `secretType` is required\")\n\t}\n\tif d.config.SecretDataKeyForCrt == \"\" {\n\t\treturn nil, errors.New(\"config `secretDataKeyForCrt` is required\")\n\t}\n\tif d.config.SecretDataKeyForKey == \"\" {\n\t\treturn nil, errors.New(\"config `secretDataKeyForKey` is required\")\n\t}\n\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 连接\n\tclient, err := createK8sClient(d.config.KubeConfig)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create kubernetes client: %w\", err)\n\t}\n\n\tvar secretPayload *k8score.Secret\n\tsecretAnnotations := map[string]string{\n\t\t\"certimate/common-name\": certX509.Subject.CommonName,\n\t\t\"certimate/subject-sn\": certX509.Subject.SerialNumber,\n\t\t\"certimate/subject-alt-names\": strings.Join(certX509.DNSNames, \",\"),\n\t\t\"certimate/issuer-sn\": certX509.Issuer.SerialNumber,\n\t\t\"certimate/issuer-org\": strings.Join(certX509.Issuer.Organization, \",\"),\n\t}\n\tsecretLabels := map[string]string{}\n\tif d.config.SecretAnnotations != nil {\n\t\tfor k, v := range d.config.SecretAnnotations {\n\t\t\tsecretAnnotations[k] = v\n\t\t}\n\t}\n\tif d.config.SecretLabels != nil {\n\t\tfor k, v := range d.config.SecretLabels {\n\t\t\tsecretLabels[k] = v\n\t\t}\n\t}\n\n\t// 获取 Secret 实例,如果不存在则创建\n\tsecretPayload, err = client.CoreV1().Secrets(d.config.Namespace).Get(ctx, d.config.SecretName, k8smeta.GetOptions{})\n\tif err != nil {\n\t\tif !k8serrors.IsNotFound(err) {\n\t\t\treturn nil, fmt.Errorf(\"failed to get kubernetes secret: %w\", err)\n\t\t}\n\n\t\tsecretPayload = &k8score.Secret{\n\t\t\tTypeMeta: k8smeta.TypeMeta{\n\t\t\t\tKind: \"Secret\",\n\t\t\t\tAPIVersion: \"v1\",\n\t\t\t},\n\t\t\tObjectMeta: k8smeta.ObjectMeta{\n\t\t\t\tName: d.config.SecretName,\n\t\t\t\tAnnotations: secretAnnotations,\n\t\t\t\tLabels: secretLabels,\n\t\t\t},\n\t\t\tType: k8score.SecretType(d.config.SecretType),\n\t\t}\n\t\tsecretPayload.Data = make(map[string][]byte)\n\t\tsecretPayload.Data[d.config.SecretDataKeyForCrt] = []byte(certPEM)\n\t\tsecretPayload.Data[d.config.SecretDataKeyForKey] = []byte(privkeyPEM)\n\n\t\tsecretPayload, err = client.CoreV1().Secrets(d.config.Namespace).Create(ctx, secretPayload, k8smeta.CreateOptions{})\n\t\td.logger.Debug(\"kubernetes operate 'Secrets.Create'\", slog.String(\"namespace\", d.config.Namespace), slog.Any(\"secret\", secretPayload))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to create kubernetes secret: %w\", err)\n\t\t} else {\n\t\t\treturn &deployer.DeployResult{}, nil\n\t\t}\n\t}\n\n\t// 更新 Secret 实例\n\tsecretPayload.Type = k8score.SecretType(d.config.SecretType)\n\tif secretPayload.ObjectMeta.Annotations == nil {\n\t\tsecretPayload.ObjectMeta.Annotations = secretAnnotations\n\t} else {\n\t\tfor k, v := range secretAnnotations {\n\t\t\tsecretPayload.ObjectMeta.Annotations[k] = v\n\t\t}\n\t}\n\tif secretPayload.ObjectMeta.Labels == nil {\n\t\tsecretPayload.ObjectMeta.Labels = secretLabels\n\t} else {\n\t\tfor k, v := range secretLabels {\n\t\t\tsecretPayload.ObjectMeta.Labels[k] = v\n\t\t}\n\t}\n\tif secretPayload.Data == nil {\n\t\tsecretPayload.Data = make(map[string][]byte)\n\t}\n\tsecretPayload.Data[d.config.SecretDataKeyForCrt] = []byte(certPEM)\n\tsecretPayload.Data[d.config.SecretDataKeyForKey] = []byte(privkeyPEM)\n\tsecretPayload, err = client.CoreV1().Secrets(d.config.Namespace).Update(ctx, secretPayload, k8smeta.UpdateOptions{})\n\td.logger.Debug(\"kubernetes operate 'Secrets.Update'\", slog.String(\"namespace\", d.config.Namespace), slog.Any(\"secret\", secretPayload))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to update kubernetes secret: %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createK8sClient(kubeConfig string) (*kubernetes.Clientset, error) {\n\tvar config *rest.Config\n\tvar err error\n\tif kubeConfig == \"\" {\n\t\tconfig, err = rest.InClusterConfig()\n\t} else {\n\t\tkubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(kubeConfig))\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tconfig, err = kubeConfig.ClientConfig()\n\t}\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient, err := kubernetes.NewForConfig(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/k8s-secret/k8s_secret_test.go",
"content": "package k8ssecret_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/k8s-secret\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfNamespace string\n\tfSecretName string\n\tfSecretDataKeyForCrt string\n\tfSecretDataKeyForKey string\n)\n\nfunc init() {\n\targsPrefix := \"K8SSECRET_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fNamespace, argsPrefix+\"NAMESPACE\", \"default\", \"\")\n\tflag.StringVar(&fSecretName, argsPrefix+\"SECRETNAME\", \"\", \"\")\n\tflag.StringVar(&fSecretDataKeyForCrt, argsPrefix+\"SECRETDATAKEYFORCRT\", \"tls.crt\", \"\")\n\tflag.StringVar(&fSecretDataKeyForKey, argsPrefix+\"SECRETDATAKEYFORKEY\", \"tls.key\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./k8s_secret_test.go -args \\\n\t--K8SSECRET_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--K8SSECRET_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--K8SSECRET_NAMESPACE=\"default\" \\\n\t--K8SSECRET_SECRETNAME=\"secret\" \\\n\t--K8SSECRET_SECRETDATAKEYFORCRT=\"tls.crt\" \\\n\t--K8SSECRET_SECRETDATAKEYFORKEY=\"tls.key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"NAMESPACE: %v\", fNamespace),\n\t\t\tfmt.Sprintf(\"SECRETNAME: %v\", fSecretName),\n\t\t\tfmt.Sprintf(\"SECRETDATAKEYFORCRT: %v\", fSecretDataKeyForCrt),\n\t\t\tfmt.Sprintf(\"SECRETDATAKEYFORKEY: %v\", fSecretDataKeyForKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tNamespace: fNamespace,\n\t\t\tSecretName: fSecretName,\n\t\t\tSecretDataKeyForCrt: fSecretDataKeyForCrt,\n\t\t\tSecretDataKeyForKey: fSecretDataKeyForKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/kong/consts.go",
"content": "package kong\n\nconst (\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/kong/kong.go",
"content": "package kong\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\n\t\"github.com/kong/go-kong/kong\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n)\n\ntype DeployerConfig struct {\n\t// Kong 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// Kong Admin API Token。\n\tApiToken string `json:\"apiToken,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 工作空间。\n\t// 选填。\n\tWorkspace string `json:\"workspace,omitempty\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *kong.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.Workspace, config.ApiToken, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == \"\" {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 更新证书\n\t// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate\n\t// REF: https://developer.konghq.com/api/gateway/admin-ee/3.10/#/operations/upsert-certificate-in-workspace\n\tupdateCertificateReq := &kong.Certificate{\n\t\tID: kong.String(d.config.CertificateId),\n\t\tCert: kong.String(certPEM),\n\t\tKey: kong.String(privkeyPEM),\n\t\tSNIs: kong.StringSlice(certX509.DNSNames...),\n\t}\n\tupdateCertificateResp, err := d.sdkClient.Certificates.Update(ctx, updateCertificateReq)\n\td.logger.Debug(\"sdk request 'kong.UpdateCertificate'\", slog.String(\"sslId\", d.config.CertificateId), slog.Any(\"request\", updateCertificateReq), slog.Any(\"response\", updateCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'kong.UpdateCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, workspace, apiToken string, skipTlsVerify bool) (*kong.Client, error) {\n\thttpClient := &http.Client{\n\t\tTransport: xhttp.NewDefaultTransport(),\n\t\tTimeout: http.DefaultClient.Timeout,\n\t}\n\tif skipTlsVerify {\n\t\ttransport := xhttp.NewDefaultTransport()\n\t\ttransport.DisableKeepAlives = true\n\t\ttransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}\n\t\thttpClient.Transport = transport\n\t} else {\n\t\thttpClient.Transport = http.DefaultTransport\n\t}\n\n\thttpHeaders := http.Header{}\n\tif apiToken != \"\" {\n\t\thttpHeaders.Set(\"Kong-Admin-Token\", apiToken)\n\t}\n\n\tclient, err := kong.NewClient(kong.String(serverUrl), kong.HTTPClientWithHeaders(httpClient, httpHeaders))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif workspace != \"\" {\n\t\tclient.SetWorkspace(workspace)\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/kong/kong_test.go",
"content": "package kong_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/kong\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiToken string\n\tfCertificateId string\n)\n\nfunc init() {\n\targsPrefix := \"KONG_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fCertificateId, argsPrefix+\"CERTIFICATEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./kong_test.go -args \\\n\t--KONG_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--KONG_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--KONG_SERVERURL=\"http://127.0.0.1:9080\" \\\n\t--KONG_APITOKEN=\"your-admin-token\" \\\n\t--KONG_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiToken: fApiToken,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ksyun-cdn/consts.go",
"content": "package ksyuncdn\n\nconst (\n\t// 资源类型:替换指定域名的证书。\n\tRESOURCE_TYPE_DOMAIN = \"domain\"\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ksyun-cdn/ksyun_cdn.go",
"content": "package ksyuncdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/KscSDK/ksc-sdk-go/ksc\"\n\tksccdnv1 \"github.com/KscSDK/ksc-sdk-go/service/cdnv1\"\n\t\"github.com/go-viper/mapstructure/v2\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 金山云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 金山云 SecretAccessKey。\n\tSecretAccessKey string `json:\"secretAccessKey\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ksccdnv1.Cdnv1\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.SecretAccessKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_DOMAIN:\n\t\tif err := d.deployToDomain(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToDomain(ctx context.Context, certPEM, privkeyPEM string) error {\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, certPEM, privkeyPEM); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == \"\" {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 更新证书\n\t// https://docs.ksyun.com/documents/259\n\tsetCertificateInput := map[string]any{\n\t\t\"CertificateId\": d.config.CertificateId,\n\t\t\"CertificateName\": fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli()),\n\t\t\"ServerCertificate\": certPEM,\n\t\t\"PrivateKey\": privkeyPEM,\n\t}\n\tsetCertificateReq, setCertificateOutput := d.sdkClient.SetCertificatePostRequest(&setCertificateInput)\n\tsetCertificateErr := setCertificateReq.Send()\n\td.logger.Debug(\"sdk request 'cdn.SetCertificate'\", slog.Any(\"request\", setCertificateInput), slog.Any(\"response\", setCertificateOutput))\n\tif setCertificateErr != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.SetCertificate': %w\", setCertificateErr)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// https://docs.ksyun.com/documents/198\n\tgetCdnDomainsPageNumber := 1\n\tgetCdnDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetCdnDomainsInput := map[string]any{\n\t\t\t\"PageNumber\": getCdnDomainsPageNumber,\n\t\t\t\"PageSize\": getCdnDomainsPageSize,\n\t\t}\n\t\tgetCdnDomainsReq, getCdnDomainsOutput := d.sdkClient.GetCdnDomainsPostRequest(&getCdnDomainsInput)\n\t\tgetCdnDomainsErr := getCdnDomainsReq.Send()\n\t\td.logger.Debug(\"sdk request 'cdn.GetCdnDomains'\", slog.Any(\"request\", getCdnDomainsInput), slog.Any(\"response\", getCdnDomainsOutput))\n\t\tif getCdnDomainsErr != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.GetCdnDomains': %w\", getCdnDomainsErr)\n\t\t}\n\n\t\ttype GetCdnDomainsResponse struct {\n\t\t\tPageNumber int32 `json:\"PageNumber\"`\n\t\t\tPageSize int32 `json:\"PageSize\"`\n\t\t\tTotalCount int32 `json:\"TotalCount\"`\n\t\t\tDomains []*struct {\n\t\t\t\tDomainId string `json:\"DomainId\"`\n\t\t\t\tDomainName string `json:\"DomainName\"`\n\t\t\t\tCname string `json:\"Cname\"`\n\t\t\t\tCdnType string `json:\"CdnType\"`\n\t\t\t\tCreatedTime string `json:\"CreatedTime\"`\n\t\t\t\tModifiedTime string `json:\"ModifiedTime\"`\n\t\t\t\tRegion string `json:\"Region\"`\n\t\t\t} `json:\"Domains\"`\n\t\t}\n\t\tvar getCdnDomainsResp *GetCdnDomainsResponse\n\t\tmapstructure.Decode(getCdnDomainsOutput, &getCdnDomainsResp)\n\t\tif getCdnDomainsResp == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range getCdnDomainsResp.Domains {\n\t\t\tdomains = append(domains, domainItem.DomainName)\n\t\t}\n\n\t\tif len(getCdnDomainsResp.Domains) < getCdnDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tgetCdnDomainsPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) findDomainIdByDomain(ctx context.Context, domain string) (string, error) {\n\t// 查询域名列表\n\t// https://docs.ksyun.com/documents/198\n\tgetCdnDomainsPageNumber := 1\n\tgetCdnDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn \"\", ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetCdnDomainsInput := map[string]any{\n\t\t\t\"PageNumber\": getCdnDomainsPageNumber,\n\t\t\t\"PageSize\": getCdnDomainsPageSize,\n\t\t\t\"DomainName\": domain,\n\t\t\t\"FuzzyMatch\": \"off\",\n\t\t}\n\t\tgetCdnDomainsReq, getCdnDomainsOutput := d.sdkClient.GetCdnDomainsPostRequest(&getCdnDomainsInput)\n\t\tgetCdnDomainsErr := getCdnDomainsReq.Send()\n\t\td.logger.Debug(\"sdk request 'cdn.GetCdnDomains'\", slog.Any(\"request\", getCdnDomainsInput), slog.Any(\"response\", getCdnDomainsOutput))\n\t\tif getCdnDomainsErr != nil {\n\t\t\treturn \"\", fmt.Errorf(\"failed to execute sdk request 'cdn.GetCdnDomains': %w\", getCdnDomainsErr)\n\t\t}\n\n\t\ttype GetCdnDomainsResponse struct {\n\t\t\tPageNumber int32 `json:\"PageNumber\"`\n\t\t\tPageSize int32 `json:\"PageSize\"`\n\t\t\tTotalCount int32 `json:\"TotalCount\"`\n\t\t\tDomains []*struct {\n\t\t\t\tDomainId string `json:\"DomainId\"`\n\t\t\t\tDomainName string `json:\"DomainName\"`\n\t\t\t\tCname string `json:\"Cname\"`\n\t\t\t\tCdnType string `json:\"CdnType\"`\n\t\t\t\tCreatedTime string `json:\"CreatedTime\"`\n\t\t\t\tModifiedTime string `json:\"ModifiedTime\"`\n\t\t\t\tRegion string `json:\"Region\"`\n\t\t\t} `json:\"Domains\"`\n\t\t}\n\t\tvar getCdnDomainsResp *GetCdnDomainsResponse\n\t\tmapstructure.Decode(getCdnDomainsOutput, &getCdnDomainsResp)\n\t\tif getCdnDomainsResp == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range getCdnDomainsResp.Domains {\n\t\t\tif strings.EqualFold(domainItem.DomainName, domain) {\n\t\t\t\treturn domainItem.DomainId, nil\n\t\t\t}\n\t\t}\n\n\t\tif len(getCdnDomainsResp.Domains) < getCdnDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tgetCdnDomainsPageNumber++\n\t}\n\n\treturn \"\", fmt.Errorf(\"could not find domain '%s'\", domain)\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, certPEM, privkeyPEM string) error {\n\t// 获取域名 ID\n\tdomainId, err := d.findDomainIdByDomain(ctx, domain)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 为加速域名配置证书接口\n\t// https://docs.ksyun.com/documents/261\n\tconfigCertificateInput := map[string]any{\n\t\t\"Enable\": \"on\",\n\t\t\"DomainIds\": domainId,\n\t\t\"CertificateName\": fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli()),\n\t\t\"ServerCertificate\": certPEM,\n\t\t\"PrivateKey\": privkeyPEM,\n\t}\n\tconfigCertificateReq, configCertificateOutput := d.sdkClient.ConfigCertificatePostRequest(&configCertificateInput)\n\tconfigCertificateErr := configCertificateReq.Send()\n\td.logger.Debug(\"sdk request 'cdn.ConfigCertificate'\", slog.Any(\"request\", configCertificateInput), slog.Any(\"response\", configCertificateOutput))\n\tif configCertificateErr != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.ConfigCertificate': %w\", configCertificateErr)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, secretAccessKey string) (*ksccdnv1.Cdnv1, error) {\n\tregion := \"cn-beijing-6\"\n\tclient := ksccdnv1.SdkNew(ksc.NewClient(accessKeyId, secretAccessKey), &ksc.Config{Region: ®ion})\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ksyun-cdn/ksyun_cdn_test.go",
"content": "package ksyuncdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ksyun-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfSecretAccessKey string\n\tfDomain string\n\tfCertificateId string\n)\n\nfunc init() {\n\targsPrefix := \"KSYUNCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fSecretAccessKey, argsPrefix+\"SECRETACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n\tflag.StringVar(&fCertificateId, argsPrefix+\"CERTIFICATEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ksyun_cdn_test.go -args \\\n\t--KSYUNCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--KSYUNCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--KSYUNCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--KSYUNCDN_SECRETACCESSKEY=\"your-secret-access-key\" \\\n\t--KSYUNCDN_DOMAIN=\"example.com\" \\\n\t--KSYUNCDN_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"SECRETACCESSKEY: %v\", fSecretAccessKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tSecretAccessKey: fSecretAccessKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/lecdn/consts.go",
"content": "package lecdn\n\nconst (\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/lecdn/lecdn.go",
"content": "package lecdn\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tleclientsdkv3 \"github.com/certimate-go/certimate/pkg/sdk3rd/lecdn/v3/client\"\n\tlemastersdkv3 \"github.com/certimate-go/certimate/pkg/sdk3rd/lecdn/v3/master\"\n)\n\ntype DeployerConfig struct {\n\t// LeCDN 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// LeCDN 版本。\n\t// 可取值 \"v3\"。\n\tApiVersion string `json:\"apiVersion\"`\n\t// LeCDN 用户角色。\n\t// 可取值 \"client\"、\"master\"。\n\tApiRole string `json:\"apiRole\"`\n\t// LeCDN 用户名。\n\tUsername string `json:\"username\"`\n\t// LeCDN 用户密码。\n\tPassword string `json:\"password\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n\t// 客户 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时选填。\n\tClientId int64 `json:\"clientId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient any\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiVersion, config.ApiRole, config.Username, config.Password, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == 0 {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 修改证书\n\t// REF: https://wdk0pwf8ul.feishu.cn/wiki/YE1XwCRIHiLYeKkPupgcXrlgnDd\n\tswitch sdkClient := d.sdkClient.(type) {\n\tcase *leclientsdkv3.Client:\n\t\t{\n\t\t\tupdateSSLCertReq := &leclientsdkv3.UpdateCertificateRequest{\n\t\t\t\tName: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\t\t\tDescription: \"upload from certimate\",\n\t\t\t\tType: \"upload\",\n\t\t\t\tSSLPEM: certPEM,\n\t\t\t\tSSLKey: privkeyPEM,\n\t\t\t\tAutoRenewal: false,\n\t\t\t}\n\t\t\tupdateSSLCertResp, err := sdkClient.UpdateCertificateWithContext(ctx, d.config.CertificateId, updateSSLCertReq)\n\t\t\td.logger.Debug(\"sdk request 'lecdn.UpdateCertificate'\", slog.Int64(\"certId\", d.config.CertificateId), slog.Any(\"request\", updateSSLCertReq), slog.Any(\"response\", updateSSLCertResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'lecdn.UpdateCertificate': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase *lemastersdkv3.Client:\n\t\t{\n\t\t\tupdateSSLCertReq := &lemastersdkv3.UpdateCertificateRequest{\n\t\t\t\tClientId: d.config.ClientId,\n\t\t\t\tName: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\t\t\tDescription: \"upload from certimate\",\n\t\t\t\tType: \"upload\",\n\t\t\t\tSSLPEM: certPEM,\n\t\t\t\tSSLKey: privkeyPEM,\n\t\t\t\tAutoRenewal: false,\n\t\t\t}\n\t\t\tupdateSSLCertResp, err := sdkClient.UpdateCertificateWithContext(ctx, d.config.CertificateId, updateSSLCertReq)\n\t\t\td.logger.Debug(\"sdk request 'lecdn.UpdateCertificate'\", slog.Int64(\"certId\", d.config.CertificateId), slog.Any(\"request\", updateSSLCertReq), slog.Any(\"response\", updateSSLCertResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'lecdn.UpdateCertificate': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\tpanic(\"unreachable\")\n\t}\n\n\treturn nil\n}\n\nconst (\n\tsdkVersionV3 = \"v3\"\n\n\tsdkRoleClient = \"client\"\n\tsdkRoleMaster = \"master\"\n)\n\nfunc createSDKClient(serverUrl, apiVersion, apiRole, username, password string, skipTlsVerify bool) (any, error) {\n\tif apiVersion == sdkVersionV3 && apiRole == sdkRoleClient {\n\t\t// v3 版客户端\n\t\tclient, err := leclientsdkv3.NewClient(serverUrl, username, password)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t} else if apiVersion == sdkVersionV3 && apiRole == sdkRoleMaster {\n\t\t// v3 版主控端\n\t\tclient, err := lemastersdkv3.NewClient(serverUrl, username, password)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tif skipTlsVerify {\n\t\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t\t}\n\n\t\treturn client, nil\n\t}\n\n\treturn nil, errors.New(\"lecdn: invalid api version or user role\")\n}\n"
},
{
"path": "pkg/core/deployer/providers/lecdn/lecdn_test.go",
"content": "package lecdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/lecdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiVersion string\n\tfUsername string\n\tfPassword string\n\tfCertificateId int64\n)\n\nfunc init() {\n\targsPrefix := \"LECDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiVersion, argsPrefix+\"APIVERSION\", \"v3\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n\tflag.Int64Var(&fCertificateId, argsPrefix+\"CERTIFICATEID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./lecdn_test.go -args \\\n\t--LECDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--LECDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--LECDN_SERVERURL=\"http://127.0.0.1:5090\" \\\n\t--LECDN_USERNAME=\"your-username\" \\\n\t--LECDN_PASSWORD=\"your-password\" \\\n\t--LECDN_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToCertificate\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APIVERSION: %v\", fApiVersion),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiVersion: fApiVersion,\n\t\t\tApiRole: \"user\",\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/local/consts.go",
"content": "package local\n\nimport (\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\nconst (\n\tSHELL_ENV_SH = \"sh\"\n\tSHELL_ENV_CMD = \"cmd\"\n\tSHELL_ENV_POWERSHELL = \"powershell\"\n)\n\nconst (\n\tOUTPUT_FORMAT_PEM = string(domain.CertificateFormatTypePEM)\n\tOUTPUT_FORMAT_PFX = string(domain.CertificateFormatTypePFX)\n\tOUTPUT_FORMAT_JKS = string(domain.CertificateFormatTypeJKS)\n)\n"
},
{
"path": "pkg/core/deployer/providers/local/local.go",
"content": "package local\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"os/exec\"\n\t\"runtime\"\n\t\"strings\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txfile \"github.com/certimate-go/certimate/pkg/utils/file\"\n)\n\ntype DeployerConfig struct {\n\t// Shell 执行环境。\n\t// 零值时根据操作系统决定。\n\tShellEnv string `json:\"shellEnv,omitempty\"`\n\t// 前置命令。\n\tPreCommand string `json:\"preCommand,omitempty\"`\n\t// 后置命令。\n\tPostCommand string `json:\"postCommand,omitempty\"`\n\t// 输出证书格式。\n\tOutputFormat string `json:\"outputFormat,omitempty\"`\n\t// 输出证书文件路径。\n\tOutputCertPath string `json:\"outputCertPath,omitempty\"`\n\t// 输出服务器证书文件路径。\n\t// 选填。\n\tOutputServerCertPath string `json:\"outputServerCertPath,omitempty\"`\n\t// 输出中间证书文件路径。\n\t// 选填。\n\tOutputIntermediaCertPath string `json:\"outputIntermediaCertPath,omitempty\"`\n\t// 输出私钥文件路径。\n\tOutputKeyPath string `json:\"outputKeyPath,omitempty\"`\n\t// PFX 导出密码。\n\t// 证书格式为 PFX 时必填。\n\tPfxPassword string `json:\"pfxPassword,omitempty\"`\n\t// JKS 别名。\n\t// 证书格式为 JKS 时必填。\n\tJksAlias string `json:\"jksAlias,omitempty\"`\n\t// JKS 密钥密码。\n\t// 证书格式为 JKS 时必填。\n\tJksKeypass string `json:\"jksKeypass,omitempty\"`\n\t// JKS 存储密码。\n\t// 证书格式为 JKS 时必填。\n\tJksStorepass string `json:\"jksStorepass,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 执行前置命令\n\tif d.config.PreCommand != \"\" {\n\t\tcommand := d.config.PreCommand\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_PATH}\", d.config.OutputCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_SERVER_PATH}\", d.config.OutputServerCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_INTERMEDIA_PATH}\", d.config.OutputIntermediaCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PRIVATEKEY_PATH}\", d.config.OutputKeyPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PFX_PASSWORD}\", d.config.PfxPassword)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_ALIAS}\", d.config.JksAlias)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_KEYPASS}\", d.config.JksKeypass)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_STOREPASS}\", d.config.JksStorepass)\n\n\t\tstdout, stderr, err := execCommand(d.config.ShellEnv, command)\n\t\td.logger.Debug(\"run pre-command\", slog.String(\"stdout\", stdout), slog.String(\"stderr\", stderr))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute pre-command (stdout: %s, stderr: %s): %w \", stdout, stderr, err)\n\t\t}\n\t}\n\n\t// 写入证书和私钥文件\n\tswitch d.config.OutputFormat {\n\tcase OUTPUT_FORMAT_PEM:\n\t\t{\n\t\t\tif err := xfile.WriteString(d.config.OutputCertPath, certPEM); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to save certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file saved\", slog.String(\"path\", d.config.OutputCertPath))\n\n\t\t\tif d.config.OutputServerCertPath != \"\" {\n\t\t\t\tif err := xfile.WriteString(d.config.OutputServerCertPath, serverCertPEM); err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to save server certificate file: %w\", err)\n\t\t\t\t}\n\t\t\t\td.logger.Info(\"ssl server certificate file saved\", slog.String(\"path\", d.config.OutputServerCertPath))\n\t\t\t}\n\n\t\t\tif d.config.OutputIntermediaCertPath != \"\" {\n\t\t\t\tif err := xfile.WriteString(d.config.OutputIntermediaCertPath, intermediaCertPEM); err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to save intermedia certificate file: %w\", err)\n\t\t\t\t}\n\t\t\t\td.logger.Info(\"ssl intermedia certificate file saved\", slog.String(\"path\", d.config.OutputIntermediaCertPath))\n\t\t\t}\n\n\t\t\tif err := xfile.WriteString(d.config.OutputKeyPath, privkeyPEM); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to save private key file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl private key file saved\", slog.String(\"path\", d.config.OutputKeyPath))\n\t\t}\n\n\tcase OUTPUT_FORMAT_PFX:\n\t\t{\n\t\t\tpfxData, err := xcert.TransformCertificateFromPEMToPFX(certPEM, privkeyPEM, d.config.PfxPassword)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to transform certificate to PFX: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate transformed to pfx\")\n\n\t\t\tif err := xfile.Write(d.config.OutputCertPath, pfxData); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to save certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file saved\", slog.String(\"path\", d.config.OutputCertPath))\n\t\t}\n\n\tcase OUTPUT_FORMAT_JKS:\n\t\t{\n\t\t\tjksData, err := xcert.TransformCertificateFromPEMToJKS(certPEM, privkeyPEM, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to transform certificate to JKS: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate transformed to jks\")\n\n\t\t\tif err := xfile.Write(d.config.OutputCertPath, jksData); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to save certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file saved\", slog.String(\"path\", d.config.OutputCertPath))\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported output format '%s'\", d.config.OutputFormat)\n\t}\n\n\t// 执行后置命令\n\tif d.config.PostCommand != \"\" {\n\t\tcommand := d.config.PostCommand\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_PATH}\", d.config.OutputCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_SERVER_PATH}\", d.config.OutputServerCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_INTERMEDIA_PATH}\", d.config.OutputIntermediaCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PRIVATEKEY_PATH}\", d.config.OutputKeyPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PFX_PASSWORD}\", d.config.PfxPassword)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_ALIAS}\", d.config.JksAlias)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_KEYPASS}\", d.config.JksKeypass)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_STOREPASS}\", d.config.JksStorepass)\n\n\t\tstdout, stderr, err := execCommand(d.config.ShellEnv, command)\n\t\td.logger.Debug(\"run post-command\", slog.String(\"stdout\", stdout), slog.String(\"stderr\", stderr))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute post-command (stdout: %s, stderr: %s): %w \", stdout, stderr, err)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc execCommand(shellEnv string, command string) (string, string, error) {\n\tvar cmd *exec.Cmd\n\n\tswitch shellEnv {\n\tcase \"\":\n\t\tif runtime.GOOS == \"windows\" {\n\t\t\tcmd = exec.Command(\"cmd\", \"/C\", command)\n\t\t} else {\n\t\t\tcmd = exec.Command(\"sh\", \"-c\", command)\n\t\t}\n\n\tcase SHELL_ENV_SH:\n\t\tcmd = exec.Command(\"sh\", \"-c\", command)\n\n\tcase SHELL_ENV_CMD:\n\t\tcmd = exec.Command(\"cmd\", \"/C\", command)\n\n\tcase SHELL_ENV_POWERSHELL:\n\t\tcmd = exec.Command(\"powershell\", \"-Command\", command)\n\n\tdefault:\n\t\treturn \"\", \"\", fmt.Errorf(\"unsupported shell env '%s'\", shellEnv)\n\t}\n\n\tstdoutBuf := bytes.NewBuffer(nil)\n\tcmd.Stdout = stdoutBuf\n\tstderrBuf := bytes.NewBuffer(nil)\n\tcmd.Stderr = stderrBuf\n\terr := cmd.Run()\n\tif err != nil {\n\t\treturn stdoutBuf.String(), stderrBuf.String(), fmt.Errorf(\"failed to execute command: %w\", err)\n\t}\n\n\treturn stdoutBuf.String(), stderrBuf.String(), nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/local/local_test.go",
"content": "package local_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/local\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfOutputCertPath string\n\tfOutputKeyPath string\n\tfPfxPassword string\n\tfJksAlias string\n\tfJksKeypass string\n\tfJksStorepass string\n\tfShellEnv string\n\tfPreCommand string\n\tfPostCommand string\n)\n\nfunc init() {\n\targsPrefix := \"LOCAL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fOutputCertPath, argsPrefix+\"OUTPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fOutputKeyPath, argsPrefix+\"OUTPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPfxPassword, argsPrefix+\"PFXPASSWORD\", \"\", \"\")\n\tflag.StringVar(&fJksAlias, argsPrefix+\"JKSALIAS\", \"\", \"\")\n\tflag.StringVar(&fJksKeypass, argsPrefix+\"JKSKEYPASS\", \"\", \"\")\n\tflag.StringVar(&fJksStorepass, argsPrefix+\"JKSSTOREPASS\", \"\", \"\")\n\tflag.StringVar(&fShellEnv, argsPrefix+\"SHELLENV\", \"\", \"\")\n\tflag.StringVar(&fPreCommand, argsPrefix+\"PRECOMMAND\", \"\", \"\")\n\tflag.StringVar(&fPostCommand, argsPrefix+\"POSTCOMMAND\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./local_test.go -args \\\n\t--LOCAL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--LOCAL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--LOCAL_OUTPUTCERTPATH=\"/path/to/your-output-cert\" \\\n\t--LOCAL_OUTPUTKEYPATH=\"/path/to/your-output-key\" \\\n\t--LOCAL_PFXPASSWORD=\"your-pfx-password\" \\\n\t--LOCAL_JKSALIAS=\"your-jks-alias\" \\\n\t--LOCAL_JKSKEYPASS=\"your-jks-keypass\" \\\n\t--LOCAL_JKSSTOREPASS=\"your-jks-storepass\" \\\n\t--LOCAL_SHELLENV=\"sh\" \\\n\t--LOCAL_PRECOMMAND=\"echo 'hello world'\" \\\n\t--LOCAL_POSTCOMMAND=\"echo 'bye-bye world'\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_PEM\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"OUTPUTCERTPATH: %v\", fOutputCertPath),\n\t\t\tfmt.Sprintf(\"OUTPUTKEYPATH: %v\", fOutputKeyPath),\n\t\t\tfmt.Sprintf(\"SHELLENV: %v\", fShellEnv),\n\t\t\tfmt.Sprintf(\"PRECOMMAND: %v\", fPreCommand),\n\t\t\tfmt.Sprintf(\"POSTCOMMAND: %v\", fPostCommand),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tOutputFormat: provider.OUTPUT_FORMAT_PEM,\n\t\t\tOutputCertPath: fOutputCertPath + \".pem\",\n\t\t\tOutputKeyPath: fOutputKeyPath + \".pem\",\n\t\t\tShellEnv: fShellEnv,\n\t\t\tPreCommand: fPreCommand,\n\t\t\tPostCommand: fPostCommand,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfstat1, err := os.Stat(fOutputCertPath + \".pem\")\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t} else if fstat1.Size() == 0 {\n\t\t\tt.Errorf(\"err: empty output certificate file\")\n\t\t\treturn\n\t\t}\n\n\t\tfstat2, err := os.Stat(fOutputKeyPath + \".pem\")\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t} else if fstat2.Size() == 0 {\n\t\t\tt.Errorf(\"err: empty output private key file\")\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_PFX\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"OUTPUTCERTPATH: %v\", fOutputCertPath),\n\t\t\tfmt.Sprintf(\"PFXPASSWORD: %v\", fPfxPassword),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tOutputFormat: provider.OUTPUT_FORMAT_PFX,\n\t\t\tOutputCertPath: fOutputCertPath + \".pfx\",\n\t\t\tPfxPassword: fPfxPassword,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfstat, err := os.Stat(fOutputCertPath + \".pfx\")\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t} else if fstat.Size() == 0 {\n\t\t\tt.Errorf(\"err: empty output certificate file\")\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_JKS\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"OUTPUTCERTPATH: %v\", fOutputCertPath),\n\t\t\tfmt.Sprintf(\"JKSALIAS: %v\", fJksAlias),\n\t\t\tfmt.Sprintf(\"JKSKEYPASS: %v\", fJksKeypass),\n\t\t\tfmt.Sprintf(\"JKSSTOREPASS: %v\", fJksStorepass),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tOutputFormat: provider.OUTPUT_FORMAT_JKS,\n\t\t\tOutputCertPath: fOutputCertPath + \".jks\",\n\t\t\tJksAlias: fJksAlias,\n\t\t\tJksKeypass: fJksKeypass,\n\t\t\tJksStorepass: fJksStorepass,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfstat, err := os.Stat(fOutputCertPath + \".jks\")\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t} else if fstat.Size() == 0 {\n\t\t\tt.Errorf(\"err: empty output certificate file\")\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/mohua-mvh/mohua_mvh.go",
"content": "package mohuamvh\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\n\tmohuasdk \"github.com/mohuatech/mohuacloud-go-sdk\"\n\tmohuasdktypes \"github.com/mohuatech/mohuacloud-go-sdk/types\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 嘿华云账号。\n\tUsername string `json:\"username\"`\n\t// 嘿华云 API 密钥。\n\tApiPassword string `json:\"apiPassword\"`\n\t// 虚拟主机 ID。\n\tHostId string `json:\"hostId\"`\n\t// 域名 ID。\n\tDomainId string `json:\"domainId\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *mohuasdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.Username, config.ApiPassword)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.HostId == \"\" {\n\t\treturn nil, errors.New(\"config `hostId` is required\")\n\t}\n\tif d.config.DomainId == \"\" {\n\t\treturn nil, errors.New(\"config `domainId` is required\")\n\t}\n\n\tdomainId, err := strconv.ParseInt(d.config.DomainId, 10, 64)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 登录获取 Token\n\t_, err = d.sdkClient.Auth.Login(\"\", \"\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to login mohua: %w\", err)\n\t}\n\n\t// 设置 SSL 证书\n\tsetSSLReq := &mohuasdktypes.SetSSLRequest{\n\t\tID: int(domainId),\n\t\tSSLCert: certPEM,\n\t\tSSLKey: privkeyPEM,\n\t}\n\tsetSSLResp, err := d.sdkClient.VirtualHost.SetSSL(d.config.HostId, setSSLReq)\n\td.logger.Debug(\"sdk request 'mvh.SetSSL'\", slog.Any(\"request\", setSSLReq), slog.Any(\"response\", setSSLResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'mvh.SetSSL': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(username, apiPassword string) (*mohuasdk.Client, error) {\n\tif username == \"\" {\n\t\treturn nil, errors.New(\"mohua: invalid username\")\n\t}\n\tif apiPassword == \"\" {\n\t\treturn nil, errors.New(\"mohua: invalid api password\")\n\t}\n\n\tclient := mohuasdk.NewClient(\n\t\tmohuasdk.WithCredentials(username, apiPassword),\n\t)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/mohua-mvh/mohua_mvh_test.go",
"content": "package mohuamvh_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/mohua-mvh\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfUsername string\n\tfApiPassword string\n\tfHostID string\n\tfDomainID string\n)\n\nfunc init() {\n\targsPrefix := \"MOHUAMVH_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fApiPassword, argsPrefix+\"APIPASSWORD\", \"\", \"\")\n\tflag.StringVar(&fHostID, argsPrefix+\"HOSTID\", \"\", \"\")\n\tflag.StringVar(&fDomainID, argsPrefix+\"DOMAINID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./mohuamvh_test.go -args \\\n\t--MOHUAMVH_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--MOHUAMVH_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--MOHUAMVH_USERNAME=\"your-username\" \\\n\t--MOHUAMVH_APIPASSWORD=\"your-api-password\" \\\n\t--MOHUAMVH_HOSTID=\"your-virtual-host-id\" \\\n\t--MOHUAMVH_DOMAINID=\"your-domain-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"APIPASSWORD: %v\", fApiPassword),\n\t\t\tfmt.Sprintf(\"HOSTID: %v\", fHostID),\n\t\t\tfmt.Sprintf(\"DOMAINID: %v\", fDomainID),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tUsername: fUsername,\n\t\t\tApiPassword: fApiPassword,\n\t\t\tHostId: fHostID,\n\t\t\tDomainId: fDomainID,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/netlify/consts.go",
"content": "package netlify\n\nconst (\n\t// 资源类型:替换指定网站的证书。\n\tRESOURCE_TYPE_WEBSITE = \"website\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/netlify/netlify.go",
"content": "package netlify\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tnetlifysdk \"github.com/certimate-go/certimate/pkg/sdk3rd/netlify\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// netlify API Token。\n\tApiToken string `json:\"apiToken\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// netlify 网站 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。\n\tSiteId string `json:\"siteId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *netlifysdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiToken)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_WEBSITE:\n\t\tif err := d.deployToWebsite(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToWebsite(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.SiteId == \"\" {\n\t\treturn errors.New(\"config `siteId` is required\")\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 上传网站证书\n\t// REF: https://open-api.netlify.com/#tag/sniCertificate/operation/provisionSiteTLSCertificate\n\tprovisionSiteTLSCertificateReq := &netlifysdk.ProvisionSiteTLSCertificateParams{\n\t\tCertificate: serverCertPEM,\n\t\tCACertificates: intermediaCertPEM,\n\t\tKey: privkeyPEM,\n\t}\n\tprovisionSiteTLSCertificateResp, err := d.sdkClient.ProvisionSiteTLSCertificateWithContext(ctx, d.config.SiteId, provisionSiteTLSCertificateReq)\n\td.logger.Debug(\"sdk request 'netlify.provisionSiteTLSCertificate'\", slog.String(\"siteId\", d.config.SiteId), slog.Any(\"request\", provisionSiteTLSCertificateReq), slog.Any(\"response\", provisionSiteTLSCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'netlify.provisionSiteTLSCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(apiToken string) (*netlifysdk.Client, error) {\n\treturn netlifysdk.NewClient(apiToken)\n}\n"
},
{
"path": "pkg/core/deployer/providers/netlify/netlify_test.go",
"content": "package netlify_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/netlify\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiToken string\n\tfSiteId string\n)\n\nfunc init() {\n\targsPrefix := \"NETLIFY_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fSiteId, argsPrefix+\"SITEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./netlify_test.go -args \\\n\t--NETLIFY_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--NETLIFY_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--NETLIFY_APITOKEN=\"your-api-token\" \\\n\t--NETLIFY_SITEID=\"your-site-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"SITEID: %v\", fSiteId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiToken: fApiToken,\n\t\t\tResourceType: provider.RESOURCE_TYPE_WEBSITE,\n\t\t\tSiteId: fSiteId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/nginxproxymanager/consts.go",
"content": "package nginxproxymanager\n\nconst (\n\tAUTH_METHOD_PASSWORD = \"password\"\n\tAUTH_METHOD_TOKEN = \"token\"\n)\n\nconst (\n\t// 资源类型:替换指定主机的证书。\n\tRESOURCE_TYPE_HOST = \"host\"\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n\nconst (\n\t// 匹配模式:指定 ID。\n\tHOST_MATCH_PATTERN_SPECIFIED = \"specified\"\n\t// 匹配模式:证书 SAN 匹配。\n\tHOST_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n\nconst (\n\tHOST_TYPE_PROXY = \"proxy\"\n\tHOST_TYPE_REDIRECTION = \"redirection\"\n\tHOST_TYPE_STREAM = \"stream\"\n\tHOST_TYPE_DEAD = \"dead\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/nginxproxymanager/nginxproxymanager.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/nginxproxymanager\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tnpmsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/nginxproxymanager\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// NPM 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// NPM API 认证方式。\n\t// 可取值 \"password\"、\"token\"。\n\t// 零值时默认值 [AUTH_METHOD_PASSWORD]。\n\tAuthMethod string `json:\"authMethod,omitempty\"`\n\t// NPM 用户名。\n\tUsername string `json:\"username,omitempty\"`\n\t// NPM 密码。\n\tPassword string `json:\"password,omitempty\"`\n\t// NPM API Token。\n\tApiToken string `json:\"apiToken,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [HOST_MATCH_PATTERN_SPECIFIED]。\n\tHostMatchPattern string `json:\"hostMatchPattern,omitempty\"`\n\t// 主机类型。\n\t// 部署资源类型为 [RESOURCE_TYPE_HOST] 时必填。\n\tHostType string `json:\"hostType,omitempty\"`\n\t// 主机 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_HOST]、且匹配模式非 [HOST_MATCH_PATTERN_CERTSAN] 时必填。\n\tHostId int64 `json:\"hostId,omitempty\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *npmsdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.AuthMethod, config.Username, config.Password, config.ApiToken, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tServerUrl: config.ServerUrl,\n\t\tAuthMethod: config.AuthMethod,\n\t\tUsername: config.Username,\n\t\tPassword: config.Password,\n\t\tApiToken: config.ApiToken,\n\t\tAllowInsecureConnections: config.AllowInsecureConnections,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_HOST:\n\t\tif err := d.deployToHost(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToHost(ctx context.Context, certPEM, privkeyPEM string) error {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的主机列表\n\tvar hostIds []int64\n\tswitch d.config.HostMatchPattern {\n\tcase \"\", HOST_MATCH_PATTERN_SPECIFIED:\n\t\t{\n\t\t\tif d.config.HostId == 0 {\n\t\t\t\treturn errors.New(\"config `hostId` is required\")\n\t\t\t}\n\n\t\t\thostIds = []int64{d.config.HostId}\n\t\t}\n\n\tcase HOST_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\thostCandidates, err := d.getAllHosts(ctx, d.config.HostType)\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\n\t\t\thostIds = lo.Map(\n\t\t\t\tlo.Filter(hostCandidates, func(hostItem *npmsdk.HostRecord, _ int) bool {\n\t\t\t\t\treturn len(hostItem.DomainNames) > 0 &&\n\t\t\t\t\t\tlo.EveryBy(hostItem.DomainNames, func(domain string) bool {\n\t\t\t\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t\t\t\t})\n\t\t\t\t}),\n\t\t\t\tfunc(hostItem *npmsdk.HostRecord, _ int) int64 {\n\t\t\t\t\treturn hostItem.Id\n\t\t\t\t},\n\t\t\t)\n\t\t\tif len(hostIds) == 0 {\n\t\t\t\treturn errors.New(\"could not find any hosts matched by certificate\")\n\t\t\t}\n\n\t\t\t// 跳过已部署过的主机\n\t\t\thostIds = lo.Filter(hostIds, func(hostId int64, _ int) bool {\n\t\t\t\thostInfo, _ := lo.Find(hostCandidates, func(hostItem *npmsdk.HostRecord) bool {\n\t\t\t\t\treturn hostId == hostItem.Id\n\t\t\t\t})\n\t\t\t\tif hostInfo != nil {\n\t\t\t\t\treturn strconv.FormatInt(hostInfo.CertificateId, 10) != upres.CertId\n\t\t\t\t}\n\n\t\t\t\treturn true\n\t\t\t})\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported host match pattern: '%s'\", d.config.HostMatchPattern)\n\t}\n\n\t// 遍历更新主机证书\n\tif len(hostIds) == 0 {\n\t\td.logger.Info(\"no hosts to deploy\")\n\t} else {\n\t\td.logger.Info(\"found hosts to deploy\", slog.Any(\"hostIds\", hostIds))\n\t\tvar errs []error\n\n\t\tcertId, _ := strconv.ParseInt(upres.CertId, 10, 64)\n\t\tfor i, hostId := range hostIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateHostCertificate(ctx, d.config.HostType, hostId, certId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t\tif i < len(hostIds)-1 {\n\t\t\t\t\txwait.DelayWithContext(ctx, time.Second*5)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == 0 {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 替换证书\n\topres, err := d.sdkCertmgr.Replace(ctx, strconv.FormatInt(d.config.CertificateId, 10), certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t}\n\n\t// 获取默认站点\n\tsettingsGetDefaultSiteReq := &npmsdk.SettingsGetDefaultSiteRequest{}\n\tsettingsGetDefaultSiteResp, err := d.sdkClient.SettingsGetDefaultSiteWithContext(ctx, settingsGetDefaultSiteReq)\n\td.logger.Debug(\"sdk request 'settings.GetDefaultSite'\", slog.Any(\"request\", settingsGetDefaultSiteReq), slog.Any(\"response\", settingsGetDefaultSiteResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'settings.GetDefaultSite': %w\", err)\n\t}\n\n\t// 更新默认站点,以触发 nginx 重启\n\tsettingsSetDefaultSiteReq := &npmsdk.SettingsSetDefaultSiteRequest{\n\t\tValue: settingsGetDefaultSiteResp.Value,\n\t}\n\tsettingsSetDefaultSiteResp, err := d.sdkClient.SettingsSetDefaultSiteWithContext(ctx, settingsSetDefaultSiteReq)\n\td.logger.Debug(\"sdk request 'settings.SetDefaultSite'\", slog.Any(\"request\", settingsSetDefaultSiteReq), slog.Any(\"response\", settingsSetDefaultSiteResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'settings.SetDefaultSite': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) getAllHosts(ctx context.Context, cloudHostType string) ([]*npmsdk.HostRecord, error) {\n\tvar hosts []*npmsdk.HostRecord\n\tswitch cloudHostType {\n\tcase HOST_TYPE_PROXY:\n\t\t{\n\t\t\tnginxListProxyHostsReq := &npmsdk.NginxListProxyHostsRequest{}\n\t\t\tnginxListProxyHostsResp, err := d.sdkClient.NginxListProxyHostsWithContext(ctx, nginxListProxyHostsReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.ListProxyHosts'\", slog.Any(\"request\", nginxListProxyHostsReq), slog.Any(\"response\", nginxListProxyHostsResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.ListProxyHosts': %w\", err)\n\t\t\t}\n\n\t\t\thosts = make([]*npmsdk.HostRecord, 0, len(*nginxListProxyHostsResp))\n\t\t\tfor _, hostItem := range *nginxListProxyHostsResp {\n\t\t\t\thosts = append(hosts, &hostItem.HostRecord)\n\t\t\t}\n\t\t}\n\n\tcase HOST_TYPE_REDIRECTION:\n\t\t{\n\t\t\tnginxListRedirectionHostsReq := &npmsdk.NginxListRedirectionHostsRequest{}\n\t\t\tnginxListRedirectionHostsResp, err := d.sdkClient.NginxListRedirectionHostsWithContext(ctx, nginxListRedirectionHostsReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.ListRedirectionHosts'\", slog.Any(\"request\", nginxListRedirectionHostsReq), slog.Any(\"response\", nginxListRedirectionHostsResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.ListRedirectionHosts': %w\", err)\n\t\t\t}\n\n\t\t\thosts = make([]*npmsdk.HostRecord, 0, len(*nginxListRedirectionHostsResp))\n\t\t\tfor _, hostItem := range *nginxListRedirectionHostsResp {\n\t\t\t\thosts = append(hosts, &hostItem.HostRecord)\n\t\t\t}\n\t\t}\n\n\tcase HOST_TYPE_STREAM:\n\t\t{\n\t\t\tnginxListStreamsReq := &npmsdk.NginxListStreamsRequest{}\n\t\t\tnginxListStreamsResp, err := d.sdkClient.NginxListStreamsWithContext(ctx, nginxListStreamsReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.ListStreams'\", slog.Any(\"request\", nginxListStreamsReq), slog.Any(\"response\", nginxListStreamsResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.ListStreams': %w\", err)\n\t\t\t}\n\n\t\t\thosts = make([]*npmsdk.HostRecord, 0, len(*nginxListStreamsResp))\n\t\t\tfor _, hostItem := range *nginxListStreamsResp {\n\t\t\t\thosts = append(hosts, &hostItem.HostRecord)\n\t\t\t}\n\t\t}\n\n\tcase HOST_TYPE_DEAD:\n\t\t{\n\t\t\tnginxListDeadHostsReq := &npmsdk.NginxListDeadHostsRequest{}\n\t\t\tnginxListDeadHostsResp, err := d.sdkClient.NginxListDeadHostsWithContext(ctx, nginxListDeadHostsReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.ListDeadHosts'\", slog.Any(\"request\", nginxListDeadHostsReq), slog.Any(\"response\", nginxListDeadHostsResp))\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'nginx.ListDeadHosts': %w\", err)\n\t\t\t}\n\n\t\t\thosts = make([]*npmsdk.HostRecord, 0, len(*nginxListDeadHostsResp))\n\t\t\tfor _, hostItem := range *nginxListDeadHostsResp {\n\t\t\t\thosts = append(hosts, &hostItem.HostRecord)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn hosts, fmt.Errorf(\"unsupported host type: '%s'\", cloudHostType)\n\t}\n\n\treturn hosts, nil\n}\n\nfunc (d *Deployer) updateHostCertificate(ctx context.Context, cloudHostType string, cloudHostId int64, cloudCertId int64) error {\n\tswitch cloudHostType {\n\tcase HOST_TYPE_PROXY:\n\t\t{\n\t\t\tnginxUpdateProxyHostReq := &npmsdk.NginxUpdateProxyHostRequest{\n\t\t\t\tCertificateId: lo.ToPtr(cloudCertId),\n\t\t\t}\n\t\t\tnginxUpdateProxyHostResp, err := d.sdkClient.NginxUpdateProxyHostWithContext(ctx, cloudHostId, nginxUpdateProxyHostReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.UpdateProxyHost'\", slog.Int64(\"request.hostId\", cloudHostId), slog.Any(\"request\", nginxUpdateProxyHostReq), slog.Any(\"response\", nginxUpdateProxyHostResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'nginx.UpdateProxyHost': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase HOST_TYPE_REDIRECTION:\n\t\t{\n\t\t\tnginxUpdateRedirectionHostReq := &npmsdk.NginxUpdateRedirectionHostRequest{\n\t\t\t\tCertificateId: lo.ToPtr(cloudCertId),\n\t\t\t}\n\t\t\tnginxUpdateRedirectionHostResp, err := d.sdkClient.NginxUpdateRedirectionHostWithContext(ctx, cloudHostId, nginxUpdateRedirectionHostReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.UpdateRedirectionHost'\", slog.Int64(\"request.hostId\", cloudHostId), slog.Any(\"request\", nginxUpdateRedirectionHostReq), slog.Any(\"response\", nginxUpdateRedirectionHostResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'nginx.UpdateRedirectionHost': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase HOST_TYPE_STREAM:\n\t\t{\n\t\t\tnginxUpdateStreamReq := &npmsdk.NginxUpdateStreamRequest{\n\t\t\t\tCertificateId: lo.ToPtr(cloudCertId),\n\t\t\t}\n\t\t\tnginxUpdateStreamResp, err := d.sdkClient.NginxUpdateStreamWithContext(ctx, cloudHostId, nginxUpdateStreamReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.UpdateStream'\", slog.Int64(\"request.hostId\", cloudHostId), slog.Any(\"request\", nginxUpdateStreamReq), slog.Any(\"response\", nginxUpdateStreamResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'nginx.UpdateStream': %w\", err)\n\t\t\t}\n\t\t}\n\n\tcase HOST_TYPE_DEAD:\n\t\t{\n\t\t\tnginxUpdateDeadHostReq := &npmsdk.NginxUpdateDeadHostRequest{\n\t\t\t\tCertificateId: lo.ToPtr(cloudCertId),\n\t\t\t}\n\t\t\tnginxUpdateDeadHostResp, err := d.sdkClient.NginxUpdateDeadHostWithContext(ctx, cloudHostId, nginxUpdateDeadHostReq)\n\t\t\td.logger.Debug(\"sdk request 'nginx.UpdateDeadHost'\", slog.Int64(\"request.hostId\", cloudHostId), slog.Any(\"request\", nginxUpdateDeadHostReq), slog.Any(\"response\", nginxUpdateDeadHostResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'nginx.UpdateDeadHost': %w\", err)\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn fmt.Errorf(\"unsupported host type: '%s'\", cloudHostType)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, authMethod, username, password, apiToken string, skipTlsVerify bool) (*npmsdk.Client, error) {\n\tvar client *npmsdk.Client\n\tvar err error\n\n\tswitch authMethod {\n\tcase \"\", AUTH_METHOD_PASSWORD:\n\t\t{\n\t\t\tclient, err = npmsdk.NewClient(serverUrl, username, password)\n\t\t}\n\n\tcase AUTH_METHOD_TOKEN:\n\t\t{\n\t\t\tclient, err = npmsdk.NewClientWithJwtToken(serverUrl, apiToken)\n\t\t}\n\t}\n\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/nginxproxymanager/nginxproxymanager_test.go",
"content": "package nginxproxymanager_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/nginxproxymanager\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfUsername string\n\tfPassword string\n\tfHostType string\n\tfHostId int64\n)\n\nfunc init() {\n\targsPrefix := \"NGINXPROXYMANAGER_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fHostType, argsPrefix+\"HOSTTYPE\", \"\", \"\")\n\tflag.Int64Var(&fHostId, argsPrefix+\"HOSTID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./nginxproxymanager_test.go -args \\\n\t--NGINXPROXYMANAGER_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--NGINXPROXYMANAGER_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--NGINXPROXYMANAGER_SERVERURL=\"http://127.0.0.1:20410\" \\\n\t--NGINXPROXYMANAGER_USERNAME=\"your-username\" \\\n\t--NGINXPROXYMANAGER_PASSWORD=\"your-password\" \\\n\t--NGINXPROXYMANAGER_HOSTTYPE=\"proxy\" \\\n\t--NGINXPROXYMANAGER_HOSTID=\"your-host-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"HOSTTYPE: %v\", fHostType),\n\t\t\tfmt.Sprintf(\"HOSTID: %v\", fHostId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tAuthMethod: provider.AUTH_METHOD_PASSWORD,\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_HOST,\n\t\t\tHostType: fHostType,\n\t\t\tHostMatchPattern: provider.HOST_MATCH_PATTERN_SPECIFIED,\n\t\t\tHostId: fHostId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/proxmoxve/proxmoxve.go",
"content": "package proxmoxve\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\n\t\"github.com/luthermonson/go-proxmox\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txhttp \"github.com/certimate-go/certimate/pkg/utils/http\"\n)\n\ntype DeployerConfig struct {\n\t// Proxmox VE 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// Proxmox VE API Token。\n\tApiToken string `json:\"apiToken\"`\n\t// Proxmox VE API Token Secret。\n\tApiTokenSecret string `json:\"apiTokenSecret,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 集群节点名称。\n\tNodeName string `json:\"nodeName\"`\n\t// 是否自动重启。\n\tAutoRestart bool `json:\"autoRestart\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *proxmox.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiToken, config.ApiTokenSecret, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.NodeName == \"\" {\n\t\treturn nil, errors.New(\"config `nodeName` is required\")\n\t}\n\n\t// 获取节点信息\n\t// REF: https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}\n\tnode, err := d.sdkClient.Node(ctx, d.config.NodeName)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to get node '%s': %w\", d.config.NodeName, err)\n\t}\n\n\t// 上传自定义证书\n\t// REF: https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}/certificates/custom\n\terr = node.UploadCustomCertificate(ctx, &proxmox.CustomCertificate{\n\t\tCertificates: certPEM,\n\t\tKey: privkeyPEM,\n\t\tForce: true,\n\t\tRestart: d.config.AutoRestart,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload custom certificate to node '%s': %w\", node.Name, err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(serverUrl, apiToken, apiTokenSecret string, skipTlsVerify bool) (*proxmox.Client, error) {\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, errors.New(\"pve: invalid server url\")\n\t}\n\n\tif apiToken == \"\" {\n\t\treturn nil, errors.New(\"pve: invalid api token\")\n\t}\n\n\thttpClient := &http.Client{\n\t\tTransport: xhttp.NewDefaultTransport(),\n\t\tTimeout: http.DefaultClient.Timeout,\n\t}\n\tif skipTlsVerify {\n\t\ttransport := xhttp.NewDefaultTransport()\n\t\ttransport.DisableKeepAlives = true\n\t\ttransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}\n\t\thttpClient.Transport = transport\n\t}\n\tclient := proxmox.NewClient(\n\t\tstrings.TrimRight(serverUrl, \"/\")+\"/api2/json\",\n\t\tproxmox.WithHTTPClient(httpClient),\n\t\tproxmox.WithAPIToken(apiToken, apiTokenSecret),\n\t)\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/proxmoxve/proxmoxve_test.go",
"content": "package proxmoxve_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/proxmoxve\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiToken string\n\tfApiTokenSecret string\n\tfNodeName string\n)\n\nfunc init() {\n\targsPrefix := \"PROXMOXVE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fApiTokenSecret, argsPrefix+\"APITOKENSECRET\", \"\", \"\")\n\tflag.StringVar(&fNodeName, argsPrefix+\"NODENAME\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./proxmoxve_test.go -args \\\n\t--PROXMOXVE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--PROXMOXVE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--PROXMOXVE_SERVERURL=\"http://127.0.0.1:8006\" \\\n\t--PROXMOXVE_APITOKEN=\"your-api-token\" \\\n\t--PROXMOXVE_APITOKENSECRET=\"your-api-token-secret\" \\\n\t--PROXMOXVE_NODENAME=\"your-cluster-node-name\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"APITOKENSECRET: %v\", fApiTokenSecret),\n\t\t\tfmt.Sprintf(\"NODENAME: %v\", fNodeName),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiToken: fApiToken,\n\t\t\tApiTokenSecret: fApiTokenSecret,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tNodeName: fNodeName,\n\t\t\tAutoRestart: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-cdn/consts.go",
"content": "package qiniucdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn.go",
"content": "package qiniucdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/qiniu/go-sdk/v7/auth\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/qiniu-sslcert\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tqiniusdk \"github.com/certimate-go/certimate/pkg/sdk3rd/qiniu\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 七牛云 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 七牛云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *qiniusdk.CdnManager\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient := qiniusdk.NewCdnManager(auth.New(config.AccessKey, config.SecretKey))\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKey: config.AccessKey,\n\t\tSecretKey: config.SecretKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\t// \"*.example.com\" → \".example.com\",适配七牛云 CDN 要求的泛域名格式\n\t\t\tdomain := strings.TrimPrefix(d.config.Domain, \"*\")\n\t\t\tdomains = []string{domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain) ||\n\t\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil ||\n\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://developer.qiniu.com/fusion/4246/the-domain-name\n\tgetDomainListMarker := \"\"\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetDomainListResp, err := d.sdkClient.GetDomainList(ctx, getDomainListMarker, 100)\n\t\td.logger.Debug(\"sdk request 'cdn.GetDomainList'\", slog.String(\"request.marker\", getDomainListMarker), slog.Any(\"response\", getDomainListResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.GetDomainList': %w\", err)\n\t\t}\n\n\t\tignoredStatuses := []string{\"frozen\", \"offlined\"}\n\t\tfor _, domainItem := range getDomainListResp.Domains {\n\t\t\tif lo.Contains(ignoredStatuses, domainItem.OperatingState) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, domainItem.Name)\n\t\t}\n\n\t\tif len(getDomainListResp.Domains) == 0 || getDomainListResp.Marker == \"\" {\n\t\t\tbreak\n\t\t}\n\n\t\tgetDomainListMarker = getDomainListResp.Marker\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 获取域名信息\n\t// REF: https://developer.qiniu.com/fusion/4246/the-domain-name\n\tgetDomainInfoResp, err := d.sdkClient.GetDomainInfo(ctx, domain)\n\td.logger.Debug(\"sdk request 'cdn.GetDomainInfo'\", slog.String(\"request.domain\", domain), slog.Any(\"response\", getDomainInfoResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.GetDomainInfo': %w\", err)\n\t}\n\n\t// 判断域名是否已启用 HTTPS\n\t// 如果已启用,修改域名证书;否则,启用 HTTPS\n\t// REF: https://developer.qiniu.com/fusion/4246/the-domain-name\n\tif getDomainInfoResp.Https == nil || getDomainInfoResp.Https.CertID == \"\" {\n\t\tenableDomainHttpsResp, err := d.sdkClient.EnableDomainHttps(ctx, domain, cloudCertId, true, true)\n\t\td.logger.Debug(\"sdk request 'cdn.EnableDomainHttps'\", slog.String(\"request.domain\", domain), slog.String(\"request.certId\", cloudCertId), slog.Any(\"response\", enableDomainHttpsResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.EnableDomainHttps': %w\", err)\n\t\t}\n\t} else if getDomainInfoResp.Https.CertID != cloudCertId {\n\t\tmodifyDomainHttpsConfResp, err := d.sdkClient.ModifyDomainHttpsConf(ctx, domain, cloudCertId, getDomainInfoResp.Https.ForceHttps, getDomainInfoResp.Https.Http2Enable)\n\t\td.logger.Debug(\"sdk request 'cdn.ModifyDomainHttpsConf'\", slog.String(\"request.domain\", domain), slog.String(\"request.certId\", cloudCertId), slog.Any(\"response\", modifyDomainHttpsConfResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.ModifyDomainHttpsConf': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-cdn/qiniu_cdn_test.go",
"content": "package qiniucdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/qiniu-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKey string\n\tfSecretKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"QINIUCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./qiniu_cdn_test.go -args \\\n\t--QINIUCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--QINIUCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--QINIUCDN_ACCESSKEY=\"your-access-key\" \\\n\t--QINIUCDN_SECRETKEY=\"your-secret-key\" \\\n\t--QINIUCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKey: fAccessKey,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-kodo/qiniu_kodo.go",
"content": "package qiniukodo\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/qiniu/go-sdk/v7/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/qiniu-sslcert\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tqiniusdk \"github.com/certimate-go/certimate/pkg/sdk3rd/qiniu\"\n)\n\ntype DeployerConfig struct {\n\t// 七牛云 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 七牛云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 存储桶名。暂时无用。\n\tBucket string `json:\"bucket\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *qiniusdk.KodoManager\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient := qiniusdk.NewKodoManager(auth.New(config.AccessKey, config.SecretKey))\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKey: config.AccessKey,\n\t\tSecretKey: config.SecretKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Domain == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 绑定空间域名证书\n\tbindBucketCertResp, err := d.sdkClient.BindBucketCert(ctx, d.config.Domain, upres.CertId)\n\td.logger.Debug(\"sdk request 'kodo.BindCert'\", slog.String(\"request.domain\", d.config.Domain), slog.String(\"request.certId\", upres.CertId), slog.Any(\"response\", bindBucketCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'kodo.BindCert': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-kodo/qiniu_kodo_test.go",
"content": "package qiniukodo_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/qiniu-kodo\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKey string\n\tfSecretKey string\n\tfBucket string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"QINIUKODO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fBucket, argsPrefix+\"BUCKET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./qiniu_kodo_test.go -args \\\n\t--QINIUKODO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--QINIUKODO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--QINIUKODO_ACCESSKEY=\"your-access-key\" \\\n\t--QINIUKODO_SECRETKEY=\"your-secret-key\" \\\n\t--QINIUKODO_BUCKET=\"your-bucket\" \\\n\t--QINIUKODO_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"BUCKET: %v\", fBucket),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKey: fAccessKey,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tBucket: fBucket,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-pili/consts.go",
"content": "package qiniupili\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-pili/qiniu_pili.go",
"content": "package qiniupili\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/qiniu/go-sdk/v7/pili\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/qiniu-sslcert\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 七牛云 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// 七牛云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 直播空间名。\n\tHub string `json:\"hub\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 直播流域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *pili.Manager\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tmanager := pili.NewManager(pili.ManagerConfig{AccessKey: config.AccessKey, SecretKey: config.SecretKey})\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKey: config.AccessKey,\n\t\tSecretKey: config.SecretKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: manager,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Domain == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomainsByHub(ctx, d.config.Hub)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no pili domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found pili domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, d.config.Hub, domain, upres.CertName); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomainsByHub(ctx context.Context, hub string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://developer.qiniu.com/pili/9910/pili-service-sdk#6\n\tgetDomainListReq := pili.GetDomainsListRequest{\n\t\tHub: hub,\n\t}\n\tgetDomainListResp, err := d.sdkClient.GetDomainsList(ctx, getDomainListReq)\n\td.logger.Debug(\"sdk request 'pili.GetDomainsList'\", slog.Any(\"request\", getDomainListReq), slog.Any(\"response\", getDomainListResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'pili.GetDomainsList': %w\", err)\n\t}\n\n\tfor _, domainItem := range getDomainListResp.Domains {\n\t\tdomains = append(domains, domainItem.Domain)\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, hub string, domain string, cloudCertName string) error {\n\t// 修改域名证书配置\n\t// REF: https://developer.qiniu.com/pili/9910/pili-service-sdk#6\n\tsetDomainCertReq := pili.SetDomainCertRequest{\n\t\tHub: hub,\n\t\tDomain: domain,\n\t\tCertName: cloudCertName,\n\t}\n\terr := d.sdkClient.SetDomainCert(ctx, setDomainCertReq)\n\td.logger.Debug(\"sdk request 'pili.SetDomainCert'\", slog.Any(\"request\", setDomainCertReq))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'pili.SetDomainCert': %w\", err)\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/qiniu-pili/qiniu_pili_test.go",
"content": "package qiniupili_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/qiniu-pili\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKey string\n\tfSecretKey string\n\tfHub string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"QINIUPILI_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKey, argsPrefix+\"ACCESSKEY\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fHub, argsPrefix+\"HUB\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./qiniu_pili_test.go -args \\\n\t--QINIUPILI_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--QINIUPILI_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--QINIUPILI_ACCESSKEY=\"your-access-key\" \\\n\t--QINIUPILI_SECRETKEY=\"your-secret-key\" \\\n\t--QINIUPILI_HUB=\"your-hub-name\" \\\n\t--QINIUPILI_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEY: %v\", fAccessKey),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"HUB: %v\", fHub),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKey: fAccessKey,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/rainyun-rcdn/consts.go",
"content": "package rainyunrcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/rainyun-rcdn/rainyun_rcdn.go",
"content": "package rainyunrcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/rainyun-sslcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\trainyunsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/rainyun\"\n)\n\ntype DeployerConfig struct {\n\t// 雨云 API 密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// RCDN 实例 ID。\n\tInstanceId int64 `json:\"instanceId\"`\n\t// 域名匹配模式。暂时只支持精确匹配。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *rainyunsdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ApiKey)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tApiKey: config.ApiKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.InstanceId == 0 {\n\t\treturn nil, fmt.Errorf(\"config `instanceId` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, fmt.Errorf(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// RCDN SSL 绑定域名\n\t// REF: https://apifox.com/apidoc/shared/a4595cc8-44c5-4678-a2a3-eed7738dab03/api-184214120\n\tcertId, _ := strconv.ParseInt(upres.CertId, 10, 64)\n\trcdnInstanceSslBindReq := &rainyunsdk.RcdnInstanceSslBindRequest{\n\t\tCertId: certId,\n\t\tDomains: []string{d.config.Domain},\n\t}\n\trcdnInstanceSslBindResp, err := d.sdkClient.RcdnInstanceSslBindWithContext(ctx, d.config.InstanceId, rcdnInstanceSslBindReq)\n\td.logger.Debug(\"sdk request 'rcdn.InstanceSslBind'\", slog.Int64(\"instanceId\", d.config.InstanceId), slog.Any(\"request\", rcdnInstanceSslBindReq), slog.Any(\"response\", rcdnInstanceSslBindResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'rcdn.InstanceSslBind': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(apiKey string) (*rainyunsdk.Client, error) {\n\treturn rainyunsdk.NewClient(apiKey)\n}\n"
},
{
"path": "pkg/core/deployer/providers/rainyun-rcdn/rainyun_rcdn_test.go",
"content": "package rainyunrcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/rainyun-rcdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiKey string\n\tfInstanceId int64\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"RAINYUNRCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.Int64Var(&fInstanceId, argsPrefix+\"INSTANCEID\", 0, \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./rainyun_rcdn_test.go -args \\\n\t--RAINYUNRCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--RAINYUNRCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--RAINYUNRCDN_APIKEY=\"your-api-key\" \\\n\t--RAINYUNRCDN_INSTANCEID=\"your-rcdn-instance-id\" \\\n\t--RAINYUNRCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"INSTANCEID: %v\", fInstanceId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiKey: fApiKey,\n\t\t\tInstanceId: fInstanceId,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/rainyun-sslcenter/rainyun_sslcenter.go",
"content": "package rainyunsslcenter\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/rainyun-sslcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 雨云 API 密钥。\n\tApiKey string `json:\"apiKey\"`\n\t// 证书 ID。\n\t// 选填。零值时表示新建证书;否则表示更新证书。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tApiKey: config.ApiKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.CertificateId == 0 {\n\t\t// 上传证书\n\t\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t\t}\n\t} else {\n\t\t// 替换证书\n\t\topres, err := d.sdkCertmgr.Replace(ctx, strconv.FormatInt(d.config.CertificateId, 10), certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/rainyun-sslcenter/rainyun_sslcenter_test.go",
"content": "package rainyunsslcenter_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/rainyun-sslcenter\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfApiKey string\n)\n\nfunc init() {\n\targsPrefix := \"RAINYUNSSLCENTER_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./rainyun_sslcenter_test.go -args \\\n\t--RAINYUNRCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--RAINYUNRCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--RAINYUNRCDN_APIKEY=\"your-api-key\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tApiKey: fApiKey,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ratpanel/consts.go",
"content": "package ratpanel\n\nconst (\n\t// 资源类型:替换指定网站的证书。\n\tRESOURCE_TYPE_WEBSITE = \"website\"\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ratpanel/ratpanel.go",
"content": "package ratpanel\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tratpanelsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ratpanel\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 耗子面板服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 耗子面板访问令牌 ID。\n\tAccessTokenId int64 `json:\"accessTokenId\"`\n\t// 耗子面板访问令牌。\n\tAccessToken string `json:\"accessToken\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 网站名称。\n\t// 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。\n\tSiteNames []string `json:\"siteNames,omitempty\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ratpanelsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.AccessTokenId, config.AccessToken, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_WEBSITE:\n\t\tif err := d.deployToWebsite(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToWebsite(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif len(d.config.SiteNames) == 0 {\n\t\treturn errors.New(\"config `siteNames` is required\")\n\t}\n\n\t// 遍历更新站点证书\n\tvar errs []error\n\tfor _, siteName := range d.config.SiteNames {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t\tif err := d.updateSiteCertificate(ctx, siteName, certPEM, privkeyPEM); err != nil {\n\t\t\t\terrs = append(errs, err)\n\t\t\t}\n\t\t}\n\t}\n\tif len(errs) > 0 {\n\t\treturn errors.Join(errs...)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == 0 {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t// 更新 SSL 证书\n\tcertUpdateReq := &ratpanelsdk.CertUpdateRequest{\n\t\tCertId: d.config.CertificateId,\n\t\tType: \"upload\",\n\t\tDomains: certX509.DNSNames,\n\t\tCertificate: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t}\n\tcertUpdateResp, err := d.sdkClient.CertUpdateWithContext(ctx, certUpdateReq)\n\td.logger.Debug(\"sdk request 'ratpanel.CertUpdate'\", slog.Any(\"request\", certUpdateReq), slog.Any(\"response\", certUpdateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'ratpanel.CertUpdate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateSiteCertificate(ctx context.Context, siteName string, certPEM, privkeyPEM string) error {\n\t// 设置站点 SSL 证书\n\tsetWebsiteCertReq := &ratpanelsdk.SetWebsiteCertRequest{\n\t\tSiteName: siteName,\n\t\tCertificate: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t}\n\tsetWebsiteCertResp, err := d.sdkClient.SetWebsiteCertWithContext(ctx, setWebsiteCertReq)\n\td.logger.Debug(\"sdk request 'ratpanel.SetWebsiteCert'\", slog.Any(\"request\", setWebsiteCertReq), slog.Any(\"response\", setWebsiteCertResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'ratpanel.SetWebsiteCert': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl string, accessTokenId int64, accessToken string, skipTlsVerify bool) (*ratpanelsdk.Client, error) {\n\tclient, err := ratpanelsdk.NewClient(serverUrl, accessTokenId, accessToken)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ratpanel/ratpanel_test.go",
"content": "package ratpanel_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ratpanel\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfAccessTokenId int64\n\tfAccessToken string\n\tfSiteName string\n)\n\nfunc init() {\n\targsPrefix := \"RATPANEL_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.Int64Var(&fAccessTokenId, argsPrefix+\"ACCESSTOKENID\", 0, \"\")\n\tflag.StringVar(&fAccessToken, argsPrefix+\"ACCESSTOKEN\", \"\", \"\")\n\tflag.StringVar(&fSiteName, argsPrefix+\"SITENAME\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ratpanel_test.go -args \\\n\t--RATPANEL_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--RATPANEL_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--RATPANEL_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--RATPANEL_ACCESSTOKENID=\"your-access-token-id\" \\\n\t--RATPANEL_ACCESSTOKEN=\"your-access-token\" \\\n\t--RATPANEL_SITENAME=\"your-site-name\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"ACCESSTOKENID: %v\", fAccessTokenId),\n\t\t\tfmt.Sprintf(\"ACCESSTOKEN: %v\", fAccessToken),\n\t\t\tfmt.Sprintf(\"SITENAME: %v\", fSiteName),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tAccessTokenId: fAccessTokenId,\n\t\t\tAccessToken: fAccessToken,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_WEBSITE,\n\t\t\tSiteNames: []string{fSiteName},\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ratpanel-console/ratpanel_console.go",
"content": "package ratpanelconsole\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tratpanelsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ratpanel\"\n)\n\ntype DeployerConfig struct {\n\t// 耗子面板服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 耗子面板访问令牌 ID。\n\tAccessTokenId int64 `json:\"accessTokenId\"`\n\t// 耗子面板访问令牌。\n\tAccessToken string `json:\"accessToken\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ratpanelsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.AccessTokenId, config.AccessToken, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 设置面板 SSL 证书\n\tsetSettingCertReq := &ratpanelsdk.SetSettingCertRequest{\n\t\tCertificate: certPEM,\n\t\tPrivateKey: privkeyPEM,\n\t}\n\tsetSettingCertResp, err := d.sdkClient.SetSettingCertWithContext(ctx, setSettingCertReq)\n\td.logger.Debug(\"sdk request 'ratpanel.SetSettingCert'\", slog.Any(\"request\", setSettingCertReq), slog.Any(\"response\", setSettingCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ratpanel.SetSettingCert': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(serverUrl string, accessTokenId int64, accessToken string, skipTlsVerify bool) (*ratpanelsdk.Client, error) {\n\tclient, err := ratpanelsdk.NewClient(serverUrl, accessTokenId, accessToken)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ratpanel-console/ratpanel_console_test.go",
"content": "package ratpanelconsole_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ratpanel-console\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfAccessTokenId int64\n\tfAccessToken string\n)\n\nfunc init() {\n\targsPrefix := \"RATPANELCONSOLE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.Int64Var(&fAccessTokenId, argsPrefix+\"ACCESSTOKENID\", 0, \"\")\n\tflag.StringVar(&fAccessToken, argsPrefix+\"ACCESSTOKEN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ratpanel_console_test.go -args \\\n\t--RATPANELCONSOLE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--RATPANELCONSOLE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--RATPANELCONSOLE_SERVERURL=\"http://127.0.0.1:8888\" \\\n\t--RATPANELCONSOLE_ACCESSTOKENID=\"your-access-token-id\" \\\n\t--RATPANELCONSOLE_ACCESSTOKEN=\"your-access-token\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"ACCESSTOKENID: %v\", fAccessTokenId),\n\t\t\tfmt.Sprintf(\"ACCESSTOKEN: %v\", fAccessToken),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tAccessTokenId: fAccessTokenId,\n\t\t\tAccessToken: fAccessToken,\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/s3/consts.go",
"content": "package s3\n\nimport (\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\nconst (\n\tOUTPUT_FORMAT_PEM = string(domain.CertificateFormatTypePEM)\n\tOUTPUT_FORMAT_PFX = string(domain.CertificateFormatTypePFX)\n\tOUTPUT_FORMAT_JKS = string(domain.CertificateFormatTypeJKS)\n)\n"
},
{
"path": "pkg/core/deployer/providers/s3/s3.go",
"content": "package s3\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/internal/tools/s3\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// S3 Endpoint。\n\tEndpoint string `json:\"endpoint\"`\n\t// S3 AccessKey。\n\tAccessKey string `json:\"accessKey\"`\n\t// S3 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// S3 签名版本。\n\t// 可取值 \"v2\"、\"v4\"。\n\t// 零值时默认值 \"v4\"。\n\tSignatureVersion string `json:\"signatureVersion,omitempty\"`\n\t// 是否使用路径风格。\n\tUsePathStyle bool `json:\"usePathStyle,omitempty\"`\n\t// 存储区域。\n\tRegion string `json:\"region\"`\n\t// 存储桶名。\n\tBucket string `json:\"bucket\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 输出证书格式。\n\tOutputFormat string `json:\"outputFormat,omitempty\"`\n\t// 输出证书文件路径。\n\tOutputCertObjectKey string `json:\"outputCertObjectKey,omitempty\"`\n\t// 输出服务器证书文件路径。\n\t// 选填。\n\tOutputServerCertObjectKey string `json:\"outputServerCertObjectKey,omitempty\"`\n\t// 输出中间证书文件路径。\n\t// 选填。\n\tOutputIntermediaCertObjectKey string `json:\"outputIntermediaCertObjectKey,omitempty\"`\n\t// 输出私钥文件路径。\n\tOutputKeyObjectKey string `json:\"outputKeyObjectKey,omitempty\"`\n\t// PFX 导出密码。\n\t// 证书格式为 PFX 时必填。\n\tPfxPassword string `json:\"pfxPassword,omitempty\"`\n\t// JKS 别名。\n\t// 证书格式为 JKS 时必填。\n\tJksAlias string `json:\"jksAlias,omitempty\"`\n\t// JKS 密钥密码。\n\t// 证书格式为 JKS 时必填。\n\tJksKeypass string `json:\"jksKeypass,omitempty\"`\n\t// JKS 存储密码。\n\t// 证书格式为 JKS 时必填。\n\tJksStorepass string `json:\"jksStorepass,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\ts3Client *s3.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createS3Client(*config)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"s3: failed to create S3 client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\ts3Client: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 写入证书和私钥文件\n\tswitch d.config.OutputFormat {\n\tcase OUTPUT_FORMAT_PEM:\n\t\t{\n\t\t\tif err := d.s3Client.PutObjectString(ctx, d.config.Bucket, d.config.OutputCertObjectKey, certPEM); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file uploaded\", slog.String(\"bucket\", d.config.Bucket), slog.String(\"object\", d.config.OutputCertObjectKey))\n\n\t\t\tif d.config.OutputServerCertObjectKey != \"\" {\n\t\t\t\tif err := d.s3Client.PutObjectString(ctx, d.config.Bucket, d.config.OutputServerCertObjectKey, serverCertPEM); err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to upload server certificate file: %w\", err)\n\t\t\t\t}\n\t\t\t\td.logger.Info(\"ssl server certificate file uploaded\", slog.String(\"bucket\", d.config.Bucket), slog.String(\"object\", d.config.OutputServerCertObjectKey))\n\t\t\t}\n\n\t\t\tif d.config.OutputIntermediaCertObjectKey != \"\" {\n\t\t\t\tif err := d.s3Client.PutObjectString(ctx, d.config.Bucket, d.config.OutputIntermediaCertObjectKey, intermediaCertPEM); err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to upload intermedia certificate file: %w\", err)\n\t\t\t\t}\n\t\t\t\td.logger.Info(\"ssl intermedia certificate file uploaded\", slog.String(\"bucket\", d.config.Bucket), slog.String(\"object\", d.config.OutputIntermediaCertObjectKey))\n\t\t\t}\n\n\t\t\tif err := d.s3Client.PutObjectString(ctx, d.config.Bucket, d.config.OutputKeyObjectKey, privkeyPEM); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload private key file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl private key file uploaded\", slog.String(\"bucket\", d.config.Bucket), slog.String(\"object\", d.config.OutputKeyObjectKey))\n\t\t}\n\n\tcase OUTPUT_FORMAT_PFX:\n\t\t{\n\t\t\tpfxData, err := xcert.TransformCertificateFromPEMToPFX(certPEM, privkeyPEM, d.config.PfxPassword)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to transform certificate to PFX: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate transformed to pfx\")\n\n\t\t\tif err := d.s3Client.PutObjectBytes(ctx, d.config.Bucket, d.config.OutputCertObjectKey, pfxData); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file uploaded\", slog.String(\"bucket\", d.config.Bucket), slog.String(\"object\", d.config.OutputCertObjectKey))\n\t\t}\n\n\tcase OUTPUT_FORMAT_JKS:\n\t\t{\n\t\t\tjksData, err := xcert.TransformCertificateFromPEMToJKS(certPEM, privkeyPEM, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to transform certificate to JKS: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate transformed to jks\")\n\n\t\t\tif err := d.s3Client.PutObjectBytes(ctx, d.config.Bucket, d.config.OutputCertObjectKey, jksData); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file uploaded\", slog.String(\"bucket\", d.config.Bucket), slog.String(\"object\", d.config.OutputCertObjectKey))\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported output format '%s'\", d.config.OutputFormat)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createS3Client(config DeployerConfig) (*s3.Client, error) {\n\tclientCfg := s3.NewDefaultConfig()\n\tclientCfg.Endpoint = config.Endpoint\n\tclientCfg.AccessKey = config.AccessKey\n\tclientCfg.SecretKey = config.SecretKey\n\tclientCfg.SignatureVersion = config.SignatureVersion\n\tclientCfg.UsePathStyle = config.UsePathStyle\n\tclientCfg.Region = config.Region\n\tclientCfg.SkipTlsVerify = config.AllowInsecureConnections\n\n\tclient, err := s3.NewClient(clientCfg)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, err\n}\n"
},
{
"path": "pkg/core/deployer/providers/safeline/consts.go",
"content": "package safeline\n\nconst (\n\t// 资源类型:替换指定证书。\n\tRESOURCE_TYPE_CERTIFICATE = \"certificate\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/safeline/safeline.go",
"content": "package safeline\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tsafelinesdk \"github.com/certimate-go/certimate/pkg/sdk3rd/safeline\"\n)\n\ntype DeployerConfig struct {\n\t// 雷池服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 雷池 API Token。\n\tApiToken string `json:\"apiToken\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 证书 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。\n\tCertificateId int64 `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *safelinesdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.ApiToken, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 根据部署资源类型决定部署方式``\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_CERTIFICATE:\n\t\tif err := d.deployToCertificate(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToCertificate(ctx context.Context, certPEM, privkeyPEM string) error {\n\tif d.config.CertificateId == 0 {\n\t\treturn errors.New(\"config `certificateId` is required\")\n\t}\n\n\t// 更新证书\n\tupdateCertificateReq := &safelinesdk.UpdateCertificateRequest{\n\t\tId: d.config.CertificateId,\n\t\tType: 2,\n\t\tManual: &safelinesdk.CertificateManul{\n\t\t\tCrt: certPEM,\n\t\t\tKey: privkeyPEM,\n\t\t},\n\t}\n\tupdateCertificateResp, err := d.sdkClient.UpdateCertificateWithContext(ctx, updateCertificateReq)\n\td.logger.Debug(\"sdk request 'safeline.UpdateCertificate'\", slog.Any(\"request\", updateCertificateReq), slog.Any(\"response\", updateCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'safeline.UpdateCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(serverUrl, apiToken string, skipTlsVerify bool) (*safelinesdk.Client, error) {\n\tclient, err := safelinesdk.NewClient(serverUrl, apiToken)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/safeline/safeline_test.go",
"content": "package safeline_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/safeline\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfApiToken string\n\tfCertificateId int64\n)\n\nfunc init() {\n\targsPrefix := \"SAFELINE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.Int64Var(&fCertificateId, argsPrefix+\"CERTIFICATEID\", 0, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./safeline_test.go -args \\\n\t--SAFELINE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--SAFELINE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--SAFELINE_SERVERURL=\"http://127.0.0.1:9443\" \\\n\t--SAFELINE_APITOKEN=\"your-api-token\" \\\n\t--SAFELINE_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tApiToken: fApiToken,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tResourceType: provider.RESOURCE_TYPE_CERTIFICATE,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ssh/consts.go",
"content": "package ssh\n\nimport (\n\t\"github.com/certimate-go/certimate/internal/domain\"\n)\n\nconst (\n\tOUTPUT_FORMAT_PEM = string(domain.CertificateFormatTypePEM)\n\tOUTPUT_FORMAT_PFX = string(domain.CertificateFormatTypePFX)\n\tOUTPUT_FORMAT_JKS = string(domain.CertificateFormatTypeJKS)\n)\n"
},
{
"path": "pkg/core/deployer/providers/ssh/ssh.go",
"content": "package ssh\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/certimate-go/certimate/internal/tools/ssh\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txssh \"github.com/certimate-go/certimate/pkg/utils/ssh\"\n)\n\ntype ServerConfig struct {\n\t// SSH 主机。\n\t// 零值时默认值 \"localhost\"。\n\tSshHost string `json:\"sshHost,omitempty\"`\n\t// SSH 端口。\n\t// 零值时默认值 22。\n\tSshPort int32 `json:\"sshPort,omitempty\"`\n\t// SSH 认证方式。\n\t// 可取值 \"none\"、\"password\"、\"key\"。\n\t// 零值时根据有无密码或私钥字段决定。\n\tSshAuthMethod string `json:\"sshAuthMethod,omitempty\"`\n\t// SSH 登录用户名。\n\t// 零值时默认值 \"root\"。\n\tSshUsername string `json:\"sshUsername,omitempty\"`\n\t// SSH 登录密码。\n\tSshPassword string `json:\"sshPassword,omitempty\"`\n\t// SSH 登录私钥。\n\tSshKey string `json:\"sshKey,omitempty\"`\n\t// SSH 登录私钥口令。\n\tSshKeyPassphrase string `json:\"sshKeyPassphrase,omitempty\"`\n}\n\ntype DeployerConfig struct {\n\tServerConfig\n\n\t// 跳板机配置数组。\n\tJumpServers []ServerConfig `json:\"jumpServers,omitempty\"`\n\t// 是否回退使用 SCP。\n\tUseSCP bool `json:\"useSCP,omitempty\"`\n\t// 前置命令。\n\tPreCommand string `json:\"preCommand,omitempty\"`\n\t// 后置命令。\n\tPostCommand string `json:\"postCommand,omitempty\"`\n\t// 输出证书格式。\n\tOutputFormat string `json:\"outputFormat,omitempty\"`\n\t// 输出私钥文件路径。\n\tOutputKeyPath string `json:\"outputKeyPath,omitempty\"`\n\t// 输出证书文件路径。\n\tOutputCertPath string `json:\"outputCertPath,omitempty\"`\n\t// 输出服务器证书文件路径。\n\t// 选填。\n\tOutputServerCertPath string `json:\"outputServerCertPath,omitempty\"`\n\t// 输出中间证书文件路径。\n\t// 选填。\n\tOutputIntermediaCertPath string `json:\"outputIntermediaCertPath,omitempty\"`\n\t// PFX 导出密码。\n\t// 证书格式为 PFX 时必填。\n\tPfxPassword string `json:\"pfxPassword,omitempty\"`\n\t// JKS 别名。\n\t// 证书格式为 JKS 时必填。\n\tJksAlias string `json:\"jksAlias,omitempty\"`\n\t// JKS 密钥密码。\n\t// 证书格式为 JKS 时必填。\n\tJksKeypass string `json:\"jksKeypass,omitempty\"`\n\t// JKS 存储密码。\n\t// 证书格式为 JKS 时必填。\n\tJksStorepass string `json:\"jksStorepass,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\tclient, err := createSshClient(*d.config)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"ssh: failed to create SSH client: %w\", err)\n\t}\n\n\td.logger.Info(\"ssh connected\")\n\n\t// 执行前置命令\n\tif d.config.PreCommand != \"\" {\n\t\tcommand := d.config.PreCommand\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_PATH}\", d.config.OutputCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_SERVER_PATH}\", d.config.OutputServerCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_INTERMEDIA_PATH}\", d.config.OutputIntermediaCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PRIVATEKEY_PATH}\", d.config.OutputKeyPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PFX_PASSWORD}\", d.config.PfxPassword)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_ALIAS}\", d.config.JksAlias)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_KEYPASS}\", d.config.JksKeypass)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_STOREPASS}\", d.config.JksStorepass)\n\n\t\tstdout, stderr, err := xssh.RunCommand(client.GetClient(), command)\n\t\td.logger.Debug(\"run pre-command\", slog.String(\"stdout\", stdout), slog.String(\"stderr\", stderr))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute pre-command (stdout: %s, stderr: %s): %w \", stdout, stderr, err)\n\t\t}\n\t}\n\n\t// 上传证书和私钥文件\n\tswitch d.config.OutputFormat {\n\tcase OUTPUT_FORMAT_PEM:\n\t\t{\n\t\t\tif err := xssh.WriteRemoteString(client.GetClient(), d.config.OutputCertPath, certPEM, d.config.UseSCP); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file uploaded\", slog.String(\"path\", d.config.OutputCertPath))\n\n\t\t\tif d.config.OutputServerCertPath != \"\" {\n\t\t\t\tif err := xssh.WriteRemoteString(client.GetClient(), d.config.OutputServerCertPath, serverCertPEM, d.config.UseSCP); err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to save server certificate file: %w\", err)\n\t\t\t\t}\n\t\t\t\td.logger.Info(\"ssl server certificate file uploaded\", slog.String(\"path\", d.config.OutputServerCertPath))\n\t\t\t}\n\n\t\t\tif d.config.OutputIntermediaCertPath != \"\" {\n\t\t\t\tif err := xssh.WriteRemoteString(client.GetClient(), d.config.OutputIntermediaCertPath, intermediaCertPEM, d.config.UseSCP); err != nil {\n\t\t\t\t\treturn nil, fmt.Errorf(\"failed to save intermedia certificate file: %w\", err)\n\t\t\t\t}\n\t\t\t\td.logger.Info(\"ssl intermedia certificate file uploaded\", slog.String(\"path\", d.config.OutputIntermediaCertPath))\n\t\t\t}\n\n\t\t\tif err := xssh.WriteRemoteString(client.GetClient(), d.config.OutputKeyPath, privkeyPEM, d.config.UseSCP); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload private key file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl private key file uploaded\", slog.String(\"path\", d.config.OutputKeyPath))\n\t\t}\n\n\tcase OUTPUT_FORMAT_PFX:\n\t\t{\n\t\t\tpfxData, err := xcert.TransformCertificateFromPEMToPFX(certPEM, privkeyPEM, d.config.PfxPassword)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to transform certificate to PFX: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate transformed to pfx\")\n\n\t\t\tif err := xssh.WriteRemote(client.GetClient(), d.config.OutputCertPath, pfxData, d.config.UseSCP); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file uploaded\", slog.String(\"path\", d.config.OutputCertPath))\n\t\t}\n\n\tcase OUTPUT_FORMAT_JKS:\n\t\t{\n\t\t\tjksData, err := xcert.TransformCertificateFromPEMToJKS(certPEM, privkeyPEM, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to transform certificate to JKS: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate transformed to jks\")\n\n\t\t\tif err := xssh.WriteRemote(client.GetClient(), d.config.OutputCertPath, jksData, d.config.UseSCP); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t\t}\n\t\t\td.logger.Info(\"ssl certificate file uploaded\", slog.String(\"path\", d.config.OutputCertPath))\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported output format '%s'\", d.config.OutputFormat)\n\t}\n\n\t// 执行后置命令\n\tif d.config.PostCommand != \"\" {\n\t\tcommand := d.config.PostCommand\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_PATH}\", d.config.OutputCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_SERVER_PATH}\", d.config.OutputServerCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_CERTIFICATE_INTERMEDIA_PATH}\", d.config.OutputIntermediaCertPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PRIVATEKEY_PATH}\", d.config.OutputKeyPath)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_PFX_PASSWORD}\", d.config.PfxPassword)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_ALIAS}\", d.config.JksAlias)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_KEYPASS}\", d.config.JksKeypass)\n\t\tcommand = strings.ReplaceAll(command, \"${CERTIMATE_DEPLOYER_CMDVAR_JKS_STOREPASS}\", d.config.JksStorepass)\n\n\t\tstdout, stderr, err := xssh.RunCommand(client.GetClient(), command)\n\t\td.logger.Debug(\"run post-command\", slog.String(\"stdout\", stdout), slog.String(\"stderr\", stderr))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute post-command (stdout: %s, stderr: %s): %w \", stdout, stderr, err)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSshClient(config DeployerConfig) (*ssh.Client, error) {\n\tclientCfg := ssh.NewDefaultConfig()\n\tclientCfg.Host = config.SshHost\n\tclientCfg.Port = int(config.SshPort)\n\tclientCfg.AuthMethod = ssh.AuthMethodType(config.SshAuthMethod)\n\tclientCfg.Username = config.SshUsername\n\tclientCfg.Password = config.SshPassword\n\tclientCfg.Key = config.SshKey\n\tclientCfg.KeyPassphrase = config.SshKeyPassphrase\n\tfor _, jumpServer := range config.JumpServers {\n\t\tjumpServerCfg := ssh.NewServerConfig()\n\t\tjumpServerCfg.Host = jumpServer.SshHost\n\t\tjumpServerCfg.Port = int(jumpServer.SshPort)\n\t\tjumpServerCfg.AuthMethod = ssh.AuthMethodType(jumpServer.SshAuthMethod)\n\t\tjumpServerCfg.Username = jumpServer.SshUsername\n\t\tjumpServerCfg.Password = jumpServer.SshPassword\n\t\tjumpServerCfg.Key = jumpServer.SshKey\n\t\tjumpServerCfg.KeyPassphrase = jumpServer.SshKeyPassphrase\n\t\tclientCfg.JumpServers = append(clientCfg.JumpServers, *jumpServerCfg)\n\t}\n\n\tclient, err := ssh.NewClient(clientCfg)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ssh/ssh_test.go",
"content": "package ssh_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ssh\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSshHost string\n\tfSshPort int64\n\tfSshUsername string\n\tfSshPassword string\n\tfOutputCertPath string\n\tfOutputKeyPath string\n)\n\nfunc init() {\n\targsPrefix := \"SSH_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSshHost, argsPrefix+\"SSHHOST\", \"\", \"\")\n\tflag.Int64Var(&fSshPort, argsPrefix+\"SSHPORT\", 0, \"\")\n\tflag.StringVar(&fSshUsername, argsPrefix+\"SSHUSERNAME\", \"\", \"\")\n\tflag.StringVar(&fSshPassword, argsPrefix+\"SSHPASSWORD\", \"\", \"\")\n\tflag.StringVar(&fOutputCertPath, argsPrefix+\"OUTPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fOutputKeyPath, argsPrefix+\"OUTPUTKEYPATH\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ssh_test.go -args \\\n\t--SSH_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--SSH_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--SSH_SSHHOST=\"localhost\" \\\n\t--SSH_SSHPORT=22 \\\n\t--SSH_SSHUSERNAME=\"root\" \\\n\t--SSH_SSHPASSWORD=\"password\" \\\n\t--SSH_OUTPUTCERTPATH=\"/path/to/your-output-cert.pem\" \\\n\t--SSH_OUTPUTKEYPATH=\"/path/to/your-output-key.pem\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SSHHOST: %v\", fSshHost),\n\t\t\tfmt.Sprintf(\"SSHPORT: %v\", fSshPort),\n\t\t\tfmt.Sprintf(\"SSHUSERNAME: %v\", fSshUsername),\n\t\t\tfmt.Sprintf(\"SSHPASSWORD: %v\", fSshPassword),\n\t\t\tfmt.Sprintf(\"OUTPUTCERTPATH: %v\", fOutputCertPath),\n\t\t\tfmt.Sprintf(\"OUTPUTKEYPATH: %v\", fOutputKeyPath),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerConfig: provider.ServerConfig{\n\t\t\t\tSshHost: fSshHost,\n\t\t\t\tSshPort: int32(fSshPort),\n\t\t\t\tSshUsername: fSshUsername,\n\t\t\t\tSshPassword: fSshPassword,\n\t\t\t},\n\t\t\tOutputFormat: provider.OUTPUT_FORMAT_PEM,\n\t\t\tOutputCertPath: fOutputCertPath,\n\t\t\tOutputKeyPath: fOutputKeyPath,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/synologydsm/synologydsm.go",
"content": "package synologydsm\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/pquerna/otp/totp\"\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tdsmsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/synologydsm\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 群晖 DSM 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// 群晖 DSM 用户名。\n\tUsername string `json:\"username\"`\n\t// 群晖 DSM 用户密码。\n\tPassword string `json:\"password\"`\n\t// 群晖 DSM 2FA TOTP 密钥。\n\tTotpSecret string `json:\"totpSecret,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n\t// 证书 ID 或描述。\n\t// 选填。零值时表示新建证书;否则表示更新证书。\n\tCertificateIdOrDescription string `json:\"certificateIdOrDesc,omitempty\"`\n\t// 是否设为默认证书。\n\tIsDefault bool `json:\"isDefault,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *dsmsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.ServerUrl, config.AllowInsecureConnections)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.Default()\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediateCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 如果启用了 TOTP,则等到下一个时间窗口后生成 OTP 动态密码\n\tvar otpCode string\n\tif d.config.TotpSecret != \"\" {\n\t\tnow := time.Now()\n\t\twait := time.Duration(30-now.Unix()%30) * time.Second\n\t\tif wait > 0 {\n\t\t\twait = wait + 1*time.Second\n\t\t\td.logger.Info(\"waiting for the next TOTP time step ...\", slog.Int(\"wait\", int(wait.Seconds())))\n\t\t\txwait.DelayWithContext(ctx, wait)\n\t\t}\n\n\t\tnow = time.Now()\n\t\totpCodeStr, err := totp.GenerateCode(d.config.TotpSecret, now)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to generate TOTP code: %w\", err)\n\t\t}\n\n\t\totpCode = otpCodeStr\n\t}\n\n\t// 登录到群晖 DSM\n\tloginReq := &dsmsdk.LoginRequest{\n\t\tAccount: d.config.Username,\n\t\tPassword: d.config.Password,\n\t\tOtpCode: otpCode,\n\t}\n\tloginResp, err := d.sdkClient.Login(loginReq)\n\td.logger.Debug(\"sdk request 'SYNO.API.Auth:login'\", slog.Any(\"request\", loginReq), slog.Any(\"response\", loginResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'SYNO.API.Auth:login': %w\", err)\n\t}\n\tdefer func() {\n\t\tlogoutResp, _ := d.sdkClient.Logout()\n\t\td.logger.Debug(\"sdk request 'SYNO.API.Auth:logout'\", slog.Any(\"response\", logoutResp))\n\t}()\n\n\t// 如果原证书 ID 或描述为空,则创建证书;否则更新证书。\n\tif d.config.CertificateIdOrDescription == \"\" {\n\t\t// 导入证书\n\t\timportCertificateReq := &dsmsdk.ImportCertificateRequest{\n\t\t\tID: \"\",\n\t\t\tDescription: fmt.Sprintf(\"certimate-%d\", time.Now().UnixMilli()),\n\t\t\tKey: privkeyPEM,\n\t\t\tCert: serverCertPEM,\n\t\t\tInterCert: intermediateCertPEM,\n\t\t\tAsDefault: d.config.IsDefault,\n\t\t}\n\t\timportCertificateResp, err := d.sdkClient.ImportCertificate(importCertificateReq)\n\t\td.logger.Debug(\"sdk request 'SYNO.Core.Certificate:import'\", slog.Any(\"request\", importCertificateReq), slog.Any(\"response\", importCertificateResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'SYNO.Core.Certificate:import': %w\", err)\n\t\t}\n\t} else {\n\t\t// 查找证书列表,找到已有证书\n\t\tvar certInfo *dsmsdk.CertificateInfo\n\t\tlistCertificatesResp, err := d.sdkClient.ListCertificates()\n\t\td.logger.Debug(\"sdk request 'SYNO.Core.Certificate.CRT:list'\", slog.Any(\"response\", listCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'SYNO.Core.Certificate.CRT:list': %w\", err)\n\t\t} else {\n\t\t\tmatchedCerts := lo.Filter(listCertificatesResp.Data.Certificates, func(certItem *dsmsdk.CertificateInfo, _ int) bool {\n\t\t\t\treturn certItem.ID == d.config.CertificateIdOrDescription\n\t\t\t})\n\t\t\tif len(matchedCerts) == 0 {\n\t\t\t\tmatchedCerts = lo.Filter(listCertificatesResp.Data.Certificates, func(certItem *dsmsdk.CertificateInfo, _ int) bool {\n\t\t\t\t\treturn certItem.Description == d.config.CertificateIdOrDescription\n\t\t\t\t})\n\t\t\t}\n\t\t\tif len(matchedCerts) == 0 {\n\t\t\t\treturn nil, fmt.Errorf(\"could not find certificate '%s'\", d.config.CertificateIdOrDescription)\n\t\t\t} else {\n\t\t\t\tif len(matchedCerts) > 1 {\n\t\t\t\t\td.logger.Warn(\"found several certificates matched '%s', using the first one\")\n\t\t\t\t}\n\t\t\t\tcertInfo = matchedCerts[0]\n\t\t\t}\n\t\t}\n\n\t\t// 导入证书\n\t\timportCertificateReq := &dsmsdk.ImportCertificateRequest{\n\t\t\tID: certInfo.ID,\n\t\t\tDescription: certInfo.Description,\n\t\t\tKey: privkeyPEM,\n\t\t\tCert: serverCertPEM,\n\t\t\tInterCert: intermediateCertPEM,\n\t\t\tAsDefault: d.config.IsDefault || certInfo.IsDefault,\n\t\t}\n\t\timportCertificateResp, err := d.sdkClient.ImportCertificate(importCertificateReq)\n\t\td.logger.Debug(\"sdk request 'SYNO.Core.Certificate:import'\", slog.Any(\"request\", importCertificateReq), slog.Any(\"response\", importCertificateResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'SYNO.Core.Certificate:import': %w\", err)\n\t\t}\n\t}\n\n\tif d.config.IsDefault {\n\t\t// 查找证书列表,找到默认证书\n\t\tlistCertificatesResp, err := d.sdkClient.ListCertificates()\n\t\td.logger.Debug(\"sdk request 'SYNO.Core.Certificate.CRT:list'\", slog.Any(\"response\", listCertificatesResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'SYNO.Core.Certificate.CRT:list': %w\", err)\n\t\t} else {\n\t\t\tvar defaultCertId string\n\t\t\tfor _, certItem := range listCertificatesResp.Data.Certificates {\n\t\t\t\tif certItem.IsDefault {\n\t\t\t\t\tdefaultCertId = certItem.ID\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tif defaultCertId != \"\" {\n\t\t\t\tsettings := make([]*dsmsdk.ServiceCertificateSetting, 0)\n\t\t\t\tfor _, certItem := range listCertificatesResp.Data.Certificates {\n\t\t\t\t\tif certItem.ID == defaultCertId {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tfor _, service := range certItem.Services {\n\t\t\t\t\t\tsettings = append(settings, &dsmsdk.ServiceCertificateSetting{\n\t\t\t\t\t\t\tService: service,\n\t\t\t\t\t\t\tCertID: defaultCertId,\n\t\t\t\t\t\t\tOldCertID: certItem.ID,\n\t\t\t\t\t\t})\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// 应用到所有服务并重启\n\t\t\t\tif len(settings) > 0 {\n\t\t\t\t\tsetServiceCertificateReq := &dsmsdk.SetServiceCertificateRequest{\n\t\t\t\t\t\tSettings: settings,\n\t\t\t\t\t}\n\t\t\t\t\tsetServiceCertificateResp, err := d.sdkClient.SetServiceCertificate(setServiceCertificateReq)\n\t\t\t\t\td.logger.Debug(\"sdk request 'SYNO.Core.Certificate.Service:set'\", slog.Any(\"request\", setServiceCertificateReq), slog.Any(\"response\", setServiceCertificateResp))\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'SYNO.Core.Certificate.Service:set': %w\", err)\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(serverUrl string, skipTlsVerify bool) (*dsmsdk.Client, error) {\n\tclient, err := dsmsdk.NewClient(serverUrl)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif skipTlsVerify {\n\t\tclient.SetTLSConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/synologydsm/synologydsm_test.go",
"content": "package synologydsm_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/synologydsm\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfServerUrl string\n\tfUsername string\n\tfPassword string\n\tfTotpSecret string\n\tfCertificateIdOrDesc string\n\tfIsDefault bool\n)\n\nfunc init() {\n\targsPrefix := \"SYNOLOGYDSM_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n\tflag.StringVar(&fTotpSecret, argsPrefix+\"TOTPSECRET\", \"\", \"\")\n\tflag.StringVar(&fCertificateIdOrDesc, argsPrefix+\"CERTIFICATEIDORDESC\", \"\", \"\")\n\tflag.BoolVar(&fIsDefault, argsPrefix+\"ISDEFAULT\", false, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./synology_dsm_test.go -args \\\n\t--SYNOLOGYDSM_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--SYNOLOGYDSM_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--SYNOLOGYDSM_SERVERURL=\"http://127.0.0.1:5000/\" \\\n\t--SYNOLOGYDSM_USERNAME=\"admin\" \\\n\t--SYNOLOGYDSM_PASSWORD=\"password\" \\\n\t--SYNOLOGYDSM_CERTIFICATEIDORDESC=\"your-certificate-id-or-desc\" \\\n\t--SYNOLOGYDSM_ISDEFAULT=true\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"TOTPSECRET: %v\", fTotpSecret),\n\t\t\tfmt.Sprintf(\"CERTIFICATEIDORDESC: %v\", fCertificateIdOrDesc),\n\t\t\tfmt.Sprintf(\"ISDEFAULT: %v\", fIsDefault),\n\t\t}, \"\\n\"))\n\n\t\tdeployer, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tTotpSecret: fTotpSecret,\n\t\t\tAllowInsecureConnections: true,\n\t\t\tCertificateIdOrDescription: fCertificateIdOrDesc,\n\t\t\tIsDefault: fIsDefault,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-cdn/consts.go",
"content": "package tencentcloudcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-cdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\ttccdn \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/cdn/v20180606/client.go\n// to lightweight the vendor packages in the built binary.\ntype CdnClient struct {\n\tcommon.Client\n}\n\nfunc NewCdnClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *CdnClient, err error) {\n\tclient = &CdnClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *CdnClient) DescribeCertDomains(request *tccdn.DescribeCertDomainsRequest) (response *tccdn.DescribeCertDomainsResponse, err error) {\n\treturn c.DescribeCertDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) DescribeCertDomainsWithContext(ctx context.Context, request *tccdn.DescribeCertDomainsRequest) (response *tccdn.DescribeCertDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewDescribeCertDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"DescribeCertDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeCertDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewDescribeCertDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *CdnClient) DescribeDomains(request *tccdn.DescribeDomainsRequest) (response *tccdn.DescribeDomainsResponse, err error) {\n\treturn c.DescribeDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) DescribeDomainsWithContext(ctx context.Context, request *tccdn.DescribeDomainsRequest) (response *tccdn.DescribeDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewDescribeDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"DescribeDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewDescribeDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *CdnClient) DescribeDomainsConfig(request *tccdn.DescribeDomainsConfigRequest) (response *tccdn.DescribeDomainsConfigResponse, err error) {\n\treturn c.DescribeDomainsConfigWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) DescribeDomainsConfigWithContext(ctx context.Context, request *tccdn.DescribeDomainsConfigRequest) (response *tccdn.DescribeDomainsConfigResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewDescribeDomainsConfigRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"DescribeDomainsConfig\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeDomainsConfig require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewDescribeDomainsConfigResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *CdnClient) UpdateDomainConfig(request *tccdn.UpdateDomainConfigRequest) (response *tccdn.UpdateDomainConfigResponse, err error) {\n\treturn c.UpdateDomainConfigWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) UpdateDomainConfigWithContext(ctx context.Context, request *tccdn.UpdateDomainConfigRequest) (response *tccdn.UpdateDomainConfigResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewUpdateDomainConfigRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"UpdateDomainConfig\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"UpdateDomainConfig require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewUpdateDomainConfigResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn.go",
"content": "package tencentcloudcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\ttccdn \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-cdn/internal\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的 CDN 实例\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getMatchedDomainsByWildcard(ctx, d.config.Domain)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = domainCandidates\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tdomainCandidates, err := d.getMatchedDomainsByCertId(ctx, upres.CertId)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = domainCandidates\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByWildcard(ctx context.Context, wildcardDomain string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名基本信息,获取匹配的域名\n\t// REF: https://cloud.tencent.com/document/api/228/41118\n\tdescribeDomainsOffset := 0\n\tdescribeDomainsLimit := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeDomainsReq := tccdn.NewDescribeDomainsRequest()\n\t\tdescribeDomainsReq.Filters = []*tccdn.DomainFilter{\n\t\t\t{\n\t\t\t\tName: common.StringPtr(\"domain\"),\n\t\t\t\tValue: common.StringPtrs([]string{strings.TrimPrefix(wildcardDomain, \"*.\")}),\n\t\t\t\tFuzzy: common.BoolPtr(true),\n\t\t\t},\n\t\t}\n\t\tdescribeDomainsReq.Offset = common.Int64Ptr(int64(describeDomainsOffset))\n\t\tdescribeDomainsReq.Limit = common.Int64Ptr(int64(describeDomainsLimit))\n\t\tdescribeDomainsResp, err := d.sdkClient.DescribeDomains(describeDomainsReq)\n\t\td.logger.Debug(\"sdk request 'cdn.DescribeDomains'\", slog.Any(\"request\", describeDomainsReq), slog.Any(\"response\", describeDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeDomains': %w\", err)\n\t\t}\n\n\t\tif describeDomainsResp.Response == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range describeDomainsResp.Response.Domains {\n\t\t\tif lo.FromPtr(domainItem.Product) == \"cdn\" && xcerthostname.IsMatch(wildcardDomain, lo.FromPtr(domainItem.Domain)) {\n\t\t\t\tdomains = append(domains, lo.FromPtr(domainItem.Domain))\n\t\t\t}\n\t\t}\n\n\t\tif len(describeDomainsResp.Response.Domains) < describeDomainsLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeDomainsOffset += describeDomainsLimit\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByCertId(ctx context.Context, cloudCertId string) ([]string, error) {\n\t// 获取证书中的可用域名\n\t// REF: https://cloud.tencent.com/document/api/228/42491\n\tdescribeCertDomainsReq := tccdn.NewDescribeCertDomainsRequest()\n\tdescribeCertDomainsReq.CertId = common.StringPtr(cloudCertId)\n\tdescribeCertDomainsReq.Product = common.StringPtr(\"cdn\")\n\tdescribeCertDomainsResp, err := d.sdkClient.DescribeCertDomains(describeCertDomainsReq)\n\td.logger.Debug(\"sdk request 'cdn.DescribeCertDomains'\", slog.Any(\"request\", describeCertDomainsReq), slog.Any(\"response\", describeCertDomainsResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeCertDomains': %w\", err)\n\t}\n\n\tdomains := make([]string, 0)\n\tif describeCertDomainsResp.Response.Domains != nil {\n\t\tfor _, domain := range describeCertDomainsResp.Response.Domains {\n\t\t\tdomains = append(domains, *domain)\n\t\t}\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 查询域名详细配置\n\t// REF: https://cloud.tencent.com/document/api/228/41117\n\tdescribeDomainsConfigReq := tccdn.NewDescribeDomainsConfigRequest()\n\tdescribeDomainsConfigReq.Filters = []*tccdn.DomainFilter{\n\t\t{\n\t\t\tName: common.StringPtr(\"domain\"),\n\t\t\tValue: common.StringPtrs([]string{domain}),\n\t\t},\n\t}\n\tdescribeDomainsConfigReq.Offset = common.Int64Ptr(0)\n\tdescribeDomainsConfigReq.Limit = common.Int64Ptr(1)\n\tdescribeDomainsConfigResp, err := d.sdkClient.DescribeDomainsConfig(describeDomainsConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.DescribeDomainsConfig'\", slog.Any(\"request\", describeDomainsConfigReq), slog.Any(\"response\", describeDomainsConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeDomainsConfig': %w\", err)\n\t} else if len(describeDomainsConfigResp.Response.Domains) == 0 {\n\t\treturn fmt.Errorf(\"could not find domain '%s'\", domain)\n\t}\n\n\tdomainConfig := describeDomainsConfigResp.Response.Domains[0]\n\tif domainConfig.Https != nil &&\n\t\tdomainConfig.Https.CertInfo != nil &&\n\t\tdomainConfig.Https.CertInfo.CertId != nil &&\n\t\t*domainConfig.Https.CertInfo.CertId == cloudCertId {\n\t\t// 已部署过此域名,跳过\n\t\treturn nil\n\t}\n\n\t// 更新加速域名配置\n\t// REF: https://cloud.tencent.com/document/api/228/41116\n\tupdateDomainConfigReq := tccdn.NewUpdateDomainConfigRequest()\n\tupdateDomainConfigReq.Domain = common.StringPtr(domain)\n\tupdateDomainConfigReq.Https = domainConfig.Https\n\tif updateDomainConfigReq.Https == nil {\n\t\tupdateDomainConfigReq.Https = &tccdn.Https{Switch: common.StringPtr(\"on\")}\n\t} else {\n\t\tupdateDomainConfigReq.Https.SslStatus = nil\n\t}\n\tupdateDomainConfigReq.Https.CertInfo = &tccdn.ServerCert{\n\t\tCertId: common.StringPtr(cloudCertId),\n\t}\n\tupdateDomainConfigResp, err := d.sdkClient.UpdateDomainConfig(updateDomainConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.UpdateDomainConfig'\", slog.Any(\"request\", updateDomainConfigReq), slog.Any(\"response\", updateDomainConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.UpdateDomainConfig': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint string) (*internal.CdnClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewCdnClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-cdn/tencentcloud_cdn_test.go",
"content": "package tencentcloudcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_cdn_test.go -args \\\n\t--TENCENTCLOUDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDCDN_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDCDN_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-clb/consts.go",
"content": "package tencentcloudclb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n\t// 资源类型:部署到指定转发规则域名。\n\tRESOURCE_TYPE_RULEDOMAIN = \"ruledomain\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-clb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\ttcclb \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/clb/v20180317/client.go\n// to lightweight the vendor packages in the built binary.\ntype ClbClient struct {\n\tcommon.Client\n}\n\nfunc NewClbClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *ClbClient, err error) {\n\tclient = &ClbClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *ClbClient) DescribeListeners(request *tcclb.DescribeListenersRequest) (response *tcclb.DescribeListenersResponse, err error) {\n\treturn c.DescribeListenersWithContext(context.Background(), request)\n}\n\nfunc (c *ClbClient) DescribeListenersWithContext(ctx context.Context, request *tcclb.DescribeListenersRequest) (response *tcclb.DescribeListenersResponse, err error) {\n\tif request == nil {\n\t\trequest = tcclb.NewDescribeListenersRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"clb\", tcclb.APIVersion, \"DescribeListeners\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeListeners require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcclb.NewDescribeListenersResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *ClbClient) DescribeTaskStatus(request *tcclb.DescribeTaskStatusRequest) (response *tcclb.DescribeTaskStatusResponse, err error) {\n\treturn c.DescribeTaskStatusWithContext(context.Background(), request)\n}\n\nfunc (c *ClbClient) DescribeTaskStatusWithContext(ctx context.Context, request *tcclb.DescribeTaskStatusRequest) (response *tcclb.DescribeTaskStatusResponse, err error) {\n\tif request == nil {\n\t\trequest = tcclb.NewDescribeTaskStatusRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"clb\", tcclb.APIVersion, \"DescribeTaskStatus\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeTaskStatus require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcclb.NewDescribeTaskStatusResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *ClbClient) ModifyDomainAttributes(request *tcclb.ModifyDomainAttributesRequest) (response *tcclb.ModifyDomainAttributesResponse, err error) {\n\treturn c.ModifyDomainAttributesWithContext(context.Background(), request)\n}\n\nfunc (c *ClbClient) ModifyDomainAttributesWithContext(ctx context.Context, request *tcclb.ModifyDomainAttributesRequest) (response *tcclb.ModifyDomainAttributesResponse, err error) {\n\tif request == nil {\n\t\trequest = tcclb.NewModifyDomainAttributesRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"clb\", tcclb.APIVersion, \"ModifyDomainAttributes\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"ModifyDomainAttributes require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcclb.NewModifyDomainAttributesResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *ClbClient) ModifyListener(request *tcclb.ModifyListenerRequest) (response *tcclb.ModifyListenerResponse, err error) {\n\treturn c.ModifyListenerWithContext(context.Background(), request)\n}\n\nfunc (c *ClbClient) ModifyListenerWithContext(ctx context.Context, request *tcclb.ModifyListenerRequest) (response *tcclb.ModifyListenerResponse, err error) {\n\tif request == nil {\n\t\trequest = tcclb.NewModifyListenerRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"clb\", tcclb.APIVersion, \"ModifyListener\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"ModifyListener require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcclb.NewModifyListenerResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb.go",
"content": "package tencentcloudclb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\ttcclb \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-clb/internal\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 腾讯云地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_SSLDEPLOY]、[RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_RULEDOMAIN] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_SSLDEPLOY]、[RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER]、[RESOURCE_TYPE_RULEDOMAIN] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n\t// SNI 域名或七层转发规则域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_SSLDEPLOY] 时选填;部署资源类型为 [RESOURCE_TYPE_RULEDOMAIN] 时必填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.ClbClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_RULEDOMAIN:\n\t\tif err := d.deployToRuleDomain(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询监听器列表\n\t// REF: https://cloud.tencent.com/document/api/214/30686\n\tlistenerIds := make([]string, 0)\n\tdescribeListenersReq := tcclb.NewDescribeListenersRequest()\n\tdescribeListenersReq.LoadBalancerId = common.StringPtr(d.config.LoadbalancerId)\n\tdescribeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)\n\td.logger.Debug(\"sdk request 'clb.DescribeListeners'\", slog.Any(\"request\", describeListenersReq), slog.Any(\"response\", describeListenersResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'clb.DescribeListeners': %w\", err)\n\t} else {\n\t\tif describeListenersResp.Response.Listeners != nil {\n\t\t\tfor _, listener := range describeListenersResp.Response.Listeners {\n\t\t\t\tif listener.Protocol == nil || (*listener.Protocol != \"HTTPS\" && *listener.Protocol != \"TCP_SSL\" && *listener.Protocol != \"QUIC\") {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\tlistenerIds = append(listenerIds, *listener.ListenerId)\n\t\t\t}\n\t\t}\n\t}\n\n\t// 遍历更新监听器证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no clb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https/tcpssl/quic listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 更新监听器证书\n\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToRuleDomain(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn errors.New(\"config `domain` is required\")\n\t}\n\n\t// 修改负载均衡七层监听器转发规则的域名级别属性\n\t// REF: https://cloud.tencent.com/document/api/214/38092\n\tmodifyDomainAttributesReq := tcclb.NewModifyDomainAttributesRequest()\n\tmodifyDomainAttributesReq.LoadBalancerId = common.StringPtr(d.config.LoadbalancerId)\n\tmodifyDomainAttributesReq.ListenerId = common.StringPtr(d.config.ListenerId)\n\tmodifyDomainAttributesReq.Domain = common.StringPtr(d.config.Domain)\n\tmodifyDomainAttributesReq.Certificate = &tcclb.CertificateInput{\n\t\tSSLMode: common.StringPtr(\"UNIDIRECTIONAL\"),\n\t\tCertId: common.StringPtr(cloudCertId),\n\t}\n\tmodifyDomainAttributesResp, err := d.sdkClient.ModifyDomainAttributes(modifyDomainAttributesReq)\n\td.logger.Debug(\"sdk request 'clb.ModifyDomainAttributes'\", slog.Any(\"request\", modifyDomainAttributesReq), slog.Any(\"response\", modifyDomainAttributesResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'clb.ModifyDomainAttributes': %w\", err)\n\t}\n\n\t// 查询异步任务状态,等待任务状态变更\n\t// REF: https://cloud.tencent.com/document/product/214/30683\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tdescribeTaskStatusReq := tcclb.NewDescribeTaskStatusRequest()\n\t\tdescribeTaskStatusReq.TaskId = modifyDomainAttributesResp.Response.RequestId\n\t\tdescribeTaskStatusResp, err := d.sdkClient.DescribeTaskStatus(describeTaskStatusReq)\n\t\td.logger.Debug(\"sdk request 'clb.DescribeTaskStatus'\", slog.Any(\"request\", describeTaskStatusReq), slog.Any(\"response\", describeTaskStatusResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'clb.DescribeTaskStatus': %w\", err)\n\t\t}\n\n\t\tswitch lo.FromPtr(describeTaskStatusResp.Response.Status) {\n\t\tcase 0:\n\t\t\treturn true, nil\n\t\tcase 1:\n\t\t\treturn false, fmt.Errorf(\"unexpected tencentcloud task status\")\n\t\t}\n\n\t\td.logger.Info(\"waiting for tencentcloud task completion ...\")\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudLoadbalancerId, cloudListenerId, cloudCertId string) error {\n\t// 查询负载均衡的监听器列表\n\t// REF: https://cloud.tencent.com/document/api/214/30686\n\tdescribeListenersReq := tcclb.NewDescribeListenersRequest()\n\tdescribeListenersReq.LoadBalancerId = common.StringPtr(cloudLoadbalancerId)\n\tdescribeListenersReq.ListenerIds = common.StringPtrs([]string{cloudListenerId})\n\tdescribeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)\n\td.logger.Debug(\"sdk request 'clb.DescribeListeners'\", slog.Any(\"request\", describeListenersReq), slog.Any(\"response\", describeListenersResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'clb.DescribeListeners': %w\", err)\n\t} else if len(describeListenersResp.Response.Listeners) == 0 {\n\t\treturn fmt.Errorf(\"could not find listener '%s'\", cloudListenerId)\n\t}\n\n\t// 修改监听器属性\n\t// REF: https://cloud.tencent.com/document/api/214/30681\n\tmodifyListenerReq := tcclb.NewModifyListenerRequest()\n\tmodifyListenerReq.LoadBalancerId = common.StringPtr(cloudLoadbalancerId)\n\tmodifyListenerReq.ListenerId = common.StringPtr(cloudListenerId)\n\tmodifyListenerReq.Certificate = &tcclb.CertificateInput{CertId: common.StringPtr(cloudCertId)}\n\tif describeListenersResp.Response.Listeners[0].Certificate != nil && describeListenersResp.Response.Listeners[0].Certificate.SSLMode != nil {\n\t\tmodifyListenerReq.Certificate.SSLMode = describeListenersResp.Response.Listeners[0].Certificate.SSLMode\n\t\tmodifyListenerReq.Certificate.CertCaId = describeListenersResp.Response.Listeners[0].Certificate.CertCaId\n\t} else {\n\t\tmodifyListenerReq.Certificate.SSLMode = common.StringPtr(\"UNIDIRECTIONAL\")\n\t}\n\tmodifyListenerResp, err := d.sdkClient.ModifyListener(modifyListenerReq)\n\td.logger.Debug(\"sdk request 'clb.ModifyListener'\", slog.Any(\"request\", modifyListenerReq), slog.Any(\"response\", modifyListenerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'clb.ModifyListener': %w\", err)\n\t}\n\n\t// 查询异步任务状态,等待任务状态变更\n\t// REF: https://cloud.tencent.com/document/product/214/30683\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tdescribeTaskStatusReq := tcclb.NewDescribeTaskStatusRequest()\n\t\tdescribeTaskStatusReq.TaskId = modifyListenerResp.Response.RequestId\n\t\tdescribeTaskStatusResp, err := d.sdkClient.DescribeTaskStatus(describeTaskStatusReq)\n\t\td.logger.Debug(\"sdk request 'clb.DescribeTaskStatus'\", slog.Any(\"request\", describeTaskStatusReq), slog.Any(\"response\", describeTaskStatusResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'clb.DescribeTaskStatus': %w\", err)\n\t\t}\n\n\t\tswitch lo.FromPtr(describeTaskStatusResp.Response.Status) {\n\t\tcase 0:\n\t\t\treturn true, nil\n\t\tcase 1:\n\t\t\treturn false, fmt.Errorf(\"unexpected tencentcloud task status\")\n\t\t}\n\n\t\td.logger.Info(\"waiting for tencentcloud task completion ...\")\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint, region string) (*internal.ClbClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewClbClient(credential, region, cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-clb/tencentcloud_clb_test.go",
"content": "package tencentcloudclb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-clb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfRegion string\n\tfLoadbalancerId string\n\tfListenerId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_clb_test.go -args \\\n\t--TENCENTCLOUDCLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDCLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDCLB_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDCLB_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDCLB_REGION=\"ap-guangzhou\" \\\n\t--TENCENTCLOUDCLB_LOADBALANCERID=\"your-clb-lb-id\" \\\n\t--TENCENTCLOUDCLB_LISTENERID=\"your-clb-lbl-id\" \\\n\t--TENCENTCLOUDCLB_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToLoadbalancer\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LOADBALANCER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Deploy_ToRuleDomain\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_RULEDOMAIN,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tListenerId: fListenerId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-cos/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/ssl/v20191205/client.go\n// to lightweight the vendor packages in the built binary.\ntype SslClient struct {\n\tcommon.Client\n}\n\nfunc NewSslClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *SslClient, err error) {\n\tclient = &SslClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *SslClient) DescribeHostCosInstanceList(request *tcssl.DescribeHostCosInstanceListRequest) (response *tcssl.DescribeHostCosInstanceListResponse, err error) {\n\treturn c.DescribeHostCosInstanceListWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) DescribeHostCosInstanceListWithContext(ctx context.Context, request *tcssl.DescribeHostCosInstanceListRequest) (response *tcssl.DescribeHostCosInstanceListResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewDescribeHostCosInstanceListRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"DescribeHostCosInstanceList\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeHostCosInstanceList require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewDescribeHostCosInstanceListResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *SslClient) DescribeHostDeployRecordDetail(request *tcssl.DescribeHostDeployRecordDetailRequest) (response *tcssl.DescribeHostDeployRecordDetailResponse, err error) {\n\treturn c.DescribeHostDeployRecordDetailWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) DescribeHostDeployRecordDetailWithContext(ctx context.Context, request *tcssl.DescribeHostDeployRecordDetailRequest) (response *tcssl.DescribeHostDeployRecordDetailResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewDescribeHostDeployRecordDetailRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"DescribeHostDeployRecordDetail\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeHostDeployRecordDetail require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewDescribeHostDeployRecordDetailResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *SslClient) DeployCertificateInstance(request *tcssl.DeployCertificateInstanceRequest) (response *tcssl.DeployCertificateInstanceResponse, err error) {\n\treturn c.DeployCertificateInstanceWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) DeployCertificateInstanceWithContext(ctx context.Context, request *tcssl.DeployCertificateInstanceRequest) (response *tcssl.DeployCertificateInstanceResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewDeployCertificateInstanceRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"DeployCertificateInstance\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DeployCertificateInstance require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewDeployCertificateInstanceResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-cos/tencentcloud_cos.go",
"content": "package tencentcloudcos\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-cos/internal\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云地域。\n\tRegion string `json:\"region\"`\n\t// 存储桶名。\n\tBucket string `json:\"bucket\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *wSDKClients\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\ntype wSDKClients struct {\n\tSSL *internal.SslClient\n}\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclients, err := createSDKClients(config.SecretId, config.SecretKey, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: clients,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Bucket == \"\" {\n\t\treturn nil, errors.New(\"config `bucket` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 避免多次部署,否则会报错 https://github.com/certimate-go/certimate/issues/897#issuecomment-3182904098\n\tif bind, _ := d.checkIsBind(ctx, upres.CertId); bind {\n\t\td.logger.Info(\"ssl certificate already deployed\")\n\t\treturn &deployer.DeployResult{}, nil\n\t}\n\n\t// 证书部署到 COS 实例\n\t// REF: https://cloud.tencent.com/document/api/400/91667\n\tdeployCertificateInstanceReq := tcssl.NewDeployCertificateInstanceRequest()\n\tdeployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)\n\tdeployCertificateInstanceReq.ResourceType = common.StringPtr(\"cos\")\n\tdeployCertificateInstanceReq.Status = common.Int64Ptr(1)\n\tdeployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf(\"%s|%s|%s\", d.config.Region, d.config.Bucket, d.config.Domain)})\n\tdeployCertificateInstanceResp, err := d.sdkClient.SSL.DeployCertificateInstance(deployCertificateInstanceReq)\n\td.logger.Debug(\"sdk request 'ssl.DeployCertificateInstance'\", slog.Any(\"request\", deployCertificateInstanceReq), slog.Any(\"response\", deployCertificateInstanceResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ssl.DeployCertificateInstance': %w\", err)\n\t}\n\n\t// 获取部署任务详情,等待任务状态变更\n\t// REF: https://cloud.tencent.com/document/api/400/91658\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tdescribeHostDeployRecordDetailReq := tcssl.NewDescribeHostDeployRecordDetailRequest()\n\t\tdescribeHostDeployRecordDetailReq.DeployRecordId = common.StringPtr(fmt.Sprintf(\"%d\", *deployCertificateInstanceResp.Response.DeployRecordId))\n\t\tdescribeHostDeployRecordDetailResp, err := d.sdkClient.SSL.DescribeHostDeployRecordDetail(describeHostDeployRecordDetailReq)\n\t\td.logger.Debug(\"sdk request 'ssl.DescribeHostDeployRecordDetail'\", slog.Any(\"request\", describeHostDeployRecordDetailReq), slog.Any(\"response\", describeHostDeployRecordDetailResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'ssl.DescribeHostDeployRecordDetail': %w\", err)\n\t\t}\n\n\t\tvar pendingCount, runningCount, succeededCount, failedCount, totalCount int64\n\t\tif describeHostDeployRecordDetailResp.Response.TotalCount == nil {\n\t\t\treturn false, fmt.Errorf(\"unexpected tencentcloud deployment job status\")\n\t\t} else {\n\t\t\tpendingCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.PendingTotalCount)\n\t\t\trunningCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.RunningTotalCount)\n\t\t\tsucceededCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.SuccessTotalCount)\n\t\t\tfailedCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.FailedTotalCount)\n\t\t\ttotalCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.TotalCount)\n\n\t\t\tif succeededCount+failedCount == totalCount {\n\t\t\t\tif failedCount > 0 {\n\t\t\t\t\treturn false, fmt.Errorf(\"tencentcloud deployment job failed (succeeded: %d, failed: %d, total: %d)\", succeededCount, failedCount, totalCount)\n\t\t\t\t}\n\t\t\t\treturn true, nil\n\t\t\t}\n\t\t}\n\n\t\td.logger.Info(fmt.Sprintf(\"waiting for tencentcloud deployment job completion (pending: %d, running: %d, succeeded: %d, failed: %d, total: %d) ...\", pendingCount, runningCount, succeededCount, failedCount, totalCount))\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) checkIsBind(ctx context.Context, cloudCertId string) (bool, error) {\n\t// 查询证书 COS 云资源部署实例列表\n\t// REF: https://cloud.tencent.com/document/api/400/91661\n\tdescribeHostCosInstanceListLimit := 100\n\tdescribeHostCosInstanceListOffset := 0\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn false, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeHostCosInstanceListReq := tcssl.NewDescribeHostCosInstanceListRequest()\n\t\tdescribeHostCosInstanceListReq.OldCertificateId = common.StringPtr(cloudCertId)\n\t\tdescribeHostCosInstanceListReq.ResourceType = common.StringPtr(\"cos\")\n\t\tdescribeHostCosInstanceListReq.IsCache = common.Uint64Ptr(0)\n\t\tdescribeHostCosInstanceListReq.Offset = common.Int64Ptr(int64(describeHostCosInstanceListOffset))\n\t\tdescribeHostCosInstanceListReq.Limit = common.Int64Ptr(int64(describeHostCosInstanceListLimit))\n\t\tdescribeHostCosInstanceListResp, err := d.sdkClient.SSL.DescribeHostCosInstanceList(describeHostCosInstanceListReq)\n\t\td.logger.Debug(\"sdk request 'ssl.DescribeHostCosInstanceList'\", slog.Any(\"request\", describeHostCosInstanceListReq), slog.Any(\"response\", describeHostCosInstanceListResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'ssl.DescribeHostCosInstanceList': %w\", err)\n\t\t}\n\n\t\tif describeHostCosInstanceListResp.Response == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, instance := range describeHostCosInstanceListResp.Response.InstanceList {\n\t\t\tif lo.FromPtr(instance.Bucket) != d.config.Bucket {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif lo.FromPtr(instance.Domain) != d.config.Domain {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tif lo.FromPtr(instance.Status) != \"ENABLED\" {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\treturn true, nil\n\t\t}\n\n\t\tif len(describeHostCosInstanceListResp.Response.InstanceList) < describeHostCosInstanceListLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeHostCosInstanceListOffset += describeHostCosInstanceListLimit\n\t}\n\n\treturn false, nil\n}\n\nfunc createSDKClients(secretId, secretKey, region string) (*wSDKClients, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\tclient, err := internal.NewSslClient(credential, region, profile.NewClientProfile())\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &wSDKClients{\n\t\tSSL: client,\n\t}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-cos/tencentcloud_cos_test.go",
"content": "package tencentcloudcos_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-cos\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfRegion string\n\tfBucket string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDCOS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fBucket, argsPrefix+\"BUCKET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_cos_test.go -args \\\n\t--TENCENTCLOUDCOS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDCOS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDCOS_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDCOS_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDCOS_REGION=\"ap-guangzhou\" \\\n\t--TENCENTCLOUDCOS_BUCKET=\"your-cos-bucket\" \\\n\t--TENCENTCLOUDCOS_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"BUCKET: %v\", fBucket),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tRegion: fRegion,\n\t\t\tBucket: fBucket,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-css/consts.go",
"content": "package tencentcloudcss\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-css/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttclive \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live/v20180801\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/live/v20180801/client.go\n// to lightweight the vendor packages in the built binary.\ntype LiveClient struct {\n\tcommon.Client\n}\n\nfunc NewLiveClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *LiveClient, err error) {\n\tclient = &LiveClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *LiveClient) DescribeLiveDomains(request *tclive.DescribeLiveDomainsRequest) (response *tclive.DescribeLiveDomainsResponse, err error) {\n\treturn c.DescribeLiveDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *LiveClient) DescribeLiveDomainsWithContext(ctx context.Context, request *tclive.DescribeLiveDomainsRequest) (response *tclive.DescribeLiveDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tclive.NewDescribeLiveDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"live\", tclive.APIVersion, \"DescribeLiveDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeLiveDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\n\tresponse = tclive.NewDescribeLiveDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *LiveClient) ModifyLiveDomainCertBindings(request *tclive.ModifyLiveDomainCertBindingsRequest) (response *tclive.ModifyLiveDomainCertBindingsResponse, err error) {\n\treturn c.ModifyLiveDomainCertBindingsWithContext(context.Background(), request)\n}\n\nfunc (c *LiveClient) ModifyLiveDomainCertBindingsWithContext(ctx context.Context, request *tclive.ModifyLiveDomainCertBindingsRequest) (response *tclive.ModifyLiveDomainCertBindingsResponse, err error) {\n\tif request == nil {\n\t\trequest = tclive.NewModifyLiveDomainCertBindingsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"live\", tclive.APIVersion, \"ModifyLiveDomainCertBindings\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"ModifyLiveDomainCertBindings require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tclive.NewModifyLiveDomainCertBindingsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css.go",
"content": "package tencentcloudcss\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttclive \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/live/v20180801\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-css/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 直播播放域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.LiveClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 批量绑定证书对应的播放域名\n\t// REF: https://cloud.tencent.com/document/api/267/78655\n\tmodifyLiveDomainCertBindingsReq := tclive.NewModifyLiveDomainCertBindingsRequest()\n\tmodifyLiveDomainCertBindingsReq.DomainInfos = lo.Map(domains, func(domain string, _ int) *tclive.LiveCertDomainInfo {\n\t\treturn &tclive.LiveCertDomainInfo{\n\t\t\tDomainName: common.StringPtr(domain),\n\t\t\tStatus: common.Int64Ptr(1),\n\t\t}\n\t})\n\tmodifyLiveDomainCertBindingsReq.CloudCertId = common.StringPtr(upres.CertId)\n\tmodifyLiveDomainCertBindingsResp, err := d.sdkClient.ModifyLiveDomainCertBindings(modifyLiveDomainCertBindingsReq)\n\td.logger.Debug(\"sdk request 'live.ModifyLiveDomainCertBindings'\", slog.Any(\"request\", modifyLiveDomainCertBindingsReq), slog.Any(\"response\", modifyLiveDomainCertBindingsResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'live.ModifyLiveDomainCertBindings': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://cloud.tencent.com/document/api/267/33856\n\tdescribeLiveDomainsPageNum := 1\n\tdescribeLiveDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeLiveDomainsReq := tclive.NewDescribeLiveDomainsRequest()\n\t\tdescribeLiveDomainsReq.DomainStatus = common.Uint64Ptr(1)\n\t\tdescribeLiveDomainsReq.DomainType = common.Uint64Ptr(1)\n\t\tdescribeLiveDomainsReq.PageNum = common.Uint64Ptr(uint64(describeLiveDomainsPageNum))\n\t\tdescribeLiveDomainsReq.PageSize = common.Uint64Ptr(uint64(describeLiveDomainsPageSize))\n\t\tdescribeLiveDomainsResp, err := d.sdkClient.DescribeLiveDomains(describeLiveDomainsReq)\n\t\td.logger.Debug(\"sdk request 'live.DescribeLiveDomains'\", slog.Any(\"request\", describeLiveDomainsReq), slog.Any(\"response\", describeLiveDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'live.DescribeLiveDomains': %w\", err)\n\t\t}\n\n\t\tif describeLiveDomainsResp.Response == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range describeLiveDomainsResp.Response.DomainList {\n\t\t\tdomains = append(domains, *domainItem.Name)\n\t\t}\n\n\t\tif len(describeLiveDomainsResp.Response.DomainList) < describeLiveDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeLiveDomainsPageNum++\n\t}\n\n\treturn domains, nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint string) (*internal.LiveClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewLiveClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-css/tencentcloud_css_test.go",
"content": "package tencentcloudcss_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-css\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDCSS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_css_test.go -args \\\n\t--TENCENTCLOUDCSS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDCSS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDCSS_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDCSS_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDCSS_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ecdn/consts.go",
"content": "package tencentcloudecdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ecdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\ttccdn \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/cdn/v20180606/client.go\n// to lightweight the vendor packages in the built binary.\ntype CdnClient struct {\n\tcommon.Client\n}\n\nfunc NewCdnClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *CdnClient, err error) {\n\tclient = &CdnClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *CdnClient) DescribeCertDomains(request *tccdn.DescribeCertDomainsRequest) (response *tccdn.DescribeCertDomainsResponse, err error) {\n\treturn c.DescribeCertDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) DescribeCertDomainsWithContext(ctx context.Context, request *tccdn.DescribeCertDomainsRequest) (response *tccdn.DescribeCertDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewDescribeCertDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"DescribeCertDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeCertDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewDescribeCertDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *CdnClient) DescribeDomains(request *tccdn.DescribeDomainsRequest) (response *tccdn.DescribeDomainsResponse, err error) {\n\treturn c.DescribeDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) DescribeDomainsWithContext(ctx context.Context, request *tccdn.DescribeDomainsRequest) (response *tccdn.DescribeDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewDescribeDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"DescribeDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewDescribeDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *CdnClient) DescribeDomainsConfig(request *tccdn.DescribeDomainsConfigRequest) (response *tccdn.DescribeDomainsConfigResponse, err error) {\n\treturn c.DescribeDomainsConfigWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) DescribeDomainsConfigWithContext(ctx context.Context, request *tccdn.DescribeDomainsConfigRequest) (response *tccdn.DescribeDomainsConfigResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewDescribeDomainsConfigRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"DescribeDomainsConfig\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeDomainsConfig require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewDescribeDomainsConfigResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *CdnClient) UpdateDomainConfig(request *tccdn.UpdateDomainConfigRequest) (response *tccdn.UpdateDomainConfigResponse, err error) {\n\treturn c.UpdateDomainConfigWithContext(context.Background(), request)\n}\n\nfunc (c *CdnClient) UpdateDomainConfigWithContext(ctx context.Context, request *tccdn.UpdateDomainConfigRequest) (response *tccdn.UpdateDomainConfigResponse, err error) {\n\tif request == nil {\n\t\trequest = tccdn.NewUpdateDomainConfigRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"cdn\", tccdn.APIVersion, \"UpdateDomainConfig\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"UpdateDomainConfig require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tccdn.NewUpdateDomainConfigResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn.go",
"content": "package tencentcloudecdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\ttccdn \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ecdn/internal\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的 ECDN 实例\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getMatchedDomainsByWildcard(ctx, d.config.Domain)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = domainCandidates\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tdomainCandidates, err := d.getMatchedDomainsByCertId(ctx, upres.CertId)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = domainCandidates\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no ecdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found ecdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByWildcard(ctx context.Context, wildcardDomain string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名基本信息,获取匹配的域名\n\t// REF: https://cloud.tencent.com/document/api/228/41118\n\tdescribeDomainsOffset := 0\n\tdescribeDomainsLimit := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeDomainsReq := tccdn.NewDescribeDomainsRequest()\n\t\tdescribeDomainsReq.Filters = []*tccdn.DomainFilter{\n\t\t\t{\n\t\t\t\tName: common.StringPtr(\"domain\"),\n\t\t\t\tValue: common.StringPtrs([]string{strings.TrimPrefix(wildcardDomain, \"*.\")}),\n\t\t\t\tFuzzy: common.BoolPtr(true),\n\t\t\t},\n\t\t}\n\t\tdescribeDomainsReq.Offset = common.Int64Ptr(int64(describeDomainsOffset))\n\t\tdescribeDomainsReq.Limit = common.Int64Ptr(int64(describeDomainsLimit))\n\t\tdescribeDomainsResp, err := d.sdkClient.DescribeDomains(describeDomainsReq)\n\t\td.logger.Debug(\"sdk request 'cdn.DescribeDomains'\", slog.Any(\"request\", describeDomainsReq), slog.Any(\"response\", describeDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeDomains': %w\", err)\n\t\t}\n\n\t\tif describeDomainsResp.Response == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range describeDomainsResp.Response.Domains {\n\t\t\tif lo.FromPtr(domainItem.Product) == \"ecdn\" && xcerthostname.IsMatch(wildcardDomain, lo.FromPtr(domainItem.Domain)) {\n\t\t\t\tdomains = append(domains, *domainItem.Domain)\n\t\t\t}\n\t\t}\n\n\t\tif len(describeDomainsResp.Response.Domains) < describeDomainsLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeDomainsOffset += describeDomainsLimit\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByCertId(ctx context.Context, cloudCertId string) ([]string, error) {\n\t// 获取证书中的可用域名\n\t// REF: https://cloud.tencent.com/document/api/228/42491\n\tdescribeCertDomainsReq := tccdn.NewDescribeCertDomainsRequest()\n\tdescribeCertDomainsReq.CertId = common.StringPtr(cloudCertId)\n\tdescribeCertDomainsReq.Product = common.StringPtr(\"ecdn\")\n\tdescribeCertDomainsResp, err := d.sdkClient.DescribeCertDomains(describeCertDomainsReq)\n\td.logger.Debug(\"sdk request 'cdn.DescribeCertDomains'\", slog.Any(\"request\", describeCertDomainsReq), slog.Any(\"response\", describeCertDomainsResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeCertDomains': %w\", err)\n\t}\n\n\tdomains := make([]string, 0)\n\tif describeCertDomainsResp.Response.Domains != nil {\n\t\tfor _, domain := range describeCertDomainsResp.Response.Domains {\n\t\t\tdomains = append(domains, *domain)\n\t\t}\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 查询域名详细配置\n\t// REF: https://cloud.tencent.com/document/api/228/41117\n\tdescribeDomainsConfigReq := tccdn.NewDescribeDomainsConfigRequest()\n\tdescribeDomainsConfigReq.Filters = []*tccdn.DomainFilter{\n\t\t{\n\t\t\tName: common.StringPtr(\"domain\"),\n\t\t\tValue: common.StringPtrs([]string{domain}),\n\t\t},\n\t}\n\tdescribeDomainsConfigReq.Offset = common.Int64Ptr(0)\n\tdescribeDomainsConfigReq.Limit = common.Int64Ptr(1)\n\tdescribeDomainsConfigResp, err := d.sdkClient.DescribeDomainsConfig(describeDomainsConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.DescribeDomainsConfig'\", slog.Any(\"request\", describeDomainsConfigReq), slog.Any(\"response\", describeDomainsConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeDomainsConfig': %w\", err)\n\t} else if len(describeDomainsConfigResp.Response.Domains) == 0 {\n\t\treturn fmt.Errorf(\"could not find domain '%s'\", domain)\n\t}\n\n\tdomainConfig := describeDomainsConfigResp.Response.Domains[0]\n\tif domainConfig.Https != nil && domainConfig.Https.CertInfo != nil && domainConfig.Https.CertInfo.CertId != nil && *domainConfig.Https.CertInfo.CertId == cloudCertId {\n\t\t// 已部署过此域名,跳过\n\t\treturn nil\n\t}\n\n\t// 更新加速域名配置\n\t// REF: https://cloud.tencent.com/document/api/228/41116\n\tupdateDomainConfigReq := tccdn.NewUpdateDomainConfigRequest()\n\tupdateDomainConfigReq.Domain = common.StringPtr(domain)\n\tupdateDomainConfigReq.Https = domainConfig.Https\n\tif updateDomainConfigReq.Https == nil {\n\t\tupdateDomainConfigReq.Https = &tccdn.Https{\n\t\t\tSwitch: common.StringPtr(\"on\"),\n\t\t}\n\t} else {\n\t\tupdateDomainConfigReq.Https.SslStatus = nil\n\t}\n\tupdateDomainConfigReq.Https.CertInfo = &tccdn.ServerCert{\n\t\tCertId: common.StringPtr(cloudCertId),\n\t}\n\tupdateDomainConfigResp, err := d.sdkClient.UpdateDomainConfig(updateDomainConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.UpdateDomainConfig'\", slog.Any(\"request\", updateDomainConfigReq), slog.Any(\"response\", updateDomainConfigResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'cdn.UpdateDomainConfig': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint string) (*internal.CdnClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewCdnClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ecdn/tencentcloud_ecdn_test.go",
"content": "package tencentcloudecdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ecdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDECDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_ecdn_test.go -args \\\n\t--TENCENTCLOUDECDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDECDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDECDN_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDECDN_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDECDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-eo/consts.go",
"content": "package tencentcloudeo\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-eo/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcteo \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/teo/v20220901/client.go\n// to lightweight the vendor packages in the built binary.\ntype TeoClient struct {\n\tcommon.Client\n}\n\nfunc NewTeoClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *TeoClient, err error) {\n\tclient = &TeoClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *TeoClient) DescribeAccelerationDomains(request *tcteo.DescribeAccelerationDomainsRequest) (response *tcteo.DescribeAccelerationDomainsResponse, err error) {\n\treturn c.DescribeAccelerationDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *TeoClient) DescribeAccelerationDomainsWithContext(ctx context.Context, request *tcteo.DescribeAccelerationDomainsRequest) (response *tcteo.DescribeAccelerationDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tcteo.NewDescribeAccelerationDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"teo\", tcteo.APIVersion, \"DescribeAccelerationDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeAccelerationDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcteo.NewDescribeAccelerationDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *TeoClient) ModifyHostsCertificate(request *tcteo.ModifyHostsCertificateRequest) (response *tcteo.ModifyHostsCertificateResponse, err error) {\n\treturn c.ModifyHostsCertificateWithContext(context.Background(), request)\n}\n\nfunc (c *TeoClient) ModifyHostsCertificateWithContext(ctx context.Context, request *tcteo.ModifyHostsCertificateRequest) (response *tcteo.ModifyHostsCertificateResponse, err error) {\n\tif request == nil {\n\t\trequest = tcteo.NewModifyHostsCertificateRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"teo\", tcteo.APIVersion, \"ModifyHostsCertificate\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"ModifyHostsCertificate require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcteo.NewModifyHostsCertificateResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-eo/tencentcloud_eo.go",
"content": "package tencentcloudeo\n\nimport (\n\t\"context\"\n\t\"crypto/x509\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcteo \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-eo/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n\txcertkey \"github.com/certimate-go/certimate/pkg/utils/cert/key\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 站点 ID。\n\tZoneId string `json:\"zoneId\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名列表(支持泛域名)。\n\tDomains []string `json:\"domains\"`\n\t// 是否启用多证书模式。\n\tEnableMultipleSSL bool `json:\"enableMultipleSSL,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.TeoClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.ZoneId == \"\" {\n\t\treturn nil, errors.New(\"config `zoneId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取全部可部署的域名信息\n\tdomainsInZone, err := d.getAllDomainsInZone(ctx, d.config.ZoneId)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif len(d.config.Domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"config `domains` is required\")\n\t\t\t}\n\n\t\t\tdomains = d.config.Domains\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif len(d.config.Domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"config `domains` is required\")\n\t\t\t}\n\n\t\t\tdomainCandidates := lo.Map(domainsInZone, func(domainInfo *tcteo.AccelerationDomain, _ int) string {\n\t\t\t\treturn lo.FromPtr(domainInfo.DomainName)\n\t\t\t})\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\tfor _, configDomain := range d.config.Domains {\n\t\t\t\t\tif xcerthostname.IsMatch(configDomain, domain) {\n\t\t\t\t\t\treturn true\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn false\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates := lo.Map(domainsInZone, func(domainInfo *tcteo.AccelerationDomain, _ int) string {\n\t\t\t\treturn lo.FromPtr(domainInfo.DomainName)\n\t\t\t})\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 跳过已部署过的域名\n\tdomains = lo.Filter(domains, func(domain string, _ int) bool {\n\t\tvar deployed bool\n\n\t\tdomainInfo, _ := lo.Find(domainsInZone, func(domainInfo *tcteo.AccelerationDomain) bool {\n\t\t\treturn domain == lo.FromPtr(domainInfo.DomainName)\n\t\t})\n\t\tif domainInfo != nil && domainInfo.Certificate != nil {\n\t\t\tdeployed = lo.ContainsBy(domainInfo.Certificate.List, func(certInfo *tcteo.CertificateInfo) bool {\n\t\t\t\treturn upres.CertId == lo.FromPtr(certInfo.CertId)\n\t\t\t})\n\t\t}\n\n\t\treturn !deployed\n\t})\n\n\t// 批量更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no edgeone domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found edgeone domains to deploy\", slog.Any(\"domains\", domains))\n\n\t\t// 配置域名证书\n\t\t// REF: https://cloud.tencent.com/document/api/1552/80764\n\t\tmodifyHostsCertificateReqs := make([]*tcteo.ModifyHostsCertificateRequest, 0)\n\n\t\tif d.config.EnableMultipleSSL {\n\t\t\tconst algRSA = \"RSA\"\n\t\t\tconst algECC = \"ECC\"\n\n\t\t\tprivkey, err := xcert.ParsePrivateKeyFromPEM(privkeyPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to parse private key: %w\", err)\n\t\t\t}\n\n\t\t\tprivkeyAlg, _, _ := xcertkey.GetPrivateKeyAlgorithm(privkey)\n\t\t\tprivkeyAlgStr := \"\"\n\t\t\tswitch privkeyAlg {\n\t\t\tcase x509.RSA:\n\t\t\t\tprivkeyAlgStr = algRSA\n\t\t\tcase x509.ECDSA:\n\t\t\t\tprivkeyAlgStr = algECC\n\t\t\t}\n\n\t\t\tfor _, domain := range domains {\n\t\t\t\tmodifyHostsCertificateReq := tcteo.NewModifyHostsCertificateRequest()\n\t\t\t\tmodifyHostsCertificateReq.ZoneId = common.StringPtr(d.config.ZoneId)\n\t\t\t\tmodifyHostsCertificateReq.Mode = common.StringPtr(\"sslcert\")\n\t\t\t\tmodifyHostsCertificateReq.Hosts = common.StringPtrs([]string{domain})\n\t\t\t\tmodifyHostsCertificateReq.ServerCertInfo = []*tcteo.ServerCertInfo{{CertId: common.StringPtr(upres.CertId)}}\n\n\t\t\t\tdomainInfo, _ := lo.Find(domainsInZone, func(domainInfo *tcteo.AccelerationDomain) bool {\n\t\t\t\t\treturn domain == lo.FromPtr(domainInfo.DomainName)\n\t\t\t\t})\n\t\t\t\tif domainInfo != nil && domainInfo.Certificate != nil {\n\t\t\t\t\tfor _, certInfo := range domainInfo.Certificate.List {\n\t\t\t\t\t\tif lo.FromPtr(certInfo.CertId) == upres.CertId {\n\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tif strings.Split(lo.FromPtr(certInfo.SignAlgo), \" \")[0] == privkeyAlgStr {\n\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tcertExpireTime, _ := time.Parse(\"2006-01-02T15:04:05Z\", lo.FromPtr(certInfo.ExpireTime))\n\t\t\t\t\t\tif certExpireTime.Before(time.Now()) {\n\t\t\t\t\t\t\tcontinue\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tmodifyHostsCertificateReq.ServerCertInfo = append(modifyHostsCertificateReq.ServerCertInfo, &tcteo.ServerCertInfo{CertId: certInfo.CertId})\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tmodifyHostsCertificateReqs = append(modifyHostsCertificateReqs, modifyHostsCertificateReq)\n\t\t\t}\n\t\t} else {\n\t\t\tmodifyHostsCertificateReq := tcteo.NewModifyHostsCertificateRequest()\n\t\t\tmodifyHostsCertificateReq.ZoneId = common.StringPtr(d.config.ZoneId)\n\t\t\tmodifyHostsCertificateReq.Mode = common.StringPtr(\"sslcert\")\n\t\t\tmodifyHostsCertificateReq.Hosts = common.StringPtrs(domains)\n\t\t\tmodifyHostsCertificateReq.ServerCertInfo = []*tcteo.ServerCertInfo{{CertId: common.StringPtr(upres.CertId)}}\n\n\t\t\tmodifyHostsCertificateReqs = append(modifyHostsCertificateReqs, modifyHostsCertificateReq)\n\t\t}\n\n\t\tvar errs []error\n\t\tfor _, modifyHostsCertificateReq := range modifyHostsCertificateReqs {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tmodifyHostsCertificateResp, err := d.sdkClient.ModifyHostsCertificate(modifyHostsCertificateReq)\n\t\t\t\td.logger.Debug(\"sdk request 'teo.ModifyHostsCertificate'\", slog.Any(\"request\", modifyHostsCertificateReq), slog.Any(\"response\", modifyHostsCertificateResp))\n\t\t\t\tif err != nil {\n\t\t\t\t\terr = fmt.Errorf(\"failed to execute sdk request 'teo.ModifyHostsCertificate': %w\", err)\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomainsInZone(ctx context.Context, zoneId string) ([]*tcteo.AccelerationDomain, error) {\n\tvar domainsInZone []*tcteo.AccelerationDomain\n\n\tconst pageSize = 200\n\tfor offset := 0; ; offset += pageSize {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\t// 查询加速域名列表\n\t\t// REF: https://cloud.tencent.com/document/api/1552/86336\n\t\tdescribeAccelerationDomainsReq := tcteo.NewDescribeAccelerationDomainsRequest()\n\t\tdescribeAccelerationDomainsReq.Limit = common.Int64Ptr(pageSize)\n\t\tdescribeAccelerationDomainsReq.Offset = common.Int64Ptr(int64(offset))\n\t\tdescribeAccelerationDomainsReq.ZoneId = common.StringPtr(zoneId)\n\t\tdescribeAccelerationDomainsResp, err := d.sdkClient.DescribeAccelerationDomains(describeAccelerationDomainsReq)\n\t\td.logger.Debug(\"sdk request 'teo.DescribeAccelerationDomains'\", slog.Any(\"request\", describeAccelerationDomainsReq), slog.Any(\"response\", describeAccelerationDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'teo.DescribeAccelerationDomains': %w\", err)\n\t\t}\n\n\t\tignoredStatuses := []string{\"offline\", \"forbidden\", \"init\"}\n\t\tfor _, domainItem := range describeAccelerationDomainsResp.Response.AccelerationDomains {\n\t\t\tif lo.Contains(ignoredStatuses, lo.FromPtr(domainItem.DomainStatus)) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomainsInZone = append(domainsInZone, domainItem)\n\t\t}\n\n\t\tif len(describeAccelerationDomainsResp.Response.AccelerationDomains) < pageSize {\n\t\t\tbreak\n\t\t}\n\t}\n\n\treturn domainsInZone, nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint string) (*internal.TeoClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewTeoClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-eo/tencentcloud_eo_test.go",
"content": "package tencentcloudeo_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-eo\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfZoneId string\n\tfDomains string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDEO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fZoneId, argsPrefix+\"ZONEID\", \"\", \"\")\n\tflag.StringVar(&fDomains, argsPrefix+\"DOMAINS\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_eo_test.go -args \\\n\t--TENCENTCLOUDEO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDEO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDEO_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDEO_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDEO_ZONEID=\"your-zone-id\" \\\n\t--TENCENTCLOUDEO_DOMAINS=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"ZONEID: %v\", fZoneId),\n\t\t\tfmt.Sprintf(\"DOMAINS: %v\", fDomains),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tZoneId: fZoneId,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomains: strings.Split(fDomains, \";\"),\n\t\t\tEnableMultipleSSL: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-gaap/consts.go",
"content": "package tencentcloudgaap\n\nconst (\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-gaap/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcgaap \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap/v20180529\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/gaap/v20180529/client.go\n// to lightweight the vendor packages in the built binary.\ntype GaapClient struct {\n\tcommon.Client\n}\n\nfunc NewGaapClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *GaapClient, err error) {\n\tclient = &GaapClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *GaapClient) DescribeHTTPSListeners(request *tcgaap.DescribeHTTPSListenersRequest) (response *tcgaap.DescribeHTTPSListenersResponse, err error) {\n\treturn c.DescribeHTTPSListenersWithContext(context.Background(), request)\n}\n\nfunc (c *GaapClient) DescribeHTTPSListenersWithContext(ctx context.Context, request *tcgaap.DescribeHTTPSListenersRequest) (response *tcgaap.DescribeHTTPSListenersResponse, err error) {\n\tif request == nil {\n\t\trequest = tcgaap.NewDescribeHTTPSListenersRequest()\n\t}\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeHTTPSListeners require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcgaap.NewDescribeHTTPSListenersResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *GaapClient) ModifyHTTPSListenerAttribute(request *tcgaap.ModifyHTTPSListenerAttributeRequest) (response *tcgaap.ModifyHTTPSListenerAttributeResponse, err error) {\n\treturn c.ModifyHTTPSListenerAttributeWithContext(context.Background(), request)\n}\n\nfunc (c *GaapClient) ModifyHTTPSListenerAttributeWithContext(ctx context.Context, request *tcgaap.ModifyHTTPSListenerAttributeRequest) (response *tcgaap.ModifyHTTPSListenerAttributeResponse, err error) {\n\tif request == nil {\n\t\trequest = tcgaap.NewModifyHTTPSListenerAttributeRequest()\n\t}\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"ModifyHTTPSListenerAttribute require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcgaap.NewModifyHTTPSListenerAttributeResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-gaap/tencentcloud_gaap.go",
"content": "package tencentcloudgaap\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcgaap \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/gaap/v20180529\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-gaap/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 通道 ID。\n\t// 选填。\n\tProxyId string `json:\"proxyId,omitempty\"`\n\t// 负载均衡监听 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.GaapClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClients(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\t// 更新监听器证书\n\tif err := d.updateHttpsListenerCertificate(ctx, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateHttpsListenerCertificate(ctx context.Context, cloudListenerId, cloudCertId string) error {\n\t// 查询 HTTPS 监听器信息\n\t// REF: https://cloud.tencent.com/document/api/608/37001\n\tdescribeHTTPSListenersReq := tcgaap.NewDescribeHTTPSListenersRequest()\n\tdescribeHTTPSListenersReq.ListenerId = common.StringPtr(cloudListenerId)\n\tdescribeHTTPSListenersReq.Offset = common.Uint64Ptr(0)\n\tdescribeHTTPSListenersReq.Limit = common.Uint64Ptr(1)\n\tdescribeHTTPSListenersResp, err := d.sdkClient.DescribeHTTPSListeners(describeHTTPSListenersReq)\n\td.logger.Debug(\"sdk request 'gaap.DescribeHTTPSListeners'\", slog.Any(\"request\", describeHTTPSListenersReq), slog.Any(\"response\", describeHTTPSListenersResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'gaap.DescribeHTTPSListeners': %w\", err)\n\t} else if len(describeHTTPSListenersResp.Response.ListenerSet) == 0 {\n\t\treturn fmt.Errorf(\"could not find listener '%s'\", cloudListenerId)\n\t}\n\n\t// 修改 HTTPS 监听器配置\n\t// REF: https://cloud.tencent.com/document/api/608/36996\n\tmodifyHTTPSListenerAttributeReq := tcgaap.NewModifyHTTPSListenerAttributeRequest()\n\tmodifyHTTPSListenerAttributeReq.ProxyId = lo.EmptyableToPtr(d.config.ProxyId)\n\tmodifyHTTPSListenerAttributeReq.ListenerId = common.StringPtr(cloudListenerId)\n\tmodifyHTTPSListenerAttributeReq.CertificateId = common.StringPtr(cloudCertId)\n\tmodifyHTTPSListenerAttributeResp, err := d.sdkClient.ModifyHTTPSListenerAttribute(modifyHTTPSListenerAttributeReq)\n\td.logger.Debug(\"sdk request 'gaap.ModifyHTTPSListenerAttribute'\", slog.Any(\"request\", modifyHTTPSListenerAttributeReq), slog.Any(\"response\", modifyHTTPSListenerAttributeResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'gaap.ModifyHTTPSListenerAttribute': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClients(secretId, secretKey, endpoint string) (*internal.GaapClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewGaapClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-gaap/tencentcloud_gaap_test.go",
"content": "package tencentcloudgaap_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-gaap\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfProxyId string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fProxyId, argsPrefix+\"PROXYID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_gaap_test.go -args \\\n\t--TENCENTCLOUDGAAP_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDGAAP_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDGAAP_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDGAAP_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDGAAP_PROXYID=\"your-gaap-group-id\" \\\n\t--TENCENTCLOUDGAAP_LISTENERID=\"your-clb-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy_ToListener\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"PROXYID: %v\", fProxyId),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tProxyId: fProxyId,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-scf/consts.go",
"content": "package tencentcloudscf\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-scf/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcscf \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf/v20180416\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/scf/v20180416/client.go\n// to lightweight the vendor packages in the built binary.\ntype ScfClient struct {\n\tcommon.Client\n}\n\nfunc NewScfClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *ScfClient, err error) {\n\tclient = &ScfClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *ScfClient) GetCustomDomain(request *tcscf.GetCustomDomainRequest) (response *tcscf.GetCustomDomainResponse, err error) {\n\treturn c.GetCustomDomainWithContext(context.Background(), request)\n}\n\nfunc (c *ScfClient) GetCustomDomainWithContext(ctx context.Context, request *tcscf.GetCustomDomainRequest) (response *tcscf.GetCustomDomainResponse, err error) {\n\tif request == nil {\n\t\trequest = tcscf.NewGetCustomDomainRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"scf\", tcscf.APIVersion, \"GetCustomDomain\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"GetCustomDomain require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcscf.NewGetCustomDomainResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *ScfClient) ListCustomDomains(request *tcscf.ListCustomDomainsRequest) (response *tcscf.ListCustomDomainsResponse, err error) {\n\treturn c.ListCustomDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *ScfClient) ListCustomDomainsWithContext(ctx context.Context, request *tcscf.ListCustomDomainsRequest) (response *tcscf.ListCustomDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tcscf.NewListCustomDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"scf\", tcscf.APIVersion, \"ListCustomDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"ListCustomDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\n\tresponse = tcscf.NewListCustomDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *ScfClient) UpdateCustomDomain(request *tcscf.UpdateCustomDomainRequest) (response *tcscf.UpdateCustomDomainResponse, err error) {\n\treturn c.UpdateCustomDomainWithContext(context.Background(), request)\n}\n\nfunc (c *ScfClient) UpdateCustomDomainWithContext(ctx context.Context, request *tcscf.UpdateCustomDomainRequest) (response *tcscf.UpdateCustomDomainResponse, err error) {\n\tif request == nil {\n\t\trequest = tcscf.NewUpdateCustomDomainRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"scf\", tcscf.APIVersion, \"UpdateCustomDomain\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"UpdateCustomDomain require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcscf.NewUpdateCustomDomainResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-scf/tencentcloud_scf.go",
"content": "package tencentcloudscf\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcscf \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/scf/v20180416\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-scf/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 腾讯云地域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.ScfClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no scf domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found scf domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 获取云函数自定义域名列表\n\t// REF: https://cloud.tencent.com/document/api/583/111923\n\tlistCustomDomainsOffset := 0\n\tlistCustomDomainsLimit := 20\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeLiveDomainsReq := tcscf.NewListCustomDomainsRequest()\n\t\tdescribeLiveDomainsReq.Offset = common.Uint64Ptr(uint64(listCustomDomainsOffset))\n\t\tdescribeLiveDomainsReq.Limit = common.Uint64Ptr(uint64(listCustomDomainsLimit))\n\t\tdescribeLiveDomainsResp, err := d.sdkClient.ListCustomDomains(describeLiveDomainsReq)\n\t\td.logger.Debug(\"sdk request 'scf.DescribeLiveDomains'\", slog.Any(\"request\", describeLiveDomainsReq), slog.Any(\"response\", describeLiveDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'scf.DescribeLiveDomains': %w\", err)\n\t\t}\n\n\t\tif describeLiveDomainsResp.Response == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range describeLiveDomainsResp.Response.Domains {\n\t\t\tdomains = append(domains, *domainItem.Domain)\n\t\t}\n\n\t\tif len(describeLiveDomainsResp.Response.Domains) < listCustomDomainsLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCustomDomainsOffset++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 查看云函数自定义域名详情\n\t// REF: https://cloud.tencent.com/document/api/583/111924\n\tgetCustomDomainReq := tcscf.NewGetCustomDomainRequest()\n\tgetCustomDomainReq.Domain = common.StringPtr(domain)\n\tgetCustomDomainResp, err := d.sdkClient.GetCustomDomain(getCustomDomainReq)\n\td.logger.Debug(\"sdk request 'scf.GetCustomDomain'\", slog.Any(\"request\", getCustomDomainReq), slog.Any(\"response\", getCustomDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'scf.GetCustomDomain': %w\", err)\n\t} else {\n\t\tif getCustomDomainResp.Response.CertConfig != nil && getCustomDomainResp.Response.CertConfig.CertificateId != nil && *getCustomDomainResp.Response.CertConfig.CertificateId == cloudCertId {\n\t\t\treturn nil\n\t\t}\n\t}\n\n\t// 更新云函数自定义域名\n\t// REF: https://cloud.tencent.com/document/api/583/111922\n\tupdateCustomDomainReq := tcscf.NewUpdateCustomDomainRequest()\n\tupdateCustomDomainReq.Domain = common.StringPtr(domain)\n\tupdateCustomDomainReq.CertConfig = &tcscf.CertConf{\n\t\tCertificateId: common.StringPtr(cloudCertId),\n\t}\n\tupdateCustomDomainReq.Protocol = getCustomDomainResp.Response.Protocol\n\tif updateCustomDomainReq.Protocol == nil || *updateCustomDomainReq.Protocol == \"HTTP\" {\n\t\tupdateCustomDomainReq.Protocol = common.StringPtr(\"HTTP&HTTPS\")\n\t}\n\tupdateCustomDomainResp, err := d.sdkClient.UpdateCustomDomain(updateCustomDomainReq)\n\td.logger.Debug(\"sdk request 'scf.UpdateCustomDomain'\", slog.Any(\"request\", updateCustomDomainReq), slog.Any(\"response\", updateCustomDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'scf.UpdateCustomDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint, region string) (*internal.ScfClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewScfClient(credential, region, cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-scf/tencentcloud_scf_test.go",
"content": "package tencentcloudscf_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-scf\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfRegion string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDSCF_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_scf_test.go -args \\\n\t--TENCENTCLOUDSCF_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDSCF_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDSCF_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDSCF_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDSCF_REGION=\"ap-guangzhou\" \\\n\t--TENCENTCLOUDSCF_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tRegion: fRegion,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ssl/tencentcloud_ssl.go",
"content": "package tencentcloudssl\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: config.Endpoint,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ssl-deploy/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/ssl/v20191205/client.go\n// to lightweight the vendor packages in the built binary.\ntype SslClient struct {\n\tcommon.Client\n}\n\nfunc NewSslClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *SslClient, err error) {\n\tclient = &SslClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *SslClient) DeployCertificateInstance(request *tcssl.DeployCertificateInstanceRequest) (response *tcssl.DeployCertificateInstanceResponse, err error) {\n\treturn c.DeployCertificateInstanceWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) DeployCertificateInstanceWithContext(ctx context.Context, request *tcssl.DeployCertificateInstanceRequest) (response *tcssl.DeployCertificateInstanceResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewDeployCertificateInstanceRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"DeployCertificateInstance\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DeployCertificateInstance require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewDeployCertificateInstanceResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *SslClient) DescribeHostDeployRecordDetail(request *tcssl.DescribeHostDeployRecordDetailRequest) (response *tcssl.DescribeHostDeployRecordDetailResponse, err error) {\n\treturn c.DescribeHostDeployRecordDetailWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) DescribeHostDeployRecordDetailWithContext(ctx context.Context, request *tcssl.DescribeHostDeployRecordDetailRequest) (response *tcssl.DescribeHostDeployRecordDetailResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewDescribeHostDeployRecordDetailRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"DescribeHostDeployRecordDetail\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeHostDeployRecordDetail require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewDescribeHostDeployRecordDetailResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ssl-deploy/tencentcloud_ssl_deploy.go",
"content": "package tencentcloudssldeploy\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ssl-deploy/internal\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 腾讯云地域。\n\tRegion string `json:\"region\"`\n\t// 云产品类型。\n\tResourceProduct string `json:\"resourceProduct\"`\n\t// 云产品资源 ID 数组。\n\tResourceIds []string `json:\"resourceIds,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.SslClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: config.Endpoint,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.ResourceProduct == \"\" {\n\t\treturn nil, errors.New(\"config `resourceProduct` is required\")\n\t}\n\tif len(d.config.ResourceIds) == 0 {\n\t\treturn nil, errors.New(\"config `resourceIds` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 证书部署到云资源实例列表\n\t// REF: https://cloud.tencent.com/document/api/400/91667\n\tdeployCertificateInstanceReq := tcssl.NewDeployCertificateInstanceRequest()\n\tdeployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)\n\tdeployCertificateInstanceReq.ResourceType = common.StringPtr(d.config.ResourceProduct)\n\tdeployCertificateInstanceReq.InstanceIdList = common.StringPtrs(d.config.ResourceIds)\n\tdeployCertificateInstanceReq.Status = common.Int64Ptr(1)\n\tdeployCertificateInstanceResp, err := d.sdkClient.DeployCertificateInstance(deployCertificateInstanceReq)\n\td.logger.Debug(\"sdk request 'ssl.DeployCertificateInstance'\", slog.Any(\"request\", deployCertificateInstanceReq), slog.Any(\"response\", deployCertificateInstanceResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ssl.DeployCertificateInstance': %w\", err)\n\t} else if deployCertificateInstanceResp.Response == nil || deployCertificateInstanceResp.Response.DeployRecordId == nil {\n\t\treturn nil, errors.New(\"failed to create deploy record\")\n\t}\n\n\t// 获取部署任务详情,等待任务状态变更\n\t// REF: https://cloud.tencent.com/document/api/400/91658\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tdescribeHostDeployRecordDetailReq := tcssl.NewDescribeHostDeployRecordDetailRequest()\n\t\tdescribeHostDeployRecordDetailReq.DeployRecordId = common.StringPtr(fmt.Sprintf(\"%d\", *deployCertificateInstanceResp.Response.DeployRecordId))\n\t\tdescribeHostDeployRecordDetailReq.Limit = common.Uint64Ptr(200)\n\t\tdescribeHostDeployRecordDetailResp, err := d.sdkClient.DescribeHostDeployRecordDetail(describeHostDeployRecordDetailReq)\n\t\td.logger.Debug(\"sdk request 'ssl.DescribeHostDeployRecordDetail'\", slog.Any(\"request\", describeHostDeployRecordDetailReq), slog.Any(\"response\", describeHostDeployRecordDetailResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'ssl.DescribeHostDeployRecordDetail': %w\", err)\n\t\t}\n\n\t\tvar pendingCount, runningCount, succeededCount, failedCount, totalCount int64\n\t\tif describeHostDeployRecordDetailResp.Response.TotalCount == nil {\n\t\t\treturn false, fmt.Errorf(\"unexpected tencentcloud deployment job status\")\n\t\t} else {\n\t\t\tpendingCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.PendingTotalCount)\n\t\t\trunningCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.RunningTotalCount)\n\t\t\tsucceededCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.SuccessTotalCount)\n\t\t\tfailedCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.FailedTotalCount)\n\t\t\ttotalCount = lo.FromPtr(describeHostDeployRecordDetailResp.Response.TotalCount)\n\n\t\t\tif succeededCount+failedCount == totalCount {\n\t\t\t\tif failedCount > 0 {\n\t\t\t\t\treturn false, fmt.Errorf(\"tencentcloud deployment job failed (succeeded: %d, failed: %d, total: %d)\", succeededCount, failedCount, totalCount)\n\t\t\t\t}\n\t\t\t\treturn true, nil\n\t\t\t}\n\t\t}\n\n\t\td.logger.Info(fmt.Sprintf(\"waiting for tencentcloud deployment job completion (pending: %d, running: %d, succeeded: %d, failed: %d, total: %d) ...\", pendingCount, runningCount, succeededCount, failedCount, totalCount))\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint, region string) (*internal.SslClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewSslClient(credential, region, cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ssl-update/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/ssl/v20191205/client.go\n// to lightweight the vendor packages in the built binary.\ntype SslClient struct {\n\tcommon.Client\n}\n\nfunc NewSslClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *SslClient, err error) {\n\tclient = &SslClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *SslClient) DescribeHostUpdateRecordDetail(request *tcssl.DescribeHostUpdateRecordDetailRequest) (response *tcssl.DescribeHostUpdateRecordDetailResponse, err error) {\n\treturn c.DescribeHostUpdateRecordDetailWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) DescribeHostUpdateRecordDetailWithContext(ctx context.Context, request *tcssl.DescribeHostUpdateRecordDetailRequest) (response *tcssl.DescribeHostUpdateRecordDetailResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewDescribeHostUpdateRecordDetailRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"DescribeHostUpdateRecordDetail\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeHostUpdateRecordDetail require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewDescribeHostUpdateRecordDetailResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *SslClient) DescribeHostUploadUpdateRecordDetail(request *tcssl.DescribeHostUploadUpdateRecordDetailRequest) (response *tcssl.DescribeHostUploadUpdateRecordDetailResponse, err error) {\n\treturn c.DescribeHostUploadUpdateRecordDetailWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) DescribeHostUploadUpdateRecordDetailWithContext(ctx context.Context, request *tcssl.DescribeHostUploadUpdateRecordDetailRequest) (response *tcssl.DescribeHostUploadUpdateRecordDetailResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewDescribeHostUploadUpdateRecordDetailRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"DescribeHostUploadUpdateRecordDetail\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeHostUploadUpdateRecordDetail require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewDescribeHostUploadUpdateRecordDetailResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *SslClient) UpdateCertificateInstance(request *tcssl.UpdateCertificateInstanceRequest) (response *tcssl.UpdateCertificateInstanceResponse, err error) {\n\treturn c.UpdateCertificateInstanceWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) UpdateCertificateInstanceWithContext(ctx context.Context, request *tcssl.UpdateCertificateInstanceRequest) (response *tcssl.UpdateCertificateInstanceResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewUpdateCertificateInstanceRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"UpdateCertificateInstance\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"UpdateCertificateInstance require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\n\tresponse = tcssl.NewUpdateCertificateInstanceResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *SslClient) UploadUpdateCertificateInstance(request *tcssl.UploadUpdateCertificateInstanceRequest) (response *tcssl.UploadUpdateCertificateInstanceResponse, err error) {\n\treturn c.UploadUpdateCertificateInstanceWithContext(context.Background(), request)\n}\n\nfunc (c *SslClient) UploadUpdateCertificateInstanceWithContext(ctx context.Context, request *tcssl.UploadUpdateCertificateInstanceRequest) (response *tcssl.UploadUpdateCertificateInstanceResponse, err error) {\n\tif request == nil {\n\t\trequest = tcssl.NewUploadUpdateCertificateInstanceRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"ssl\", tcssl.APIVersion, \"UploadUpdateCertificateInstance\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"UploadUpdateCertificateInstance require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcssl.NewUploadUpdateCertificateInstanceResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-ssl-update/tencentcloud_ssl_update.go",
"content": "package tencentcloudsslupdate\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"slices\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcssl \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-ssl-update/internal\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 原证书 ID。\n\tCertificateId string `json:\"certificateId\"`\n\t// 是否替换原有证书(即保持原证书 ID 不变)。\n\tIsReplaced bool `json:\"isReplaced,omitempty\"`\n\t// 云产品类型数组。\n\tResourceProducts []string `json:\"resourceProducts\"`\n\t// 云产品地域数组。\n\tResourceRegions []string `json:\"resourceRegions\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.SslClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: config.Endpoint,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.CertificateId == \"\" {\n\t\treturn nil, errors.New(\"config `certificateId` is required\")\n\t}\n\tif len(d.config.ResourceProducts) == 0 {\n\t\treturn nil, errors.New(\"config `resourceProducts` is required\")\n\t}\n\n\tif d.config.IsReplaced {\n\t\tif err := d.executeUploadUpdateCertificateInstance(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t} else {\n\t\tif err := d.executeUpdateCertificateInstance(ctx, certPEM, privkeyPEM); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) executeUpdateCertificateInstance(ctx context.Context, certPEM, privkeyPEM string) error {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 一键更新新旧证书资源\n\t// REF: https://cloud.tencent.com/document/product/400/91649\n\tvar deployRecordId string\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tupdateCertificateInstanceReq := tcssl.NewUpdateCertificateInstanceRequest()\n\t\tupdateCertificateInstanceReq.OldCertificateId = common.StringPtr(d.config.CertificateId)\n\t\tupdateCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)\n\t\tupdateCertificateInstanceReq.ResourceTypes = common.StringPtrs(d.config.ResourceProducts)\n\t\tupdateCertificateInstanceReq.ResourceTypesRegions = wrapResourceProductRegions(d.config.ResourceProducts, d.config.ResourceRegions)\n\t\tupdateCertificateInstanceResp, err := d.sdkClient.UpdateCertificateInstance(updateCertificateInstanceReq)\n\t\td.logger.Debug(\"sdk request 'ssl.UpdateCertificateInstance'\", slog.Any(\"request\", updateCertificateInstanceReq), slog.Any(\"response\", updateCertificateInstanceResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'ssl.UpdateCertificateInstance': %w\", err)\n\t\t}\n\n\t\tif updateCertificateInstanceResp.Response.DeployStatus == nil || updateCertificateInstanceResp.Response.DeployRecordId == nil {\n\t\t\treturn false, fmt.Errorf(\"unexpected deployment job status\")\n\t\t} else if *updateCertificateInstanceResp.Response.DeployRecordId > 0 {\n\t\t\tdeployRecordId = fmt.Sprintf(\"%d\", *updateCertificateInstanceResp.Response.DeployRecordId)\n\t\t\treturn true, nil\n\t\t}\n\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn err\n\t}\n\n\t// 查询证书云资源更新记录详情,等待任务状态变更\n\t// REF: https://cloud.tencent.com/document/api/400/91652\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tdescribeHostUpdateRecordDetailReq := tcssl.NewDescribeHostUpdateRecordDetailRequest()\n\t\tdescribeHostUpdateRecordDetailReq.DeployRecordId = common.StringPtr(deployRecordId)\n\t\tdescribeHostUpdateRecordDetailReq.Limit = common.StringPtr(\"200\")\n\t\tdescribeHostUpdateRecordDetailResp, err := d.sdkClient.DescribeHostUpdateRecordDetail(describeHostUpdateRecordDetailReq)\n\t\td.logger.Debug(\"sdk request 'ssl.DescribeHostUpdateRecordDetail'\", slog.Any(\"request\", describeHostUpdateRecordDetailReq), slog.Any(\"response\", describeHostUpdateRecordDetailResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'ssl.DescribeHostUpdateRecordDetail': %w\", err)\n\t\t}\n\n\t\tvar pendingCount, runningCount, succeededCount, failedCount, totalCount int64\n\t\tif describeHostUpdateRecordDetailResp.Response.TotalCount == nil {\n\t\t\treturn false, fmt.Errorf(\"unexpected tencentcloud deployment job status\")\n\t\t} else {\n\t\t\tpendingCount = lo.FromPtr(describeHostUpdateRecordDetailResp.Response.PendingTotalCount)\n\t\t\trunningCount = lo.FromPtr(describeHostUpdateRecordDetailResp.Response.RunningTotalCount)\n\t\t\tsucceededCount = lo.FromPtr(describeHostUpdateRecordDetailResp.Response.SuccessTotalCount)\n\t\t\tfailedCount = lo.FromPtr(describeHostUpdateRecordDetailResp.Response.FailedTotalCount)\n\t\t\ttotalCount = lo.FromPtr(describeHostUpdateRecordDetailResp.Response.TotalCount)\n\n\t\t\tif succeededCount+failedCount == totalCount {\n\t\t\t\tif failedCount > 0 {\n\t\t\t\t\treturn false, fmt.Errorf(\"tencentcloud deployment job failed (succeeded: %d, failed: %d, total: %d)\", succeededCount, failedCount, totalCount)\n\t\t\t\t}\n\t\t\t\treturn true, nil\n\t\t\t}\n\t\t}\n\n\t\td.logger.Info(fmt.Sprintf(\"waiting for tencentcloud deployment job completion (pending: %d, running: %d, succeeded: %d, failed: %d, total: %d) ...\", pendingCount, runningCount, succeededCount, failedCount, totalCount))\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) executeUploadUpdateCertificateInstance(ctx context.Context, certPEM, privkeyPEM string) error {\n\t// 更新证书内容并更新关联的云资源\n\t// REF: https://cloud.tencent.com/document/product/400/119791\n\tvar deployRecordId int64\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tuploadUpdateCertificateInstanceReq := tcssl.NewUploadUpdateCertificateInstanceRequest()\n\t\tuploadUpdateCertificateInstanceReq.OldCertificateId = common.StringPtr(d.config.CertificateId)\n\t\tuploadUpdateCertificateInstanceReq.CertificatePublicKey = common.StringPtr(certPEM)\n\t\tuploadUpdateCertificateInstanceReq.CertificatePrivateKey = common.StringPtr(privkeyPEM)\n\t\tuploadUpdateCertificateInstanceReq.ResourceTypes = common.StringPtrs(d.config.ResourceProducts)\n\t\tuploadUpdateCertificateInstanceReq.ResourceTypesRegions = wrapResourceProductRegions(d.config.ResourceProducts, d.config.ResourceRegions)\n\t\tuploadUpdateCertificateInstanceResp, err := d.sdkClient.UploadUpdateCertificateInstance(uploadUpdateCertificateInstanceReq)\n\t\td.logger.Debug(\"sdk request 'ssl.UploadUpdateCertificateInstance'\", slog.Any(\"request\", uploadUpdateCertificateInstanceReq), slog.Any(\"response\", uploadUpdateCertificateInstanceResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'ssl.UploadUpdateCertificateInstance': %w\", err)\n\t\t}\n\n\t\tif uploadUpdateCertificateInstanceResp.Response.DeployStatus == nil {\n\t\t\treturn false, fmt.Errorf(\"unexpected deployment job status\")\n\t\t} else if *uploadUpdateCertificateInstanceResp.Response.DeployStatus == 1 {\n\t\t\tdeployRecordId = int64(*uploadUpdateCertificateInstanceResp.Response.DeployRecordId)\n\t\t\treturn true, nil\n\t\t}\n\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn err\n\t}\n\n\t// 查询证书云资源更新记录详情,等待任务状态变更\n\t// REF: https://cloud.tencent.com/document/product/400/120056\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tdescribeHostUploadUpdateRecordDetailReq := tcssl.NewDescribeHostUploadUpdateRecordDetailRequest()\n\t\tdescribeHostUploadUpdateRecordDetailReq.DeployRecordId = common.Int64Ptr(deployRecordId)\n\t\tdescribeHostUploadUpdateRecordDetailReq.Limit = common.Int64Ptr(200)\n\t\tdescribeHostUploadUpdateRecordDetailResp, err := d.sdkClient.DescribeHostUploadUpdateRecordDetail(describeHostUploadUpdateRecordDetailReq)\n\t\td.logger.Debug(\"sdk request 'ssl.DescribeHostUploadUpdateRecordDetail'\", slog.Any(\"request\", describeHostUploadUpdateRecordDetailReq), slog.Any(\"response\", describeHostUploadUpdateRecordDetailResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'ssl.DescribeHostUploadUpdateRecordDetail': %w\", err)\n\t\t}\n\n\t\tvar runningCount, succeededCount, failedCount, totalCount int64\n\t\tif describeHostUploadUpdateRecordDetailResp.Response.DeployRecordDetail == nil {\n\t\t\treturn false, fmt.Errorf(\"unexpected tencentcloud deployment job status\")\n\t\t} else {\n\t\t\tfor _, record := range describeHostUploadUpdateRecordDetailResp.Response.DeployRecordDetail {\n\t\t\t\trunningCount += lo.FromPtr(record.RunningTotalCount)\n\t\t\t\tsucceededCount += lo.FromPtr(record.SuccessTotalCount)\n\t\t\t\tfailedCount += lo.FromPtr(record.FailedTotalCount)\n\t\t\t\ttotalCount += lo.FromPtr(record.TotalCount)\n\t\t\t}\n\n\t\t\tif succeededCount+failedCount == totalCount {\n\t\t\t\tif failedCount > 0 {\n\t\t\t\t\treturn false, fmt.Errorf(\"tencentcloud deployment job failed (succeeded: %d, failed: %d, total: %d)\", succeededCount, failedCount, totalCount)\n\t\t\t\t}\n\t\t\t\treturn true, nil\n\t\t\t}\n\t\t}\n\n\t\td.logger.Info(fmt.Sprintf(\"waiting for tencentcloud deployment job completion (running: %d, succeeded: %d, failed: %d, total: %d) ...\", runningCount, succeededCount, failedCount, totalCount))\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint string) (*internal.SslClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewSslClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n\nfunc wrapResourceProductRegions(resourceProducts, resourceRegions []string) []*tcssl.ResourceTypeRegions {\n\tif len(resourceProducts) == 0 || len(resourceRegions) == 0 {\n\t\treturn nil\n\t}\n\n\t// 仅以下云产品类型支持地域\n\tresourceProductsRequireRegion := []string{\"apigateway\", \"clb\", \"cos\", \"tcb\", \"tke\", \"tse\", \"waf\"}\n\n\ttemp := make([]*tcssl.ResourceTypeRegions, 0)\n\tfor _, resourceProduct := range resourceProducts {\n\t\tif slices.Contains(resourceProductsRequireRegion, resourceProduct) {\n\t\t\ttemp = append(temp, &tcssl.ResourceTypeRegions{\n\t\t\t\tResourceType: common.StringPtr(resourceProduct),\n\t\t\t\tRegions: common.StringPtrs(resourceRegions),\n\t\t\t})\n\t\t}\n\t}\n\n\treturn temp\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-vod/consts.go",
"content": "package tencentcloudvod\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-vod/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcvod \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod/v20180717\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/vod/v20180717/client.go\n// to lightweight the vendor packages in the built binary.\ntype VodClient struct {\n\tcommon.Client\n}\n\nfunc NewVodClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *VodClient, err error) {\n\tclient = &VodClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *VodClient) DescribeVodDomains(request *tcvod.DescribeVodDomainsRequest) (response *tcvod.DescribeVodDomainsResponse, err error) {\n\treturn c.DescribeVodDomainsWithContext(context.Background(), request)\n}\n\nfunc (c *VodClient) DescribeVodDomainsWithContext(ctx context.Context, request *tcvod.DescribeVodDomainsRequest) (response *tcvod.DescribeVodDomainsResponse, err error) {\n\tif request == nil {\n\t\trequest = tcvod.NewDescribeVodDomainsRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"vod\", tcvod.APIVersion, \"DescribeVodDomains\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeVodDomains require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\n\tresponse = tcvod.NewDescribeVodDomainsResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *VodClient) SetVodDomainCertificate(request *tcvod.SetVodDomainCertificateRequest) (response *tcvod.SetVodDomainCertificateResponse, err error) {\n\treturn c.SetVodDomainCertificateWithContext(context.Background(), request)\n}\n\nfunc (c *VodClient) SetVodDomainCertificateWithContext(ctx context.Context, request *tcvod.SetVodDomainCertificateRequest) (response *tcvod.SetVodDomainCertificateResponse, err error) {\n\tif request == nil {\n\t\trequest = tcvod.NewSetVodDomainCertificateRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"vod\", tcvod.APIVersion, \"SetVodDomainCertificate\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"SetVodDomainCertificate require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcvod.NewSetVodDomainCertificateResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-vod/tencentcloud_vod.go",
"content": "package tencentcloudvod\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcvod \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod/v20180717\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-vod/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 点播应用 ID。\n\tSubAppId int64 `json:\"subAppId\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 点播加速域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.VodClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的 ECDN 实例\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = domainCandidates\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no vod domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found vod domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询点播域名列表\n\t// REF: https://cloud.tencent.com/document/api/266/54176\n\tdescribeVodDomainsOffset := 0\n\tdescribeVodDomainsLimit := 20\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeVodDomainsReq := tcvod.NewDescribeVodDomainsRequest()\n\t\tdescribeVodDomainsReq.Offset = common.Uint64Ptr(uint64(describeVodDomainsOffset))\n\t\tdescribeVodDomainsReq.Limit = common.Uint64Ptr(uint64(describeVodDomainsLimit))\n\t\tif d.config.SubAppId != 0 {\n\t\t\tdescribeVodDomainsReq.SubAppId = common.Uint64Ptr(uint64(d.config.SubAppId))\n\t\t}\n\t\tdescribeVodDomainsResp, err := d.sdkClient.DescribeVodDomains(describeVodDomainsReq)\n\t\td.logger.Debug(\"sdk request 'vod.DescribeVodDomains'\", slog.Any(\"request\", describeVodDomainsReq), slog.Any(\"response\", describeVodDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'vod.DescribeVodDomains': %w\", err)\n\t\t}\n\n\t\tif describeVodDomainsResp.Response == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tignoredStatuses := []string{\"Locked\"}\n\t\tfor _, domainItem := range describeVodDomainsResp.Response.DomainSet {\n\t\t\tif lo.Contains(ignoredStatuses, *domainItem.DeployStatus) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, *domainItem.Domain)\n\t\t}\n\n\t\tif len(describeVodDomainsResp.Response.DomainSet) < describeVodDomainsLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeVodDomainsOffset += describeVodDomainsLimit\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 设置点播域名 HTTPS 证书\n\t// REF: https://cloud.tencent.com/document/api/266/102015\n\tsetVodDomainCertificateReq := tcvod.NewSetVodDomainCertificateRequest()\n\tsetVodDomainCertificateReq.Domain = common.StringPtr(domain)\n\tsetVodDomainCertificateReq.Operation = common.StringPtr(\"Set\")\n\tsetVodDomainCertificateReq.CertID = common.StringPtr(cloudCertId)\n\tif d.config.SubAppId != 0 {\n\t\tsetVodDomainCertificateReq.SubAppId = common.Uint64Ptr(uint64(d.config.SubAppId))\n\t}\n\tsetVodDomainCertificateResp, err := d.sdkClient.SetVodDomainCertificate(setVodDomainCertificateReq)\n\td.logger.Debug(\"sdk request 'vod.SetVodDomainCertificate'\", slog.Any(\"request\", setVodDomainCertificateReq), slog.Any(\"response\", setVodDomainCertificateResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'vod.SetVodDomainCertificate': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint string) (*internal.VodClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewVodClient(credential, \"\", cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-vod/tencentcloud_vod_test.go",
"content": "package tencentcloudvod_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-vod\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfDomain string\n\tfSubAppId int64\n\tfInstanceId string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDVOD_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n\tflag.Int64Var(&fSubAppId, argsPrefix+\"SUBAPPID\", 0, \"\")\n\tflag.StringVar(&fInstanceId, argsPrefix+\"INSTANCEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_vod_test.go -args \\\n\t--TENCENTCLOUDVOD_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDVOD_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDVOD_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDVOD_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDVOD_SUBAPPID=\"your-app-id\" \\\n\t--TENCENTCLOUDVOD_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t\tfmt.Sprintf(\"INSTANCEID: %v\", fInstanceId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tSubAppId: fSubAppId,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-waf/internal/client.go",
"content": "package internal\n\nimport (\n\t\"context\"\n\t\"errors\"\n\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcwaf \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf/v20180125\"\n)\n\n// This is a partial copy of https://github.com/TencentCloud/tencentcloud-sdk-go/blob/master/tencentcloud/waf/v20180125/client.go\n// to lightweight the vendor packages in the built binary.\ntype WafClient struct {\n\tcommon.Client\n}\n\nfunc NewWafClient(credential common.CredentialIface, region string, clientProfile *profile.ClientProfile) (client *WafClient, err error) {\n\tclient = &WafClient{}\n\tclient.Init(region).\n\t\tWithCredential(credential).\n\t\tWithProfile(clientProfile)\n\treturn\n}\n\nfunc (c *WafClient) DescribeDomainDetailsSaas(request *tcwaf.DescribeDomainDetailsSaasRequest) (response *tcwaf.DescribeDomainDetailsSaasResponse, err error) {\n\treturn c.DescribeDomainDetailsSaasWithContext(context.Background(), request)\n}\n\nfunc (c *WafClient) DescribeDomainDetailsSaasWithContext(ctx context.Context, request *tcwaf.DescribeDomainDetailsSaasRequest) (response *tcwaf.DescribeDomainDetailsSaasResponse, err error) {\n\tif request == nil {\n\t\trequest = tcwaf.NewDescribeDomainDetailsSaasRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"waf\", tcwaf.APIVersion, \"DescribeDomainDetailsSaas\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"DescribeDomainDetailsSaas require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcwaf.NewDescribeDomainDetailsSaasResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n\nfunc (c *WafClient) ModifySpartaProtection(request *tcwaf.ModifySpartaProtectionRequest) (response *tcwaf.ModifySpartaProtectionResponse, err error) {\n\treturn c.ModifySpartaProtectionWithContext(context.Background(), request)\n}\n\nfunc (c *WafClient) ModifySpartaProtectionWithContext(ctx context.Context, request *tcwaf.ModifySpartaProtectionRequest) (response *tcwaf.ModifySpartaProtectionResponse, err error) {\n\tif request == nil {\n\t\trequest = tcwaf.NewModifySpartaProtectionRequest()\n\t}\n\tc.InitBaseRequest(&request.BaseRequest, \"waf\", tcwaf.APIVersion, \"ModifySpartaProtection\")\n\n\tif c.GetCredential() == nil {\n\t\treturn nil, errors.New(\"ModifySpartaProtection require credential\")\n\t}\n\n\trequest.SetContext(ctx)\n\tresponse = tcwaf.NewModifySpartaProtectionResponse()\n\terr = c.Send(request, response)\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-waf/tencentcloud_waf.go",
"content": "package tencentcloudwaf\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common\"\n\t\"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile\"\n\ttcwaf \"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/waf/v20180125\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/tencentcloud-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-waf/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 腾讯云 SecretId。\n\tSecretId string `json:\"secretId\"`\n\t// 腾讯云 SecretKey。\n\tSecretKey string `json:\"secretKey\"`\n\t// 腾讯云接口端点。\n\tEndpoint string `json:\"endpoint,omitempty\"`\n\t// 腾讯云地域。\n\tRegion string `json:\"region\"`\n\t// 防护域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n\t// 防护域名 ID。\n\tDomainId string `json:\"domainId\"`\n\t// 防护域名所属实例 ID。\n\tInstanceId string `json:\"instanceId\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.WafClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.SecretId, config.SecretKey, config.Endpoint, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tSecretId: config.SecretId,\n\t\tSecretKey: config.SecretKey,\n\t\tEndpoint: lo.\n\t\t\tIf(strings.HasSuffix(config.Endpoint, \"intl.tencentcloudapi.com\"), \"ssl.intl.tencentcloudapi.com\"). // 国际站使用独立的接口端点\n\t\t\tElse(\"\"),\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\tif d.config.DomainId == \"\" {\n\t\treturn nil, errors.New(\"config `domainId` is required\")\n\t}\n\tif d.config.InstanceId == \"\" {\n\t\treturn nil, errors.New(\"config `instanceId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 查询单个 SaaS 型 WAF 域名详情\n\t// REF: https://cloud.tencent.com/document/api/627/82938\n\tdescribeDomainDetailsSaasReq := tcwaf.NewDescribeDomainDetailsSaasRequest()\n\tdescribeDomainDetailsSaasReq.Domain = common.StringPtr(d.config.Domain)\n\tdescribeDomainDetailsSaasReq.DomainId = common.StringPtr(d.config.DomainId)\n\tdescribeDomainDetailsSaasReq.InstanceId = common.StringPtr(d.config.InstanceId)\n\tdescribeDomainDetailsSaasResp, err := d.sdkClient.DescribeDomainDetailsSaas(describeDomainDetailsSaasReq)\n\td.logger.Debug(\"sdk request 'waf.DescribeDomainDetailsSaas'\", slog.Any(\"request\", describeDomainDetailsSaasReq), slog.Any(\"response\", describeDomainDetailsSaasResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'waf.DescribeDomainDetailsSaas': %w\", err)\n\t}\n\n\t// 编辑 SaaS 型 WAF 域名\n\t// REF: https://cloud.tencent.com/document/api/627/94309\n\tmodifySpartaProtectionReq := tcwaf.NewModifySpartaProtectionRequest()\n\tmodifySpartaProtectionReq.Domain = common.StringPtr(d.config.Domain)\n\tmodifySpartaProtectionReq.DomainId = common.StringPtr(d.config.DomainId)\n\tmodifySpartaProtectionReq.InstanceID = common.StringPtr(d.config.InstanceId)\n\tmodifySpartaProtectionReq.CertType = common.Int64Ptr(2)\n\tmodifySpartaProtectionReq.SSLId = common.StringPtr(upres.CertId)\n\tmodifySpartaProtectionResp, err := d.sdkClient.ModifySpartaProtection(modifySpartaProtectionReq)\n\td.logger.Debug(\"sdk request 'waf.ModifySpartaProtection'\", slog.Any(\"request\", modifySpartaProtectionReq), slog.Any(\"response\", modifySpartaProtectionResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'waf.ModifySpartaProtection': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(secretId, secretKey, endpoint, region string) (*internal.WafClient, error) {\n\tcredential := common.NewCredential(secretId, secretKey)\n\n\tcpf := profile.NewClientProfile()\n\tif endpoint != \"\" {\n\t\tcpf.HttpProfile.Endpoint = endpoint\n\t}\n\n\tclient, err := internal.NewWafClient(credential, region, cpf)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/tencentcloud-waf/tencentcloud_waf_test.go",
"content": "package tencentcloudwaf_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/tencentcloud-waf\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfSecretId string\n\tfSecretKey string\n\tfRegion string\n\tfDomain string\n\tfDomainId string\n\tfInstanceId string\n)\n\nfunc init() {\n\targsPrefix := \"TENCENTCLOUDWAF_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fSecretId, argsPrefix+\"SECRETID\", \"\", \"\")\n\tflag.StringVar(&fSecretKey, argsPrefix+\"SECRETKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n\tflag.StringVar(&fDomainId, argsPrefix+\"DOMAINID\", \"\", \"\")\n\tflag.StringVar(&fInstanceId, argsPrefix+\"INSTANCEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./tencentcloud_waf_test.go -args \\\n\t--TENCENTCLOUDWAF_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--TENCENTCLOUDWAF_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--TENCENTCLOUDWAF_SECRETID=\"your-secret-id\" \\\n\t--TENCENTCLOUDWAF_SECRETKEY=\"your-secret-key\" \\\n\t--TENCENTCLOUDWAF_REGION=\"ap-guangzhou\" \\\n\t--TENCENTCLOUDWAF_DOMAIN=\"example.com\" \\\n\t--TENCENTCLOUDWAF_DOMAINID=\"your-domain-id\" \\\n\t--TENCENTCLOUDWAF_INSTANCEID=\"your-instance-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"SECRETID: %v\", fSecretId),\n\t\t\tfmt.Sprintf(\"SECRETKEY: %v\", fSecretKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t\tfmt.Sprintf(\"INSTANCEID: %v\", fInstanceId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tSecretId: fSecretId,\n\t\t\tSecretKey: fSecretKey,\n\t\t\tRegion: fRegion,\n\t\t\tDomain: fDomain,\n\t\t\tDomainId: fDomainId,\n\t\t\tInstanceId: fInstanceId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-ualb/consts.go",
"content": "package ucloudualb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-ualb/ucloud_ualb.go",
"content": "package ucloudualb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-ulb\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/ulb\"\n)\n\ntype DeployerConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n\t// 优刻得地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n\t// SNI 域名(不支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.ULBClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tPrivateKey: config.PrivateKey,\n\t\tPublicKey: config.PublicKey,\n\t\tProjectId: config.ProjectId,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 获取 ALB 下的 HTTPS 监听器列表\n\t// REF: https://docs.ucloud.cn/api/ulb-api/describe_listeners\n\tlistenerIds := make([]string, 0)\n\tdescribeListenersOffset := 0\n\tdescribeListenersLimit := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeListenerReq := d.sdkClient.NewDescribeListenersRequest()\n\t\tdescribeListenerReq.LoadBalancerId = ucloud.String(d.config.LoadbalancerId)\n\t\tdescribeListenerReq.Offset = ucloud.Int(describeListenersOffset)\n\t\tdescribeListenerReq.Limit = ucloud.Int(describeListenersLimit)\n\t\tdescribeListenerResp, err := d.sdkClient.DescribeListeners(describeListenerReq)\n\t\td.logger.Debug(\"sdk request 'ulb.DescribeListeners'\", slog.Any(\"request\", describeListenerReq), slog.Any(\"response\", describeListenerResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.DescribeListeners': %w\", err)\n\t\t}\n\n\t\tfor _, listenerItem := range describeListenerResp.Listeners {\n\t\t\tif listenerItem.ListenerProtocol == \"HTTPS\" {\n\t\t\t\tlistenerIds = append(listenerIds, listenerItem.ListenerId)\n\t\t\t}\n\t\t}\n\n\t\tif len(describeListenerResp.Listeners) < describeListenersLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeListenersOffset += describeListenersLimit\n\t}\n\n\t// 遍历更新 Listener 证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no alb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\tif err := d.updateListenerCertificate(ctx, d.config.LoadbalancerId, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudLoadbalancerId, cloudListenerId string, cloudCertId string) error {\n\t// 描述应用型负载均衡监听器\n\t// REF: https://docs.ucloud.cn/api/ulb-api/describe_listeners\n\tdescribeListenersReq := d.sdkClient.NewDescribeListenersRequest()\n\tdescribeListenersReq.LoadBalancerId = ucloud.String(cloudLoadbalancerId)\n\tdescribeListenersReq.ListenerId = ucloud.String(cloudListenerId)\n\tdescribeListenersReq.Limit = ucloud.Int(1)\n\tdescribeListenerResp, err := d.sdkClient.DescribeListeners(describeListenersReq)\n\td.logger.Debug(\"sdk request 'ulb.DescribeListeners'\", slog.Any(\"request\", describeListenersReq), slog.Any(\"response\", describeListenerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.DescribeListeners': %w\", err)\n\t} else if len(describeListenerResp.Listeners) == 0 {\n\t\treturn fmt.Errorf(\"could not find listener '%s'\", cloudListenerId)\n\t}\n\n\t// 跳过已部署过的监听器\n\tlistenerInfo := describeListenerResp.Listeners[0]\n\tif d.config.Domain == \"\" {\n\t\tif lo.ContainsBy(listenerInfo.Certificates, func(item ulb.Certificate) bool { return item.SSLId == cloudCertId && item.IsDefault }) {\n\t\t\treturn nil\n\t\t}\n\t} else {\n\t\tif lo.ContainsBy(listenerInfo.Certificates, func(item ulb.Certificate) bool { return item.SSLId == cloudCertId && !item.IsDefault }) {\n\t\t\treturn nil\n\t\t}\n\t}\n\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\n\t\tupdateListenerAttributeReq := d.sdkClient.NewUpdateListenerAttributeRequest()\n\t\tupdateListenerAttributeReq.LoadBalancerId = ucloud.String(cloudLoadbalancerId)\n\t\tupdateListenerAttributeReq.ListenerId = ucloud.String(cloudListenerId)\n\t\tupdateListenerAttributeReq.Certificates = []string{cloudCertId}\n\t\tupdateListenerResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)\n\t\td.logger.Debug(\"sdk request 'ulb.UpdateListenerAttribute'\", slog.Any(\"request\", updateListenerAttributeReq), slog.Any(\"response\", updateListenerResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.UpdateListenerAttribute': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展域名\n\n\t\t// 新增监听器扩展证书\n\t\t// REF: https://docs.ucloud.cn/api/ulb-api/add_ssl_binding_json\n\t\taddSSLBindingReq := d.sdkClient.NewAddSSLBindingRequest()\n\t\taddSSLBindingReq.LoadBalancerId = ucloud.String(cloudLoadbalancerId)\n\t\taddSSLBindingReq.ListenerId = ucloud.String(cloudListenerId)\n\t\taddSSLBindingReq.SSLIds = []string{cloudCertId}\n\t\taddSSLBindingResp, err := d.sdkClient.AddSSLBinding(addSSLBindingReq)\n\t\td.logger.Debug(\"sdk request 'ulb.AddSSLBinding'\", slog.Any(\"request\", addSSLBindingReq), slog.Any(\"response\", addSSLBindingResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.AddSSLBinding': %w\", err)\n\t\t}\n\n\t\t// 找出需要删除绑定的扩展证书\n\t\t// REF: https://docs.ucloud.cn/api/ulb-api/describe_sslv2\n\t\tsslIdsToDelete := make([]string, 0)\n\t\tfor _, certItem := range listenerInfo.Certificates {\n\t\t\tif certItem.IsDefault {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdescribeSSLV2Req := d.sdkClient.NewDescribeSSLV2Request()\n\t\t\tdescribeSSLV2Req.SSLId = ucloud.String(certItem.SSLId)\n\t\t\tdescribeSSLV2Req.Limit = ucloud.Int(1)\n\t\t\tdescribeSSLV2Resp, err := d.sdkClient.DescribeSSLV2(describeSSLV2Req)\n\t\t\td.logger.Debug(\"sdk request 'ulb.DescribeSSLV2'\", slog.Any(\"request\", describeSSLV2Req), slog.Any(\"response\", describeSSLV2Resp))\n\t\t\tif err != nil {\n\t\t\t\tcontinue\n\t\t\t} else if len(describeSSLV2Resp.DataSet) == 0 {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tsslItem := describeSSLV2Resp.DataSet[0]\n\t\t\tif sslItem.NotAfter != 0 && int64(sslItem.NotAfter) < time.Now().Unix() {\n\t\t\t\tsslIdsToDelete = append(sslIdsToDelete, sslItem.SSLId) // 过期证书需要删除\n\t\t\t\tcontinue\n\t\t\t} else if sslItem.Domains == d.config.Domain {\n\t\t\t\tsslIdsToDelete = append(sslIdsToDelete, sslItem.SSLId) // 同域名证书需要删除\n\t\t\t\tcontinue\n\t\t\t}\n\t\t}\n\n\t\t// 删除监听器绑定的扩展证书\n\t\t// REF: https://docs.ucloud.cn/api/ulb-api/delete_ssl_binding_json\n\t\tif len(sslIdsToDelete) > 0 {\n\t\t\tdeleteSSLBindingReq := d.sdkClient.NewDeleteSSLBindingRequest()\n\t\t\tdeleteSSLBindingReq.LoadBalancerId = ucloud.String(cloudLoadbalancerId)\n\t\t\tdeleteSSLBindingReq.ListenerId = ucloud.String(cloudListenerId)\n\t\t\tdeleteSSLBindingReq.SSLIds = sslIdsToDelete\n\t\t\tdeleteSSLBindingResp, err := d.sdkClient.DeleteSSLBinding(deleteSSLBindingReq)\n\t\t\td.logger.Debug(\"sdk request 'ulb.DeleteSSLBinding'\", slog.Any(\"request\", deleteSSLBindingReq), slog.Any(\"response\", deleteSSLBindingResp))\n\t\t\tif err != nil {\n\t\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.DeleteSSLBinding': %w\", err)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId, region string) (*ucloudsdk.ULBClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\tcfg.Region = region\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-ualb/ucloud_ualb_test.go",
"content": "package ucloudualb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-ualb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n\tfRegion string\n\tfLoadbalancerId string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUALB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_ualb_test.go -args \\\n\t--UCLOUDUALB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUALB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUALB_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUALB_PUBLICKEY=\"your-public-key\" \\\n\t--UCLOUDUALB_REGION=\"cn-bj2\" \\\n\t--UCLOUDUALB_LOADBALANCERID=\"your-loadbalancer-id\" \\\n\t--UCLOUDUALB_LISTENERID=\"your-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-ucdn/ucloud_ucdn.go",
"content": "package uclouducdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-ussl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/ucdn\"\n)\n\ntype DeployerConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n\t// 加速域名 ID。\n\tDomainId string `json:\"domainId\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.UCDNClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tPrivateKey: config.PrivateKey,\n\t\tPublicKey: config.PublicKey,\n\t\tProjectId: config.ProjectId,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.DomainId == \"\" {\n\t\treturn nil, errors.New(\"config `domainId` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取加速域名配置\n\t// REF: https://docs.ucloud.cn/api/ucdn-api/get_ucdn_domain_config\n\tgetUcdnDomainConfigReq := d.sdkClient.NewGetUcdnDomainConfigRequest()\n\tgetUcdnDomainConfigReq.DomainId = []string{d.config.DomainId}\n\tgetUcdnDomainConfigResp, err := d.sdkClient.GetUcdnDomainConfig(getUcdnDomainConfigReq)\n\td.logger.Debug(\"sdk request 'ucdn.GetUcdnDomainConfig'\", slog.Any(\"request\", getUcdnDomainConfigReq), slog.Any(\"response\", getUcdnDomainConfigResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ucdn.GetUcdnDomainConfig': %w\", err)\n\t} else if len(getUcdnDomainConfigResp.DomainList) == 0 {\n\t\treturn nil, fmt.Errorf(\"could not find domain '%s'\", d.config.DomainId)\n\t}\n\n\t// 更新 HTTPS 加速配置\n\t// REF: https://docs.ucloud.cn/api/ucdn-api/update_ucdn_domain_https_config_v2\n\tcertId, _ := strconv.Atoi(upres.CertId)\n\tupdateUcdnDomainHttpsConfigV2Req := d.sdkClient.NewUpdateUcdnDomainHttpsConfigV2Request()\n\tupdateUcdnDomainHttpsConfigV2Req.DomainId = ucloud.String(d.config.DomainId)\n\tupdateUcdnDomainHttpsConfigV2Req.HttpsStatusCn = ucloud.String(getUcdnDomainConfigResp.DomainList[0].HttpsStatusCn)\n\tupdateUcdnDomainHttpsConfigV2Req.HttpsStatusAbroad = ucloud.String(getUcdnDomainConfigResp.DomainList[0].HttpsStatusAbroad)\n\tupdateUcdnDomainHttpsConfigV2Req.HttpsStatusAbroad = ucloud.String(getUcdnDomainConfigResp.DomainList[0].HttpsStatusAbroad)\n\tupdateUcdnDomainHttpsConfigV2Req.CertId = ucloud.Int(certId)\n\tupdateUcdnDomainHttpsConfigV2Req.CertName = ucloud.String(upres.CertName)\n\tupdateUcdnDomainHttpsConfigV2Req.CertType = ucloud.String(\"ussl\")\n\tupdateUcdnDomainHttpsConfigV2Resp, err := d.sdkClient.UpdateUcdnDomainHttpsConfigV2(updateUcdnDomainHttpsConfigV2Req)\n\td.logger.Debug(\"sdk request 'ucdn.UpdateUcdnDomainHttpsConfigV2'\", slog.Any(\"request\", updateUcdnDomainHttpsConfigV2Req), slog.Any(\"response\", updateUcdnDomainHttpsConfigV2Resp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'ucdn.UpdateUcdnDomainHttpsConfigV2': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId string) (*ucloudsdk.UCDNClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-ucdn/ucloud_ucdn_test.go",
"content": "package uclouducdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-ucdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n\tfDomainId string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n\tflag.StringVar(&fDomainId, argsPrefix+\"DOMAINID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_ucdn_test.go -args \\\n\t--UCLOUDUCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUCDN_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUCDN_PUBLICKEY=\"your-public-key\" \\\n\t--UCLOUDUCDN_DOMAINID=\"your-domain-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomainId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t\tDomainId: fDomainId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-uclb/consts.go",
"content": "package uclouduclb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定 VServer。\n\tRESOURCE_TYPE_VSERVER = \"vserver\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-uclb/ucloud_uclb.go",
"content": "package uclouduclb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"sync\"\n\n\t\"github.com/samber/lo\"\n\t\"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-ulb\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/ulb\"\n)\n\ntype DeployerConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n\t// 优刻得地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_VSERVER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡 VServer ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_VSERVER] 时必填。\n\tVServerId string `json:\"vserverId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.ULBClient\n\tsdkCertmgr certmgr.Provider\n\n\tsslId2PemMap map[string]string\n\tsslId2PemMapMu sync.Mutex\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tPrivateKey: config.PrivateKey,\n\t\tPublicKey: config.PublicKey,\n\t\tProjectId: config.ProjectId,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\n\t\tsslId2PemMap: make(map[string]string),\n\t\tsslId2PemMapMu: sync.Mutex{},\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\n\t\td.sslId2PemMapMu.Lock()\n\t\td.sslId2PemMap[upres.CertId] = certPEM\n\t\td.sslId2PemMapMu.Unlock()\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_VSERVER:\n\t\tif err := d.deployToVServer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 获取 CLB 下的 HTTPS VServer 列表\n\t// REF: https://docs.ucloud.cn/api/ulb-api/describe_vserver\n\tvserverIds := make([]string, 0)\n\tdescribeVServerOffset := 0\n\tdescribeVServerLimit := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeVServerReq := d.sdkClient.NewDescribeVServerRequest()\n\t\tdescribeVServerReq.ULBId = ucloud.String(d.config.LoadbalancerId)\n\t\tdescribeVServerReq.Offset = ucloud.Int(describeVServerOffset)\n\t\tdescribeVServerReq.Limit = ucloud.Int(describeVServerLimit)\n\t\tdescribeVServerResp, err := d.sdkClient.DescribeVServer(describeVServerReq)\n\t\td.logger.Debug(\"sdk request 'ulb.DescribeVServer'\", slog.Any(\"request\", describeVServerReq), slog.Any(\"response\", describeVServerResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.DescribeVServer': %w\", err)\n\t\t}\n\n\t\tfor _, vserverItem := range describeVServerResp.DataSet {\n\t\t\tif vserverItem.Protocol == \"HTTPS\" {\n\t\t\t\tvserverIds = append(vserverIds, vserverItem.VServerId)\n\t\t\t}\n\t\t}\n\n\t\tif len(describeVServerResp.DataSet) < describeVServerLimit {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeVServerOffset += describeVServerLimit\n\t}\n\n\t// 遍历更新 VServer 证书\n\tif len(vserverIds) == 0 {\n\t\td.logger.Info(\"no clb vservers to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https vservers to deploy\", slog.Any(\"vserverIds\", vserverIds))\n\t\tvar errs []error\n\n\t\tfor _, vserverId := range vserverIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateVServerCertificate(ctx, d.config.LoadbalancerId, vserverId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToVServer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\tif d.config.VServerId == \"\" {\n\t\treturn errors.New(\"config `vserverId` is required\")\n\t}\n\n\tif err := d.updateVServerCertificate(ctx, d.config.LoadbalancerId, d.config.VServerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateVServerCertificate(ctx context.Context, cloudLoadbalancerId, cloudVServerId string, cloudCertId string) error {\n\t// 获取 CLB 下的 VServer 信息\n\t// REF: https://docs.ucloud.cn/api/ulb-api/describe_vserver\n\tdescribeVServerReq := d.sdkClient.NewDescribeVServerRequest()\n\tdescribeVServerReq.ULBId = ucloud.String(cloudLoadbalancerId)\n\tdescribeVServerReq.VServerId = ucloud.String(cloudVServerId)\n\tdescribeVServerReq.Limit = ucloud.Int(1)\n\tdescribeVServerResp, err := d.sdkClient.DescribeVServer(describeVServerReq)\n\td.logger.Debug(\"sdk request 'ulb.DescribeVServer'\", slog.Any(\"request\", describeVServerReq), slog.Any(\"response\", describeVServerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.DescribeVServer': %w\", err)\n\t} else if len(describeVServerResp.DataSet) == 0 {\n\t\treturn fmt.Errorf(\"could not find vserver '%s'\", cloudVServerId)\n\t}\n\n\t// 跳过已部署过的 VServer\n\tvserverInfo := describeVServerResp.DataSet[0]\n\tif lo.ContainsBy(vserverInfo.SSLSet, func(item ulb.ULBSSLSet) bool { return item.SSLId == cloudCertId }) {\n\t\treturn nil\n\t}\n\n\t// 解绑 SSL 证书\n\t// REF: https://docs.ucloud.cn/api/ulb-api/unbind_ssl\n\t//\n\t// 注意,虽然文档中描述为数组结构,但实际 VServer 最多只允许绑定一个证书,因此需要先解绑旧证书才能绑定新证书\n\t// https://github.com/certimate-go/certimate/issues/1224\n\tfor _, sslItem := range vserverInfo.SSLSet {\n\t\tunbindSSLReq := d.sdkClient.NewUnbindSSLRequest()\n\t\tunbindSSLReq.ULBId = ucloud.String(cloudLoadbalancerId)\n\t\tunbindSSLReq.VServerId = ucloud.String(cloudVServerId)\n\t\tunbindSSLReq.SSLId = ucloud.String(sslItem.SSLId)\n\t\tunbindSSLResp, err := d.sdkClient.UnbindSSL(unbindSSLReq)\n\t\td.logger.Debug(\"sdk request 'ulb.UnbindSSL'\", slog.Any(\"request\", unbindSSLReq), slog.Any(\"response\", unbindSSLResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.UnbindSSL': %w\", err)\n\t\t}\n\t}\n\n\t// 绑定 SSL 证书\n\t// REF: https://docs.ucloud.cn/api/ulb-api/bind_ssl\n\tbindSSLReq := d.sdkClient.NewBindSSLRequest()\n\tbindSSLReq.ULBId = ucloud.String(cloudLoadbalancerId)\n\tbindSSLReq.VServerId = ucloud.String(cloudVServerId)\n\tbindSSLReq.SSLId = ucloud.String(cloudCertId)\n\tbindSSLResp, err := d.sdkClient.BindSSL(bindSSLReq)\n\td.logger.Debug(\"sdk request 'ulb.BindSSL'\", slog.Any(\"request\", bindSSLReq), slog.Any(\"response\", bindSSLResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'ulb.BindSSL': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId, region string) (*ucloudsdk.ULBClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\tcfg.Region = region\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-uclb/ucloud_uclb_test.go",
"content": "package uclouduclb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-uclb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n\tfRegion string\n\tfLoadbalancerId string\n\tfVServerId string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUCLB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fLoadbalancerId, argsPrefix+\"LOADBALANCERID\", \"\", \"\")\n\tflag.StringVar(&fVServerId, argsPrefix+\"VSERVERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_uclb_test.go -args \\\n\t--UCLOUDUCLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUCLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUCLB_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUCLB_PUBLICKEY=\"your-public-key\" \\\n\t--UCLOUDUCLB_REGION=\"cn-bj2\" \\\n\t--UCLOUDUCLB_LOADBALANCERID=\"your-loadbalancer-id\" \\\n\t--UCLOUDUCLB_VSERVERID=\"your-vserver-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LOADBALANCERID: %v\", fLoadbalancerId),\n\t\t\tfmt.Sprintf(\"VSERVERID: %v\", fVServerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_VSERVER,\n\t\t\tLoadbalancerId: fLoadbalancerId,\n\t\t\tVServerId: fVServerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-uewaf/ucloud_uewaf.go",
"content": "package uclouduewaf\n\nimport (\n\t\"context\"\n\t\"crypto/md5\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"time\"\n\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/uewaf\"\n)\n\ntype DeployerConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.UEWAFClient\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 生成优刻得所需的证书参数\n\tcertPEMBase64 := base64.StdEncoding.EncodeToString([]byte(certPEM))\n\tprivkeyPEMBase64 := base64.StdEncoding.EncodeToString([]byte(privkeyPEM))\n\tcertMd5 := md5.Sum([]byte(certPEMBase64 + privkeyPEMBase64))\n\tcertMd5Hex := hex.EncodeToString(certMd5[:])\n\tcertName := fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())\n\n\t// 添加 SSL 证书\n\t// REF: https://docs.ucloud.cn/api/uewaf-api/add_waf_domain_certificate_info\n\taddWafDomainCertificateInfoReq := d.sdkClient.NewAddWafDomainCertificateInfoRequest()\n\taddWafDomainCertificateInfoReq.Domain = ucloud.String(d.config.Domain)\n\taddWafDomainCertificateInfoReq.CertificateName = ucloud.String(certName)\n\taddWafDomainCertificateInfoReq.SslPublicKey = ucloud.String(certPEMBase64)\n\taddWafDomainCertificateInfoReq.SslPrivateKey = ucloud.String(privkeyPEMBase64)\n\taddWafDomainCertificateInfoReq.SslMD = ucloud.String(certMd5Hex)\n\taddWafDomainCertificateInfoResp, err := d.sdkClient.AddWafDomainCertificateInfo(addWafDomainCertificateInfoReq)\n\td.logger.Debug(\"sdk request 'uewaf.AddWafDomainCertificateInfo'\", slog.Any(\"request\", addWafDomainCertificateInfoReq), slog.Any(\"response\", addWafDomainCertificateInfoResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'uewaf.AddWafDomainCertificateInfo': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId string) (*ucloudsdk.UEWAFClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-uewaf/ucloud_uewaf_test.go",
"content": "package uclouduewaf_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-uewaf\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUEWAF_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_uewaf_test.go -args \\\n\t--UCLOUDUEWAF_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUEWAF_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUEWAF_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUEWAF_PUBLICKEY=\"your-public-key\" \\\n\t--UCLOUDUEWAF_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-upathx/ucloud_upathx.go",
"content": "package ucloudupathx\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/ucloud/ucloud-sdk-go/services/uaccount\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-upathx\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/upathx\"\n)\n\ntype DeployerConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n\t// 加速器实例 ID。\n\tAcceleratorId string `json:\"acceleratorId\"`\n\t// 加速器监听端口。\n\tListenerPort int32 `json:\"listenerPort\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.UPathXClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tPrivateKey: config.PrivateKey,\n\t\tPublicKey: config.PublicKey,\n\t\tProjectId: config.ProjectId,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.AcceleratorId == \"\" {\n\t\treturn nil, errors.New(\"config `acceleratorId` is required\")\n\t}\n\tif d.config.ListenerPort == 0 {\n\t\treturn nil, errors.New(\"config `listenerPort` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 绑定 PathX SSL 证书\n\t// REF: https://docs.ucloud.cn/api/pathx-api/bind_path_xssl\n\tbindPathXSSLReq := d.sdkClient.NewBindPathXSSLRequest()\n\tbindPathXSSLReq.UGAId = ucloud.String(d.config.AcceleratorId)\n\tbindPathXSSLReq.Port = []int{int(d.config.ListenerPort)}\n\tbindPathXSSLReq.SSLId = ucloud.String(upres.CertId)\n\tbindPathXSSLResp, err := d.sdkClient.BindPathXSSL(bindPathXSSLReq)\n\td.logger.Debug(\"sdk request 'pathx.BindPathXSSL'\", slog.Any(\"request\", bindPathXSSLReq), slog.Any(\"response\", bindPathXSSLResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'pathx.BindPathXSSL': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId string) (*ucloudsdk.UPathXClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\n\t// PathX 相关接口要求必传 ProjectId 参数\n\tif cfg.ProjectId == \"\" {\n\t\tdefaultProjectId, err := getSDKDefaultProjectId(privateKey, publicKey)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\tcfg.ProjectId = defaultProjectId\n\t}\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n\nfunc getSDKDefaultProjectId(privateKey, publicKey string) (string, error) {\n\tcfg := ucloud.NewConfig()\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := uaccount.NewClient(&cfg, &credential)\n\n\trequest := client.NewGetProjectListRequest()\n\tresponse, err := client.GetProjectList(request)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tfor _, projectItem := range response.ProjectSet {\n\t\tif projectItem.IsDefault {\n\t\t\treturn projectItem.ProjectId, nil\n\t\t}\n\t}\n\n\treturn \"\", errors.New(\"ucloud: no default project found\")\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-upathx/ucloud_upathx_test.go",
"content": "package ucloudupathx_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-upathx\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n\tfRegion string\n\tfAcceleratorId string\n\tfListenerPort int\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUPATHX_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fAcceleratorId, argsPrefix+\"ACCELERATORID\", \"\", \"\")\n\tflag.IntVar(&fListenerPort, argsPrefix+\"LISTENERPORT\", 443, \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_upathx_test.go -args \\\n\t--UCLOUDUPATHX_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUPATHX_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUPATHX_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUPATHX_PUBLICKEY=\"your-public-key\" \\\n\t--UCLOUDUPATHX_ACCELERATORID=\"your-uga-id\" \\\n\t--UCLOUDUPATHX_ACCELERATORPORT=\"443\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t\tfmt.Sprintf(\"ACCELERATORID: %v\", fAcceleratorId),\n\t\t\tfmt.Sprintf(\"LISTENERPORT: %v\", fListenerPort),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t\tAcceleratorId: fAcceleratorId,\n\t\t\tListenerPort: int32(fListenerPort),\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-us3/ucloud_us3.go",
"content": "package ucloudus3\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/ucloud-ussl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tucloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/ucloud/ufile\"\n)\n\ntype DeployerConfig struct {\n\t// 优刻得 API 私钥。\n\tPrivateKey string `json:\"privateKey\"`\n\t// 优刻得 API 公钥。\n\tPublicKey string `json:\"publicKey\"`\n\t// 优刻得项目 ID。\n\tProjectId string `json:\"projectId,omitempty\"`\n\t// 优刻得地域。\n\tRegion string `json:\"region\"`\n\t// 存储桶名。\n\tBucket string `json:\"bucket\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *ucloudsdk.UFileClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.PrivateKey, config.PublicKey, config.ProjectId, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tPrivateKey: config.PrivateKey,\n\t\tPublicKey: config.PublicKey,\n\t\tProjectId: config.ProjectId,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Bucket == \"\" {\n\t\treturn nil, errors.New(\"config `bucket` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 添加 SSL 证书\n\t// REF: https://docs.ucloud.cn/api/ufile-api/add_ufile_ssl_cert\n\taddUFileSSLCertReq := d.sdkClient.NewAddUFileSSLCertRequest()\n\taddUFileSSLCertReq.BucketName = ucloud.String(d.config.Bucket)\n\taddUFileSSLCertReq.Domain = ucloud.String(d.config.Domain)\n\taddUFileSSLCertReq.USSLId = ucloud.String(upres.CertId)\n\taddUFileSSLCertReq.CertificateName = ucloud.String(upres.CertName)\n\taddUFileSSLCertResp, err := d.sdkClient.AddUFileSSLCert(addUFileSSLCertReq)\n\td.logger.Debug(\"sdk request 'us3.AddUFileSSLCert'\", slog.Any(\"request\", addUFileSSLCertReq), slog.Any(\"response\", addUFileSSLCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'us3.AddUFileSSLCert': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(privateKey, publicKey, projectId, region string) (*ucloudsdk.UFileClient, error) {\n\tif privateKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid private key\")\n\t}\n\tif publicKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"ucloud: invalid public key\")\n\t}\n\n\tcfg := ucloud.NewConfig()\n\tcfg.ProjectId = projectId\n\tcfg.Region = region\n\n\tcredential := auth.NewCredential()\n\tcredential.PrivateKey = privateKey\n\tcredential.PublicKey = publicKey\n\n\tclient := ucloudsdk.NewClient(&cfg, &credential)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/ucloud-us3/ucloud_us3_test.go",
"content": "package ucloudus3_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/ucloud-us3\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfPrivateKey string\n\tfPublicKey string\n\tfRegion string\n\tfBucket string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"UCLOUDUS3_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fPrivateKey, argsPrefix+\"PRIVATEKEY\", \"\", \"\")\n\tflag.StringVar(&fPublicKey, argsPrefix+\"PUBLICKEY\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fBucket, argsPrefix+\"BUCKET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./ucloud_us3_test.go -args \\\n\t--UCLOUDUS3_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UCLOUDUS3_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UCLOUDUS3_PRIVATEKEY=\"your-private-key\" \\\n\t--UCLOUDUS3_PUBLICKEY=\"your-public-key\" \\\n\t--UCLOUDUS3_REGION=\"cn-bj2\" \\\n\t--UCLOUDUS3_BUCKET=\"your-us3-bucket\" \\\n\t--UCLOUDUS3_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"PRIVATEKEY: %v\", fPrivateKey),\n\t\t\tfmt.Sprintf(\"PUBLICKEY: %v\", fPublicKey),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"BUCKET: %v\", fBucket),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tPrivateKey: fPrivateKey,\n\t\t\tPublicKey: fPublicKey,\n\t\t\tRegion: fRegion,\n\t\t\tBucket: fBucket,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/unicloud-webhost/unicloud_webhost.go",
"content": "package unicloudwebhost\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/url\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tunicloudsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/dcloud/unicloud\"\n)\n\ntype DeployerConfig struct {\n\t// uniCloud 控制台账号。\n\tUsername string `json:\"username\"`\n\t// uniCloud 控制台密码。\n\tPassword string `json:\"password\"`\n\t// 服务空间提供商。\n\t// 可取值 \"aliyun\"、\"tencent\"。\n\tSpaceProvider string `json:\"spaceProvider\"`\n\t// 服务空间 ID。\n\tSpaceId string `json:\"spaceId\"`\n\t// 托管网站域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *unicloudsdk.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.Username, config.Password)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.SpaceProvider == \"\" {\n\t\treturn nil, errors.New(\"config `spaceProvider` is required\")\n\t}\n\tif d.config.SpaceId == \"\" {\n\t\treturn nil, errors.New(\"config `spaceId` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 变更网站证书\n\tcreateDomainWithCertReq := &unicloudsdk.CreateDomainWithCertRequest{\n\t\tProvider: d.config.SpaceProvider,\n\t\tSpaceId: d.config.SpaceId,\n\t\tDomain: d.config.Domain,\n\t\tCert: url.QueryEscape(certPEM),\n\t\tKey: url.QueryEscape(privkeyPEM),\n\t}\n\tcreateDomainWithCertResp, err := d.sdkClient.CreateDomainWithCert(createDomainWithCertReq)\n\td.logger.Debug(\"sdk request 'unicloud.host.CreateDomainWithCert'\", slog.Any(\"request\", createDomainWithCertReq), slog.Any(\"response\", createDomainWithCertResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'unicloud.host.CreateDomainWithCert': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(username, password string) (*unicloudsdk.Client, error) {\n\treturn unicloudsdk.NewClient(username, password)\n}\n"
},
{
"path": "pkg/core/deployer/providers/unicloud-webhost/unicloud_webhost_test.go",
"content": "package unicloudwebhost_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/unicloud-webhost\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfUsername string\n\tfPassword string\n\tfSpaceProvider string\n\tfSpaceId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"UNICLOUDWEBHOST_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n\tflag.StringVar(&fSpaceProvider, argsPrefix+\"SPACEPROVIDER\", \"\", \"\")\n\tflag.StringVar(&fSpaceId, argsPrefix+\"SPACEID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./unicloud_webhost_test.go -args \\\n\t--UNICLOUDWEBHOST_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UNICLOUDWEBHOST_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UNICLOUDWEBHOST_USERNAME=\"your-username\" \\\n\t--UNICLOUDWEBHOST_PASSWORD=\"your-password\" \\\n\t--UNICLOUDWEBHOST_SPACEPROVIDER=\"aliyun/tencent\" \\\n\t--UNICLOUDWEBHOST_SPACEID=\"your-space-id\" \\\n\t--UNICLOUDWEBHOST_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"SPACEPROVIDER: %v\", fSpaceProvider),\n\t\t\tfmt.Sprintf(\"SPACEID: %v\", fSpaceId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tSpaceProvider: fSpaceProvider,\n\t\t\tSpaceId: fSpaceId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/upyun-cdn/consts.go",
"content": "package upyuncdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/upyun-cdn/upyun_cdn.go",
"content": "package upyuncdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/upyun-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tupyunsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/upyun/console\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 又拍云账号用户名。\n\tUsername string `json:\"username\"`\n\t// 又拍云账号密码。\n\tPassword string `json:\"password\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *upyunsdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.Username, config.Password)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tUsername: config.Username,\n\t\tPassword: config.Password,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tvar domains []string\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 获取服务列表\n\tgetBucketsPage := 1\n\tgetBucketsPerPage := 10\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tgetBucketsReq := &upyunsdk.GetBucketsRequest{\n\t\t\tType: \"ucdn\",\n\t\t\tTag: \"all\",\n\t\t\tStatus: \"all\",\n\t\t\tIsSecurityCDN: false,\n\t\t\tWithDomains: true,\n\t\t\tPage: int32(getBucketsPage),\n\t\t\tPerPage: int32(getBucketsPerPage),\n\t\t}\n\t\tgetBucketsResp, err := d.sdkClient.GetBucketsWithContext(ctx, getBucketsReq)\n\t\td.logger.Debug(\"sdk request 'console.GetBuckets'\", slog.Any(\"request\", getBucketsReq), slog.Any(\"response\", getBucketsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'console.GetBuckets': %w\", err)\n\t\t}\n\n\t\tif getBucketsResp.Data == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, bucketItem := range getBucketsResp.Data.Buckets {\n\t\t\tif !bucketItem.Visible {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tfor _, domainItem := range bucketItem.Domains {\n\t\t\t\tif strings.EqualFold(domainItem.Status, \"NORMAL\") && !strings.HasSuffix(domainItem.Domain, \".test.upcdn.net\") {\n\t\t\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(getBucketsResp.Data.Buckets) < getBucketsPerPage {\n\t\t\tbreak\n\t\t}\n\n\t\tgetBucketsPage++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 获取域名证书配置\n\tgetHttpsServiceManagerResp, err := d.sdkClient.GetHttpsServiceManagerWithContext(ctx, domain)\n\td.logger.Debug(\"sdk request 'console.GetHttpsServiceManager'\", slog.String(\"request.domain\", domain), slog.Any(\"response\", getHttpsServiceManagerResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'console.GetHttpsServiceManager': %w\", err)\n\t}\n\n\t// 判断域名是否已启用 HTTPS\n\t// 如果已启用,迁移域名证书;否则,设置新证书\n\t_, lastCertIndex, _ := lo.FindIndexOf(getHttpsServiceManagerResp.Data.Domains, func(item upyunsdk.HttpsServiceManagerDomain) bool {\n\t\treturn item.Https\n\t})\n\tif lastCertIndex == -1 {\n\t\tupdateHttpsCertificateManagerReq := &upyunsdk.UpdateHttpsCertificateManagerRequest{\n\t\t\tCertificateId: cloudCertId,\n\t\t\tDomain: domain,\n\t\t\tHttps: true,\n\t\t\tForceHttps: true,\n\t\t}\n\t\tupdateHttpsCertificateManagerResp, err := d.sdkClient.UpdateHttpsCertificateManagerWithContext(ctx, updateHttpsCertificateManagerReq)\n\t\td.logger.Debug(\"sdk request 'console.EnableDomainHttps'\", slog.Any(\"request\", updateHttpsCertificateManagerReq), slog.Any(\"response\", updateHttpsCertificateManagerResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'console.UpdateHttpsCertificateManager': %w\", err)\n\t\t}\n\t} else if getHttpsServiceManagerResp.Data.Domains[lastCertIndex].CertificateId != cloudCertId {\n\t\tmigrateHttpsDomainReq := &upyunsdk.MigrateHttpsDomainRequest{\n\t\t\tCertificateId: cloudCertId,\n\t\t\tDomain: domain,\n\t\t}\n\t\tmigrateHttpsDomainResp, err := d.sdkClient.MigrateHttpsDomainWithContext(ctx, migrateHttpsDomainReq)\n\t\td.logger.Debug(\"sdk request 'console.MigrateHttpsDomain'\", slog.Any(\"request\", migrateHttpsDomainReq), slog.Any(\"response\", migrateHttpsDomainResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'console.MigrateHttpsDomain': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(username, password string) (*upyunsdk.Client, error) {\n\treturn upyunsdk.NewClient(username, password)\n}\n"
},
{
"path": "pkg/core/deployer/providers/upyun-cdn/upyun_cdn_test.go",
"content": "package upyuncdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/upyun-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfUsername string\n\tfPassword string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"UPYUNCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./upyun_cdn_test.go -args \\\n\t--UPYUNCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UPYUNCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UPYUNCDN_USERNAME=\"your-username\" \\\n\t--UPYUNCDN_PASSWORD=\"your-password\" \\\n\t--UPYUNCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/upyun-file/upyun_file.go",
"content": "package upyunfile\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/upyun-ssl\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\tupyunsdk \"github.com/certimate-go/certimate/pkg/sdk3rd/upyun/console\"\n)\n\ntype DeployerConfig struct {\n\t// 又拍云账号用户名。\n\tUsername string `json:\"username\"`\n\t// 又拍云账号密码。\n\tPassword string `json:\"password\"`\n\t// 存储桶名。暂时无用。\n\tBucket string `json:\"bucket\"`\n\t// 自定义域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *upyunsdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.Username, config.Password)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tUsername: config.Username,\n\t\tPassword: config.Password,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取域名证书配置\n\tgetHttpsServiceManagerResp, err := d.sdkClient.GetHttpsServiceManagerWithContext(ctx, d.config.Domain)\n\td.logger.Debug(\"sdk request 'console.GetHttpsServiceManager'\", slog.String(\"request.domain\", d.config.Domain), slog.Any(\"response\", getHttpsServiceManagerResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'console.GetHttpsServiceManager': %w\", err)\n\t}\n\n\t// 判断域名是否已启用 HTTPS\n\t// 如果已启用,迁移域名证书;否则,设置新证书\n\t_, lastCertIndex, _ := lo.FindIndexOf(getHttpsServiceManagerResp.Data.Domains, func(item upyunsdk.HttpsServiceManagerDomain) bool {\n\t\treturn item.Https\n\t})\n\tif lastCertIndex == -1 {\n\t\tupdateHttpsCertificateManagerReq := &upyunsdk.UpdateHttpsCertificateManagerRequest{\n\t\t\tCertificateId: upres.CertId,\n\t\t\tDomain: d.config.Domain,\n\t\t\tHttps: true,\n\t\t\tForceHttps: true,\n\t\t}\n\t\tupdateHttpsCertificateManagerResp, err := d.sdkClient.UpdateHttpsCertificateManagerWithContext(ctx, updateHttpsCertificateManagerReq)\n\t\td.logger.Debug(\"sdk request 'console.EnableDomainHttps'\", slog.Any(\"request\", updateHttpsCertificateManagerReq), slog.Any(\"response\", updateHttpsCertificateManagerResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'console.UpdateHttpsCertificateManager': %w\", err)\n\t\t}\n\t} else if getHttpsServiceManagerResp.Data.Domains[lastCertIndex].CertificateId != upres.CertId {\n\t\tmigrateHttpsDomainReq := &upyunsdk.MigrateHttpsDomainRequest{\n\t\t\tCertificateId: upres.CertId,\n\t\t\tDomain: d.config.Domain,\n\t\t}\n\t\tmigrateHttpsDomainResp, err := d.sdkClient.MigrateHttpsDomainWithContext(ctx, migrateHttpsDomainReq)\n\t\td.logger.Debug(\"sdk request 'console.MigrateHttpsDomain'\", slog.Any(\"request\", migrateHttpsDomainReq), slog.Any(\"response\", migrateHttpsDomainResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'console.MigrateHttpsDomain': %w\", err)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(username, password string) (*upyunsdk.Client, error) {\n\treturn upyunsdk.NewClient(username, password)\n}\n"
},
{
"path": "pkg/core/deployer/providers/upyun-file/upyun_file_test.go",
"content": "package upyunfile_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/upyun-file\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfUsername string\n\tfPassword string\n\tfBucket string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"UPYUNFILE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n\tflag.StringVar(&fBucket, argsPrefix+\"BUCKET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./upyun_file_test.go -args \\\n\t--UPYUNFILE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--UPYUNFILE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--UPYUNFILE_USERNAME=\"your-username\" \\\n\t--UPYUNFILE_PASSWORD=\"your-password\" \\\n\t--UPYUNFILE_BUCKET=\"your-bucket\" \\\n\t--UPYUNFILE_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"BUCKET: %v\", fBucket),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tBucket: fBucket,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-alb/consts.go",
"content": "package volcenginealb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-alb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"github.com/volcengine/volcengine-go-sdk/service/alb\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/request\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery\"\n)\n\n// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/alb/service_alb.go\n// to lightweight the vendor packages in the built binary.\ntype AlbClient struct {\n\t*client.Client\n}\n\nfunc NewAlbClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *AlbClient {\n\tc := p.ClientConfig(alb.EndpointsID, cfgs...)\n\treturn newAlbClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)\n}\n\nfunc newAlbClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *AlbClient {\n\tsvc := &AlbClient{\n\t\tClient: client.New(\n\t\t\tcfg,\n\t\t\tmetadata.ClientInfo{\n\t\t\t\tServiceName: alb.ServiceName,\n\t\t\t\tServiceID: alb.ServiceID,\n\t\t\t\tSigningName: signingName,\n\t\t\t\tSigningRegion: signingRegion,\n\t\t\t\tEndpoint: endpoint,\n\t\t\t\tAPIVersion: \"2020-04-01\",\n\t\t\t},\n\t\t\thandlers,\n\t\t),\n\t}\n\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)\n\tsvc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)\n\tsvc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)\n\tsvc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)\n\tsvc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)\n\tsvc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)\n\n\treturn svc\n}\n\nfunc (c *AlbClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {\n\treq := c.NewRequest(op, params, data)\n\n\treturn req\n}\n\nfunc (c *AlbClient) DescribeListenerAttributes(input *alb.DescribeListenerAttributesInput) (*alb.DescribeListenerAttributesOutput, error) {\n\treq, out := c.DescribeListenerAttributesRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *AlbClient) DescribeListenerAttributesRequest(input *alb.DescribeListenerAttributesInput) (req *request.Request, output *alb.DescribeListenerAttributesOutput) {\n\top := &request.Operation{\n\t\tName: \"DescribeListenerAttributes\",\n\t\tHTTPMethod: \"GET\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &alb.DescribeListenerAttributesInput{}\n\t}\n\n\toutput = &alb.DescribeListenerAttributesOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treturn\n}\n\nfunc (c *AlbClient) DescribeListeners(input *alb.DescribeListenersInput) (*alb.DescribeListenersOutput, error) {\n\treq, out := c.DescribeListenersRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *AlbClient) DescribeListenersRequest(input *alb.DescribeListenersInput) (req *request.Request, output *alb.DescribeListenersOutput) {\n\top := &request.Operation{\n\t\tName: \"DescribeListeners\",\n\t\tHTTPMethod: \"GET\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &alb.DescribeListenersInput{}\n\t}\n\n\toutput = &alb.DescribeListenersOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treturn\n}\n\nfunc (c *AlbClient) DescribeLoadBalancerAttributes(input *alb.DescribeLoadBalancerAttributesInput) (*alb.DescribeLoadBalancerAttributesOutput, error) {\n\treq, out := c.DescribeLoadBalancerAttributesRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *AlbClient) DescribeLoadBalancerAttributesRequest(input *alb.DescribeLoadBalancerAttributesInput) (req *request.Request, output *alb.DescribeLoadBalancerAttributesOutput) {\n\top := &request.Operation{\n\t\tName: \"DescribeLoadBalancerAttributes\",\n\t\tHTTPMethod: \"GET\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &alb.DescribeLoadBalancerAttributesInput{}\n\t}\n\n\toutput = &alb.DescribeLoadBalancerAttributesOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treturn\n}\n\nfunc (c *AlbClient) ModifyListenerAttributes(input *alb.ModifyListenerAttributesInput) (*alb.ModifyListenerAttributesOutput, error) {\n\treq, out := c.ModifyListenerAttributesRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *AlbClient) ModifyListenerAttributesRequest(input *alb.ModifyListenerAttributesInput) (req *request.Request, output *alb.ModifyListenerAttributesOutput) {\n\top := &request.Operation{\n\t\tName: \"ModifyListenerAttributes\",\n\t\tHTTPMethod: \"GET\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &alb.ModifyListenerAttributesInput{}\n\t}\n\n\toutput = &alb.ModifyListenerAttributesOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-alb/volcengine_alb.go",
"content": "package volcenginealb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/samber/lo\"\n\tvealb \"github.com/volcengine/volcengine-go-sdk/service/alb\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\tvesession \"github.com/volcengine/volcengine-go-sdk/volcengine/session\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-alb/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n\t// SNI 域名(支持泛域名)。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER]、[RESOURCE_TYPE_LISTENER] 时选填。\n\tDomain string `json:\"domain,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.AlbClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查询 ALB 实例的详细信息\n\t// REF: https://www.volcengine.com/docs/6767/113596\n\tdescribeLoadBalancerAttributesReq := &vealb.DescribeLoadBalancerAttributesInput{\n\t\tLoadBalancerId: ve.String(d.config.LoadbalancerId),\n\t}\n\tdescribeLoadBalancerAttributesResp, err := d.sdkClient.DescribeLoadBalancerAttributes(describeLoadBalancerAttributesReq)\n\td.logger.Debug(\"sdk request 'alb.DescribeLoadBalancerAttributes'\", slog.Any(\"request\", describeLoadBalancerAttributesReq), slog.Any(\"response\", describeLoadBalancerAttributesResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.DescribeLoadBalancerAttributes': %w\", err)\n\t}\n\n\t// 查询 HTTPS 监听器列表\n\t// REF: https://www.volcengine.com/docs/6767/113684\n\tlistenerIds := make([]string, 0)\n\tdescribeListenersPageSize := 100\n\tdescribeListenersPageNumber := 1\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeListenersReq := &vealb.DescribeListenersInput{\n\t\t\tLoadBalancerId: ve.String(d.config.LoadbalancerId),\n\t\t\tProtocol: ve.String(\"HTTPS\"),\n\t\t\tPageNumber: ve.Int64(int64(describeListenersPageNumber)),\n\t\t\tPageSize: ve.Int64(int64(describeListenersPageSize)),\n\t\t}\n\t\tdescribeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)\n\t\td.logger.Debug(\"sdk request 'alb.DescribeListeners'\", slog.Any(\"request\", describeListenersReq), slog.Any(\"response\", describeListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.DescribeListeners': %w\", err)\n\t\t}\n\n\t\tfor _, listener := range describeListenersResp.Listeners {\n\t\t\tlistenerIds = append(listenerIds, *listener.ListenerId)\n\t\t}\n\n\t\tif len(describeListenersResp.Listeners) < describeListenersPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeListenersPageNumber++\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no alb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\tif err := d.updateListenerCertificate(ctx, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {\n\t// 查询指定监听器的详细信息\n\t// REF: https://www.volcengine.com/docs/6767/113686\n\tdescribeListenerAttributesReq := &vealb.DescribeListenerAttributesInput{\n\t\tListenerId: ve.String(cloudListenerId),\n\t}\n\tdescribeListenerAttributesResp, err := d.sdkClient.DescribeListenerAttributes(describeListenerAttributesReq)\n\td.logger.Debug(\"sdk request 'alb.DescribeListenerAttributes'\", slog.Any(\"request\", describeListenerAttributesReq), slog.Any(\"response\", describeListenerAttributesResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.DescribeListenerAttributes': %w\", err)\n\t}\n\n\tif d.config.Domain == \"\" {\n\t\t// 未指定 SNI,只需部署到监听器\n\n\t\t// 修改指定监听器\n\t\t// REF: https://www.volcengine.com/docs/6767/113683\n\t\tmodifyListenerAttributesReq := &vealb.ModifyListenerAttributesInput{\n\t\t\tListenerId: ve.String(cloudListenerId),\n\t\t\tCertificateSource: ve.String(\"cert_center\"),\n\t\t\tCertCenterCertificateId: ve.String(cloudCertId),\n\t\t}\n\t\tmodifyListenerAttributesResp, err := d.sdkClient.ModifyListenerAttributes(modifyListenerAttributesReq)\n\t\td.logger.Debug(\"sdk request 'alb.ModifyListenerAttributes'\", slog.Any(\"request\", modifyListenerAttributesReq), slog.Any(\"response\", modifyListenerAttributesResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.ModifyListenerAttributes': %w\", err)\n\t\t}\n\t} else {\n\t\t// 指定 SNI,需部署到扩展域名\n\n\t\t// 修改指定监听器\n\t\t// REF: https://www.volcengine.com/docs/6767/113683\n\t\tmodifyListenerAttributesReq := &vealb.ModifyListenerAttributesInput{\n\t\t\tListenerId: ve.String(cloudListenerId),\n\t\t\tDomainExtensions: lo.Map(\n\t\t\t\tlo.Filter(\n\t\t\t\t\tdescribeListenerAttributesResp.DomainExtensions,\n\t\t\t\t\tfunc(domain *vealb.DomainExtensionForDescribeListenerAttributesOutput, _ int) bool {\n\t\t\t\t\t\treturn *domain.Domain == d.config.Domain\n\t\t\t\t\t},\n\t\t\t\t),\n\t\t\t\tfunc(domain *vealb.DomainExtensionForDescribeListenerAttributesOutput, _ int) *vealb.DomainExtensionForModifyListenerAttributesInput {\n\t\t\t\t\treturn &vealb.DomainExtensionForModifyListenerAttributesInput{\n\t\t\t\t\t\tDomainExtensionId: domain.DomainExtensionId,\n\t\t\t\t\t\tDomain: domain.Domain,\n\t\t\t\t\t\tCertificateSource: ve.String(\"cert_center\"),\n\t\t\t\t\t\tCertCenterCertificateId: ve.String(cloudCertId),\n\t\t\t\t\t\tAction: ve.String(\"modify\"),\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t}\n\t\tmodifyListenerAttributesResp, err := d.sdkClient.ModifyListenerAttributes(modifyListenerAttributesReq)\n\t\td.logger.Debug(\"sdk request 'alb.ModifyListenerAttributes'\", slog.Any(\"request\", modifyListenerAttributesReq), slog.Any(\"response\", modifyListenerAttributesResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'alb.ModifyListenerAttributes': %w\", err)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.AlbClient, error) {\n\tconfig := ve.NewConfig().\n\t\tWithAkSk(accessKeyId, accessKeySecret).\n\t\tWithRegion(region)\n\n\tsession, err := vesession.NewSession(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewAlbClient(session)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-alb/volcengine_alb_test.go",
"content": "package volcenginealb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-alb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINEALB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_alb_test.go -args \\\n\t--VOLCENGINEALB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINEALB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINEALB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINEALB_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINEALB_REGION=\"cn-beijing\" \\\n\t--VOLCENGINEALB_LISTENERID=\"your-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-cdn/consts.go",
"content": "package volcenginecdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-cdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"github.com/volcengine/volcengine-go-sdk/service/cdn\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/request\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery\"\n)\n\n// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/cdn/service_cdn.go\n// to lightweight the vendor packages in the built binary.\ntype CdnClient struct {\n\t*client.Client\n}\n\nfunc NewCdnClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *CdnClient {\n\tc := p.ClientConfig(cdn.EndpointsID, cfgs...)\n\treturn newCdnClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)\n}\n\nfunc newCdnClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *CdnClient {\n\tsvc := &CdnClient{\n\t\tClient: client.New(\n\t\t\tcfg,\n\t\t\tmetadata.ClientInfo{\n\t\t\t\tServiceName: cdn.ServiceName,\n\t\t\t\tServiceID: cdn.ServiceID,\n\t\t\t\tSigningName: signingName,\n\t\t\t\tSigningRegion: signingRegion,\n\t\t\t\tEndpoint: endpoint,\n\t\t\t\tAPIVersion: \"2021-03-01\",\n\t\t\t},\n\t\t\thandlers,\n\t\t),\n\t}\n\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)\n\tsvc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)\n\tsvc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)\n\tsvc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)\n\tsvc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)\n\tsvc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)\n\n\treturn svc\n}\n\nfunc (c *CdnClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {\n\treq := c.NewRequest(op, params, data)\n\n\treturn req\n}\n\nfunc (c *CdnClient) BatchDeployCert(input *cdn.BatchDeployCertInput) (*cdn.BatchDeployCertOutput, error) {\n\treq, out := c.BatchDeployCertRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *CdnClient) BatchDeployCertRequest(input *cdn.BatchDeployCertInput) (req *request.Request, output *cdn.BatchDeployCertOutput) {\n\top := &request.Operation{\n\t\tName: \"BatchDeployCert\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &cdn.BatchDeployCertInput{}\n\t}\n\n\toutput = &cdn.BatchDeployCertOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n\nfunc (c *CdnClient) DescribeCertConfig(input *cdn.DescribeCertConfigInput) (*cdn.DescribeCertConfigOutput, error) {\n\treq, out := c.DescribeCertConfigRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *CdnClient) DescribeCertConfigRequest(input *cdn.DescribeCertConfigInput) (req *request.Request, output *cdn.DescribeCertConfigOutput) {\n\top := &request.Operation{\n\t\tName: \"DescribeCertConfig\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &cdn.DescribeCertConfigInput{}\n\t}\n\n\toutput = &cdn.DescribeCertConfigOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n\nfunc (c *CdnClient) ListCdnDomains(input *cdn.ListCdnDomainsInput) (*cdn.ListCdnDomainsOutput, error) {\n\treq, out := c.ListCdnDomainsRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *CdnClient) ListCdnDomainsRequest(input *cdn.ListCdnDomainsInput) (req *request.Request, output *cdn.ListCdnDomainsOutput) {\n\top := &request.Operation{\n\t\tName: \"ListCdnDomains\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &cdn.ListCdnDomainsInput{}\n\t}\n\n\toutput = &cdn.ListCdnDomainsOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn.go",
"content": "package volcenginecdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\tvecdn \"github.com/volcengine/volcengine-go-sdk/service/cdn\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\tvesession \"github.com/volcengine/volcengine-go-sdk/volcengine/session\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-cdn\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-cdn/internal\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.CdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = []string{d.config.Domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getMatchedDomainsByWildcard(ctx, d.config.Domain)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = domainCandidates\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tdomainCandidates, err := d.getMatchedDomainsByCertId(ctx, upres.CertId)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = domainCandidates\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历绑定证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no cdn domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found cdn domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByWildcard(ctx context.Context, wildcardDomain string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询加速域名列表,获取匹配的域名\n\t// REF: https://www.volcengine.com/docs/6454/75269\n\tlistCdnDomainsPageNum := 1\n\tlistCdnDomainsPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistCdnDomainsReq := &vecdn.ListCdnDomainsInput{\n\t\t\tDomain: ve.String(strings.TrimPrefix(wildcardDomain, \"*.\")),\n\t\t\tStatus: ve.String(\"online\"),\n\t\t\tPageNum: ve.Int64(int64(listCdnDomainsPageNum)),\n\t\t\tPageSize: ve.Int64(int64(listCdnDomainsPageSize)),\n\t\t}\n\t\tlistCdnDomainsResp, err := d.sdkClient.ListCdnDomains(listCdnDomainsReq)\n\t\td.logger.Debug(\"sdk request 'cdn.ListCdnDomains'\", slog.Any(\"request\", listCdnDomainsReq), slog.Any(\"response\", listCdnDomainsResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.ListCdnDomains': %w\", err)\n\t\t}\n\n\t\tfor _, domainItem := range listCdnDomainsResp.Data {\n\t\t\tif xcerthostname.IsMatch(wildcardDomain, ve.StringValue(domainItem.Domain)) {\n\t\t\t\tdomains = append(domains, ve.StringValue(domainItem.Domain))\n\t\t\t}\n\t\t}\n\n\t\tif len(listCdnDomainsResp.Data) < listCdnDomainsPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistCdnDomainsPageSize++\n\t}\n\n\tif len(domains) == 0 {\n\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) getMatchedDomainsByCertId(ctx context.Context, cloudCertId string) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 获取指定证书可关联的域名\n\t// REF: https://www.volcengine.com/docs/6454/125711\n\tdescribeCertConfigReq := &vecdn.DescribeCertConfigInput{\n\t\tCertId: ve.String(cloudCertId),\n\t}\n\tdescribeCertConfigResp, err := d.sdkClient.DescribeCertConfig(describeCertConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.DescribeCertConfig'\", slog.Any(\"request\", describeCertConfigReq), slog.Any(\"response\", describeCertConfigResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.DescribeCertConfig': %w\", err)\n\t}\n\n\tif describeCertConfigResp.CertNotConfig != nil {\n\t\tfor i := range describeCertConfigResp.CertNotConfig {\n\t\t\tdomains = append(domains, ve.StringValue(describeCertConfigResp.CertNotConfig[i].Domain))\n\t\t}\n\t}\n\n\tif describeCertConfigResp.OtherCertConfig != nil {\n\t\tfor i := range describeCertConfigResp.OtherCertConfig {\n\t\t\tdomains = append(domains, ve.StringValue(describeCertConfigResp.OtherCertConfig[i].Domain))\n\t\t}\n\t}\n\n\tif len(domains) == 0 {\n\t\tif len(describeCertConfigResp.SpecifiedCertConfig) == 0 {\n\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t}\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 关联证书与加速域名\n\t// REF: https://www.volcengine.com/docs/6454/125712\n\tbatchDeployCertReq := &vecdn.BatchDeployCertInput{\n\t\tDomain: ve.String(domain),\n\t\tCertId: ve.String(cloudCertId),\n\t}\n\tbatchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)\n\td.logger.Debug(\"sdk request 'cdn.BatchDeployCert'\", slog.Any(\"request\", batchDeployCertReq), slog.Any(\"response\", batchDeployCertResp))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*internal.CdnClient, error) {\n\tconfig := ve.NewConfig().\n\t\tWithAkSk(accessKeyId, accessKeySecret).\n\t\tWithRegion(\"cn-north-1\")\n\n\tsession, err := vesession.NewSession(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewCdnClient(session)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-cdn/volcengine_cdn_test.go",
"content": "package volcenginecdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINECDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_cdn_test.go -args \\\n\t--VOLCENGINECDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINECDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINECDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINECDN_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINECDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-certcenter/volcengine_certcenter.go",
"content": "package volcenginecertcenter\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-clb/consts.go",
"content": "package volcengineclb\n\nconst (\n\t// 资源类型:部署到指定负载均衡器。\n\tRESOURCE_TYPE_LOADBALANCER = \"loadbalancer\"\n\t// 资源类型:部署到指定监听器。\n\tRESOURCE_TYPE_LISTENER = \"listener\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-clb/internal/client.go",
"content": "package internal\n\nimport (\n\t\"github.com/volcengine/volcengine-go-sdk/service/clb\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/request\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery\"\n)\n\n// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/clb/service_clb.go\n// to lightweight the vendor packages in the built binary.\ntype ClbClient struct {\n\t*client.Client\n}\n\nfunc NewClbClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *ClbClient {\n\tc := p.ClientConfig(clb.EndpointsID, cfgs...)\n\treturn newClbClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)\n}\n\nfunc newClbClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *ClbClient {\n\tsvc := &ClbClient{\n\t\tClient: client.New(\n\t\t\tcfg,\n\t\t\tmetadata.ClientInfo{\n\t\t\t\tServiceName: clb.ServiceName,\n\t\t\t\tServiceID: clb.ServiceID,\n\t\t\t\tSigningName: signingName,\n\t\t\t\tSigningRegion: signingRegion,\n\t\t\t\tEndpoint: endpoint,\n\t\t\t\tAPIVersion: \"2020-04-01\",\n\t\t\t},\n\t\t\thandlers,\n\t\t),\n\t}\n\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)\n\tsvc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)\n\tsvc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)\n\tsvc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)\n\tsvc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)\n\tsvc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)\n\n\treturn svc\n}\n\nfunc (c *ClbClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {\n\treq := c.NewRequest(op, params, data)\n\n\treturn req\n}\n\nfunc (c *ClbClient) DescribeListeners(input *clb.DescribeListenersInput) (*clb.DescribeListenersOutput, error) {\n\treq, out := c.DescribeListenersRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *ClbClient) DescribeListenersRequest(input *clb.DescribeListenersInput) (req *request.Request, output *clb.DescribeListenersOutput) {\n\top := &request.Operation{\n\t\tName: \"DescribeListeners\",\n\t\tHTTPMethod: \"GET\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &clb.DescribeListenersInput{}\n\t}\n\n\toutput = &clb.DescribeListenersOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treturn\n}\n\nfunc (c *ClbClient) DescribeLoadBalancerAttributes(input *clb.DescribeLoadBalancerAttributesInput) (*clb.DescribeLoadBalancerAttributesOutput, error) {\n\treq, out := c.DescribeLoadBalancerAttributesRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *ClbClient) DescribeLoadBalancerAttributesRequest(input *clb.DescribeLoadBalancerAttributesInput) (req *request.Request, output *clb.DescribeLoadBalancerAttributesOutput) {\n\top := &request.Operation{\n\t\tName: \"DescribeLoadBalancerAttributes\",\n\t\tHTTPMethod: \"GET\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &clb.DescribeLoadBalancerAttributesInput{}\n\t}\n\n\toutput = &clb.DescribeLoadBalancerAttributesOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treturn\n}\n\nfunc (c *ClbClient) ModifyListenerAttributes(input *clb.ModifyListenerAttributesInput) (*clb.ModifyListenerAttributesOutput, error) {\n\treq, out := c.ModifyListenerAttributesRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *ClbClient) ModifyListenerAttributesRequest(input *clb.ModifyListenerAttributesInput) (req *request.Request, output *clb.ModifyListenerAttributesOutput) {\n\top := &request.Operation{\n\t\tName: \"ModifyListenerAttributes\",\n\t\tHTTPMethod: \"GET\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &clb.ModifyListenerAttributesInput{}\n\t}\n\n\toutput = &clb.ModifyListenerAttributesOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-clb/volcengine_clb.go",
"content": "package volcengineclb\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\tveclb \"github.com/volcengine/volcengine-go-sdk/service/clb\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\tvesession \"github.com/volcengine/volcengine-go-sdk/volcengine/session\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-clb/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n\t// 部署资源类型。\n\tResourceType string `json:\"resourceType\"`\n\t// 负载均衡实例 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LOADBALANCER] 时必填。\n\tLoadbalancerId string `json:\"loadbalancerId,omitempty\"`\n\t// 负载均衡监听器 ID。\n\t// 部署资源类型为 [RESOURCE_TYPE_LISTENER] 时必填。\n\tListenerId string `json:\"listenerId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.ClbClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据部署资源类型决定部署方式\n\tswitch d.config.ResourceType {\n\tcase RESOURCE_TYPE_LOADBALANCER:\n\t\tif err := d.deployToLoadbalancer(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tcase RESOURCE_TYPE_LISTENER:\n\t\tif err := d.deployToListener(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported resource type '%s'\", d.config.ResourceType)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployToLoadbalancer(ctx context.Context, cloudCertId string) error {\n\tif d.config.LoadbalancerId == \"\" {\n\t\treturn errors.New(\"config `loadbalancerId` is required\")\n\t}\n\n\t// 查看指定负载均衡实例的详情\n\t// REF: https://www.volcengine.com/docs/6406/71773\n\tdescribeLoadBalancerAttributesReq := &veclb.DescribeLoadBalancerAttributesInput{\n\t\tLoadBalancerId: ve.String(d.config.LoadbalancerId),\n\t}\n\tdescribeLoadBalancerAttributesResp, err := d.sdkClient.DescribeLoadBalancerAttributes(describeLoadBalancerAttributesReq)\n\td.logger.Debug(\"sdk request 'clb.DescribeLoadBalancerAttributes'\", slog.Any(\"request\", describeLoadBalancerAttributesReq), slog.Any(\"response\", describeLoadBalancerAttributesResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'clb.DescribeLoadBalancerAttributes': %w\", err)\n\t}\n\n\t// 查询 HTTPS 监听器列表\n\t// REF: https://www.volcengine.com/docs/6406/71776\n\tlistenerIds := make([]string, 0)\n\tdescribeListenersPageSize := 100\n\tdescribeListenersPageNumber := 1\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tdescribeListenersReq := &veclb.DescribeListenersInput{\n\t\t\tLoadBalancerId: ve.String(d.config.LoadbalancerId),\n\t\t\tProtocol: ve.String(\"HTTPS\"),\n\t\t\tPageNumber: ve.Int64(int64(describeListenersPageNumber)),\n\t\t\tPageSize: ve.Int64(int64(describeListenersPageSize)),\n\t\t}\n\t\tdescribeListenersResp, err := d.sdkClient.DescribeListeners(describeListenersReq)\n\t\td.logger.Debug(\"sdk request 'clb.DescribeListeners'\", slog.Any(\"request\", describeListenersReq), slog.Any(\"response\", describeListenersResp))\n\t\tif err != nil {\n\t\t\treturn fmt.Errorf(\"failed to execute sdk request 'clb.DescribeListeners': %w\", err)\n\t\t}\n\n\t\tfor _, listener := range describeListenersResp.Listeners {\n\t\t\tlistenerIds = append(listenerIds, *listener.ListenerId)\n\t\t}\n\n\t\tif len(describeListenersResp.Listeners) < describeListenersPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tdescribeListenersPageNumber++\n\t}\n\n\t// 遍历更新监听证书\n\tif len(listenerIds) == 0 {\n\t\td.logger.Info(\"no clb listeners to deploy\")\n\t} else {\n\t\td.logger.Info(\"found https listeners to deploy\", slog.Any(\"listenerIds\", listenerIds))\n\t\tvar errs []error\n\n\t\tfor _, listenerId := range listenerIds {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateListenerCertificate(ctx, listenerId, cloudCertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) deployToListener(ctx context.Context, cloudCertId string) error {\n\tif d.config.ListenerId == \"\" {\n\t\treturn errors.New(\"config `listenerId` is required\")\n\t}\n\n\tif err := d.updateListenerCertificate(ctx, d.config.ListenerId, cloudCertId); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (d *Deployer) updateListenerCertificate(ctx context.Context, cloudListenerId string, cloudCertId string) error {\n\t// 修改指定监听器\n\t// REF: https://www.volcengine.com/docs/6406/71775\n\tmodifyListenerAttributesReq := &veclb.ModifyListenerAttributesInput{\n\t\tListenerId: ve.String(cloudListenerId),\n\t\tCertificateSource: ve.String(\"cert_center\"),\n\t\tCertCenterCertificateId: ve.String(cloudCertId),\n\t}\n\tmodifyListenerAttributesResp, err := d.sdkClient.ModifyListenerAttributes(modifyListenerAttributesReq)\n\td.logger.Debug(\"sdk request 'clb.ModifyListenerAttributes'\", slog.Any(\"request\", modifyListenerAttributesReq), slog.Any(\"response\", modifyListenerAttributesResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'clb.ModifyListenerAttributes': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.ClbClient, error) {\n\tconfig := ve.NewConfig().\n\t\tWithAkSk(accessKeyId, accessKeySecret).\n\t\tWithRegion(region)\n\n\tsession, err := vesession.NewSession(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewClbClient(session)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-clb/volcengine_clb_test.go",
"content": "package volcengineclb_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-clb\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfListenerId string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINECLB_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fListenerId, argsPrefix+\"LISTENERID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_clb_test.go -args \\\n\t--VOLCENGINECLB_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINECLB_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINECLB_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINECLB_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINECLB_REGION=\"cn-beijing\" \\\n\t--VOLCENGINECLB_LISTENERID=\"your-listener-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"LISTENERID: %v\", fListenerId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tResourceType: provider.RESOURCE_TYPE_LISTENER,\n\t\t\tListenerId: fListenerId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-dcdn/consts.go",
"content": "package volcenginedcdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-dcdn/internal/client.go",
"content": "package internal\n\nimport (\n\t\"github.com/volcengine/volcengine-go-sdk/service/dcdn\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/request\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery\"\n)\n\n// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/dcdn/service_dcdn.go\n// to lightweight the vendor packages in the built binary.\ntype DcdnClient struct {\n\t*client.Client\n}\n\nfunc NewDcdnClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *DcdnClient {\n\tc := p.ClientConfig(dcdn.EndpointsID, cfgs...)\n\treturn newDcdnClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)\n}\n\nfunc newDcdnClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *DcdnClient {\n\tsvc := &DcdnClient{\n\t\tClient: client.New(\n\t\t\tcfg,\n\t\t\tmetadata.ClientInfo{\n\t\t\t\tServiceName: dcdn.ServiceName,\n\t\t\t\tServiceID: dcdn.ServiceID,\n\t\t\t\tSigningName: signingName,\n\t\t\t\tSigningRegion: signingRegion,\n\t\t\t\tEndpoint: endpoint,\n\t\t\t\tAPIVersion: \"2021-04-01\",\n\t\t\t},\n\t\t\thandlers,\n\t\t),\n\t}\n\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)\n\tsvc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)\n\tsvc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)\n\tsvc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)\n\tsvc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)\n\tsvc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)\n\n\treturn svc\n}\n\nfunc (c *DcdnClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {\n\treq := c.NewRequest(op, params, data)\n\n\treturn req\n}\n\nfunc (c *DcdnClient) CreateCertBind(input *dcdn.CreateCertBindInput) (*dcdn.CreateCertBindOutput, error) {\n\treq, out := c.CreateCertBindRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *DcdnClient) CreateCertBindRequest(input *dcdn.CreateCertBindInput) (req *request.Request, output *dcdn.CreateCertBindOutput) {\n\top := &request.Operation{\n\t\tName: \"CreateCertBind\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &dcdn.CreateCertBindInput{}\n\t}\n\n\toutput = &dcdn.CreateCertBindOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n\nfunc (c *DcdnClient) ListDomainConfig(input *dcdn.ListDomainConfigInput) (*dcdn.ListDomainConfigOutput, error) {\n\treq, out := c.ListDomainConfigRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *DcdnClient) ListDomainConfigRequest(input *dcdn.ListDomainConfigInput) (req *request.Request, output *dcdn.ListDomainConfigOutput) {\n\top := &request.Operation{\n\t\tName: \"ListDomainConfig\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &dcdn.ListDomainConfigInput{}\n\t}\n\n\toutput = &dcdn.ListDomainConfigOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn.go",
"content": "package volcenginedcdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\tvedcdn \"github.com/volcengine/volcengine-go-sdk/service/dcdn\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\tvesession \"github.com/volcengine/volcengine-go-sdk/volcengine/session\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-dcdn/internal\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.DcdnClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\t// \"*.example.com\" → \".example.com\",适配火山引擎 DCDN 要求的泛域名格式\n\t\t\tdomain := strings.TrimPrefix(d.config.Domain, \"*\")\n\t\t\tdomains = []string{domain}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain) ||\n\t\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = []string{d.config.Domain}\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil ||\n\t\t\t\t\tstrings.TrimPrefix(d.config.Domain, \"*\") == strings.TrimPrefix(domain, \"*\")\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 批量绑定证书\n\t// REF: https://www.volcengine.com/docs/6559/1250189\n\tcreateCertBindReq := &vedcdn.CreateCertBindInput{\n\t\tCertSource: ve.String(\"volc\"),\n\t\tCertId: ve.String(upres.CertId),\n\t\tDomainNames: ve.StringSlice(domains),\n\t}\n\tcreateCertBindResp, err := d.sdkClient.CreateCertBind(createCertBindReq)\n\td.logger.Debug(\"sdk request 'dcdn.CreateCertBind'\", slog.Any(\"request\", createCertBindReq), slog.Any(\"response\", createCertBindResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'dcdn.CreateCertBind': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名配置列表\n\t// https://www.volcengine.com/docs/6559/1171745\n\tlistDomainConfigPageNumber := 1\n\tlistDomainConfigPageSize := 100\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainConfigReq := &vedcdn.ListDomainConfigInput{\n\t\t\tPageNumber: ve.Int32(int32(listDomainConfigPageNumber)),\n\t\t\tPageSize: ve.Int32(int32(listDomainConfigPageSize)),\n\t\t}\n\t\tlistDomainConfigResp, err := d.sdkClient.ListDomainConfig(listDomainConfigReq)\n\t\td.logger.Debug(\"sdk request 'dcdn.ListDomainConfig'\", slog.Any(\"request\", listDomainConfigReq), slog.Any(\"response\", listDomainConfigResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'dcdn.ListDomainConfig': %w\", err)\n\t\t}\n\n\t\tignoredStatuses := []string{\"Stop\"}\n\t\tfor _, domainItem := range listDomainConfigResp.DomainList {\n\t\t\tif lo.Contains(ignoredStatuses, *domainItem.Status) {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdomains = append(domains, *domainItem.Domain)\n\t\t}\n\n\t\tif len(listDomainConfigResp.DomainList) < listDomainConfigPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainConfigPageNumber++\n\t}\n\n\treturn domains, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.DcdnClient, error) {\n\tif region == \"\" {\n\t\tregion = \"cn-beijing\" // DCDN 服务默认区域:北京\n\t}\n\n\tconfig := ve.NewConfig().\n\t\tWithAkSk(accessKeyId, accessKeySecret).\n\t\tWithRegion(region)\n\n\tsession, err := vesession.NewSession(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewDcdnClient(session)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-dcdn/volcengine_dcdn_test.go",
"content": "package volcenginedcdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-dcdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINEDCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_dcdn_test.go -args \\\n\t--VOLCENGINEDCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINEDCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINEDCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINEDCDN_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINEDCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-imagex/volcengine_imagex.go",
"content": "package volcengineimagex\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\tvebase \"github.com/volcengine/volc-sdk-golang/base\"\n\tveimagex \"github.com/volcengine/volc-sdk-golang/service/imagex/v2\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n\t// 服务 ID。\n\tServiceId string `json:\"serviceId\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *veimagex.Imagex\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.ServiceId == \"\" {\n\t\treturn nil, errors.New(\"config `serviceId` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取域名配置\n\t// REF: https://www.volcengine.com/docs/508/9366\n\tgetDomainConfigReq := &veimagex.GetDomainConfigQuery{\n\t\tServiceID: d.config.ServiceId,\n\t\tDomainName: d.config.Domain,\n\t}\n\tgetDomainConfigResp, err := d.sdkClient.GetDomainConfig(ctx, getDomainConfigReq)\n\td.logger.Debug(\"sdk request 'imagex.GetDomainConfig'\", slog.Any(\"request\", getDomainConfigReq), slog.Any(\"response\", getDomainConfigResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'imagex.GetDomainConfig': %w\", err)\n\t}\n\n\t// 更新 HTTPS 配置\n\t// REF: https://www.volcengine.com/docs/508/66012\n\tupdateHttpsReq := &veimagex.UpdateHTTPSReq{\n\t\tUpdateHTTPSQuery: &veimagex.UpdateHTTPSQuery{\n\t\t\tServiceID: d.config.ServiceId,\n\t\t},\n\t\tUpdateHTTPSBody: &veimagex.UpdateHTTPSBody{\n\t\t\tDomain: d.config.Domain,\n\t\t\tHTTPS: &veimagex.UpdateHTTPSBodyHTTPS{\n\t\t\t\tCertID: upres.CertId,\n\t\t\t\tEnableHTTPS: true,\n\t\t\t},\n\t\t},\n\t}\n\tif getDomainConfigResp.Result != nil && getDomainConfigResp.Result.HTTPSConfig != nil {\n\t\tupdateHttpsReq.UpdateHTTPSBody.HTTPS.EnableHTTPS = getDomainConfigResp.Result.HTTPSConfig.EnableHTTPS\n\t\tupdateHttpsReq.UpdateHTTPSBody.HTTPS.EnableHTTP2 = getDomainConfigResp.Result.HTTPSConfig.EnableHTTP2\n\t\tupdateHttpsReq.UpdateHTTPSBody.HTTPS.EnableOcsp = getDomainConfigResp.Result.HTTPSConfig.EnableOcsp\n\t\tupdateHttpsReq.UpdateHTTPSBody.HTTPS.TLSVersions = getDomainConfigResp.Result.HTTPSConfig.TLSVersions\n\t\tupdateHttpsReq.UpdateHTTPSBody.HTTPS.EnableForceRedirect = getDomainConfigResp.Result.HTTPSConfig.EnableForceRedirect\n\t\tupdateHttpsReq.UpdateHTTPSBody.HTTPS.ForceRedirectType = getDomainConfigResp.Result.HTTPSConfig.ForceRedirectType\n\t\tupdateHttpsReq.UpdateHTTPSBody.HTTPS.ForceRedirectCode = getDomainConfigResp.Result.HTTPSConfig.ForceRedirectCode\n\t}\n\tupdateHttpsResp, err := d.sdkClient.UpdateHTTPS(ctx, updateHttpsReq)\n\td.logger.Debug(\"sdk request 'imagex.UpdateHttps'\", slog.Any(\"request\", updateHttpsReq), slog.Any(\"response\", updateHttpsResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'imagex.UpdateHttps': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*veimagex.Imagex, error) {\n\tvar instance *veimagex.Imagex\n\tif region == \"\" {\n\t\tinstance = veimagex.NewInstance()\n\t} else {\n\t\tinstance = veimagex.NewInstanceWithRegion(region)\n\t}\n\n\tinstance.SetCredential(vebase.Credentials{\n\t\tAccessKeyID: accessKeyId,\n\t\tSecretAccessKey: accessKeySecret,\n\t})\n\n\treturn instance, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-imagex/volcengine_imagex_test.go",
"content": "package volcengineimagex_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-imagex\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfServiceId string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINEIMAGEX_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fServiceId, argsPrefix+\"SERVICEID\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_imagex_test.go -args \\\n\t--VOLCENGINEIMAGEX_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINEIMAGEX_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINEIMAGEX_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINEIMAGEX_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINEIMAGEX_REGION=\"cn-north-1\" \\\n\t--VOLCENGINEIMAGEX_SERVICEID=\"your-service-id\" \\\n\t--VOLCENGINEIMAGEX_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"SERVICEID: %v\", fServiceId),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tServiceId: fServiceId,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-live/consts.go",
"content": "package volcenginelive\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-live/volcengine_live.go",
"content": "package volcenginelive\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\tvelive \"github.com/volcengine/volc-sdk-golang/service/live/v20230101\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-live\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 直播流域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *velive.Live\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient := velive.NewInstance()\n\tclient.SetAccessKey(config.AccessKeyId)\n\tclient.SetSecretKey(config.AccessKeySecret)\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的直播实例\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = append(domains, d.config.Domain)\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = append(domains, d.config.Domain)\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历绑定证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no live domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found live domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 查询域名列表\n\t// REF: https://www.volcengine.com/docs/6469/1126815\n\tlistDomainDetailPageNum := 1\n\tlistDomainDetailPageSize := 1000\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainDetailReq := &velive.ListDomainDetailBody{\n\t\t\tDomainStatusList: ve.Int32Slice([]int32{0}),\n\t\t\tPageNum: int32(listDomainDetailPageNum),\n\t\t\tPageSize: int32(listDomainDetailPageSize),\n\t\t}\n\t\tlistDomainDetailResp, err := d.sdkClient.ListDomainDetail(ctx, listDomainDetailReq)\n\t\td.logger.Debug(\"sdk request 'live.ListDomainDetail'\", slog.Any(\"request\", listDomainDetailReq), slog.Any(\"response\", listDomainDetailResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'live.ListDomainDetail': %w\", err)\n\t\t}\n\n\t\tif listDomainDetailResp.Result == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tfor _, domainItem := range listDomainDetailResp.Result.DomainList {\n\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t}\n\n\t\tif len(listDomainDetailResp.Result.DomainList) < listDomainDetailPageSize {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainDetailPageNum++\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 绑定证书\n\t// REF: https://www.volcengine.com/docs/6469/1126820\n\tbindCertReq := &velive.BindCertBody{\n\t\tChainID: cloudCertId,\n\t\tDomain: domain,\n\t\tHTTPS: ve.Bool(true),\n\t}\n\tbindCertResp, err := d.sdkClient.BindCert(ctx, bindCertReq)\n\td.logger.Debug(\"sdk request 'live.BindCert'\", slog.Any(\"request\", bindCertReq), slog.Any(\"response\", bindCertResp))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-live/volcengine_live_test.go",
"content": "package volcenginelive_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-live\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINELIVE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_live_test.go -args \\\n\t--VOLCENGINELIVE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINELIVE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINELIVE_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINELIVE_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINELIVE_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-tos/volcengine_tos.go",
"content": "package volcenginetos\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/volcengine/ve-tos-golang-sdk/v2/tos\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n\t// 存储桶名。\n\tBucket string `json:\"bucket\"`\n\t// 自定义域名(不支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *tos.ClientV2\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Bucket == \"\" {\n\t\treturn nil, errors.New(\"config `bucket` is required\")\n\t}\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 设置自定义域名\n\t// REF: https://www.volcengine.com/docs/6349/764779\n\tputBucketCustomDomainReq := &tos.PutBucketCustomDomainInput{\n\t\tBucket: d.config.Bucket,\n\t\tRule: tos.CustomDomainRule{\n\t\t\tDomain: d.config.Domain,\n\t\t\tCertID: upres.CertId,\n\t\t},\n\t}\n\tputBucketCustomDomainResp, err := d.sdkClient.PutBucketCustomDomain(ctx, putBucketCustomDomainReq)\n\td.logger.Debug(\"sdk request 'tos.PutBucketCustomDomain'\", slog.Any(\"request\", putBucketCustomDomainReq), slog.Any(\"response\", putBucketCustomDomainResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'tos.PutBucketCustomDomain': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*tos.ClientV2, error) {\n\tendpoint := fmt.Sprintf(\"tos-%s.volces.com\", region)\n\n\tclient, err := tos.NewClientV2(\n\t\tendpoint,\n\t\ttos.WithRegion(region),\n\t\ttos.WithCredentials(tos.NewStaticCredentials(accessKeyId, accessKeySecret)),\n\t)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-tos/volcengine_tos_test.go",
"content": "package volcenginetos_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-tos\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfBucket string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINETOS_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fBucket, argsPrefix+\"BUCKET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_tos_test.go -args \\\n\t--VOLCENGINETOS_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINETOS_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINETOS_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINETOS_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINETOS_REGION=\"cn-beijing\" \\\n\t--VOLCENGINETOS_BUCKET=\"your-tos-bucket\" \\\n\t--VOLCENGINETOS_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"BUCKET: %v\", fBucket),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tBucket: fBucket,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-vod/consts.go",
"content": "package volcenginevod\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n\t// 匹配模式:通配符匹配。\n\tDOMAIN_MATCH_PATTERN_WILDCARD = \"wildcard\"\n\t// 匹配模式:证书 SAN 匹配。\n\tDOMAIN_MATCH_PATTERN_CERTSAN = \"certsan\"\n)\n\nconst (\n\t// 域名类型:点播加速域名。\n\tDOMAIN_TYPE_PLAY = \"play\"\n\t// 域名类型:封面加速域名。\n\tDOMAIN_TYPE_IMAGE = \"image\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-vod/volcengine_vod.go",
"content": "package volcenginevod\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\tvevod \"github.com/volcengine/volc-sdk-golang/service/vod\"\n\tvevodbusiness \"github.com/volcengine/volc-sdk-golang/service/vod/models/business\"\n\tvevodrequest \"github.com/volcengine/volc-sdk-golang/service/vod/models/request\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 点播空间名称。\n\tSpaceName string `json:\"spaceName\"`\n\t// 域名匹配模式。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 点播域名类型。\n\tDomainType string `json:\"domainType\"`\n\t// 点播加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *vevod.Vod\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient := vevod.NewInstance()\n\tclient.SetAccessKey(config.AccessKeyId)\n\tclient.SetSecretKey(config.AccessKeySecret)\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tdomains = append(domains, d.config.Domain)\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_WILDCARD:\n\t\t{\n\t\t\tif d.config.Domain == \"\" {\n\t\t\t\treturn nil, errors.New(\"config `domain` is required\")\n\t\t\t}\n\n\t\t\tif strings.HasPrefix(d.config.Domain, \"*.\") {\n\t\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn nil, err\n\t\t\t\t}\n\n\t\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\t\treturn xcerthostname.IsMatch(d.config.Domain, domain)\n\t\t\t\t})\n\t\t\t\tif len(domains) == 0 {\n\t\t\t\t\treturn nil, errors.New(\"could not find any domains matched by wildcard\")\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tdomains = append(domains, d.config.Domain)\n\t\t\t}\n\t\t}\n\n\tcase DOMAIN_MATCH_PATTERN_CERTSAN:\n\t\t{\n\t\t\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomainCandidates, err := d.getAllDomains(ctx)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, err\n\t\t\t}\n\n\t\t\tdomains = lo.Filter(domainCandidates, func(domain string, _ int) bool {\n\t\t\t\treturn certX509.VerifyHostname(domain) == nil\n\t\t\t})\n\t\t\tif len(domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"could not find any domains matched by certificate\")\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 遍历更新域名证书\n\tif len(domains) == 0 {\n\t\td.logger.Info(\"no vod domains to deploy\")\n\t} else {\n\t\td.logger.Info(\"found vod domains to deploy\", slog.Any(\"domains\", domains))\n\t\tvar errs []error\n\n\t\tfor _, domain := range domains {\n\t\t\tselect {\n\t\t\tcase <-ctx.Done():\n\t\t\t\treturn nil, ctx.Err()\n\t\t\tdefault:\n\t\t\t\tif err := d.updateDomainCertificate(ctx, domain, upres.CertId); err != nil {\n\t\t\t\t\terrs = append(errs, err)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif len(errs) > 0 {\n\t\t\treturn nil, errors.Join(errs...)\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) getAllDomains(ctx context.Context) ([]string, error) {\n\tdomains := make([]string, 0)\n\n\t// 获取空间域名列表\n\t// REF: https://www.volcengine.com/docs/4/106062\n\tlistDomainDetailOffset := 0\n\tlistDomainDetailLimit := 1000\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn nil, ctx.Err()\n\t\tdefault:\n\t\t}\n\n\t\tlistDomainReq := &vevodrequest.VodListDomainRequest{\n\t\t\tSpaceName: d.config.SpaceName,\n\t\t\tDomainType: d.config.DomainType,\n\t\t\tSourceStationType: 1,\n\t\t\tOffset: int32(listDomainDetailOffset),\n\t\t\tLimit: int32(listDomainDetailLimit),\n\t\t}\n\t\tlistDomainResp, _, err := d.sdkClient.ListDomain(listDomainReq)\n\t\td.logger.Debug(\"sdk request 'vod.ListDomain'\", slog.Any(\"request\", listDomainReq), slog.Any(\"response\", listDomainResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'vod.ListDomain': %w\", err)\n\t\t}\n\n\t\tif listDomainResp.Result == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tvar domainInstances []*vevodbusiness.VodDomainInstanceInfo\n\t\tswitch d.config.DomainType {\n\t\tcase DOMAIN_TYPE_PLAY:\n\t\t\tdomainInstances = listDomainResp.GetResult().GetPlayInstanceInfo().GetByteInstances()\n\t\tcase DOMAIN_TYPE_IMAGE:\n\t\t\tdomainInstances = listDomainResp.GetResult().GetImageInstanceInfo().GetByteInstances()\n\t\tdefault:\n\t\t\treturn nil, fmt.Errorf(\"unsupported domain type: '%s'\", d.config.DomainType)\n\t\t}\n\n\t\tfor _, domainInstance := range domainInstances {\n\t\t\tif domainInstance.Domains == nil {\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\tfor _, domainItem := range domainInstance.Domains {\n\t\t\t\tdomains = append(domains, domainItem.Domain)\n\t\t\t}\n\t\t}\n\n\t\tif listDomainResp.Result.Total <= int64(listDomainDetailOffset+listDomainDetailLimit) {\n\t\t\tbreak\n\t\t}\n\n\t\tlistDomainDetailOffset += listDomainDetailLimit\n\t}\n\n\treturn domains, nil\n}\n\nfunc (d *Deployer) updateDomainCertificate(ctx context.Context, domain string, cloudCertId string) error {\n\t// 更新域名配置\n\t// REF: https://www.volcengine.com/docs/4/1317310\n\tupdateDomainConfigReq := &vevodrequest.VodUpdateDomainConfigRequest{\n\t\tSpaceName: d.config.SpaceName,\n\t\tDomainType: d.config.DomainType,\n\t\tDomain: domain,\n\t\tConfig: &vevodbusiness.VodDomainConfig{\n\t\t\tHTTPS: &vevodbusiness.HTTPS{\n\t\t\t\tSwitch: ve.Bool(true),\n\t\t\t\tCertInfo: &vevodbusiness.CertInfo{\n\t\t\t\t\tCertId: &cloudCertId,\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t}\n\tupdateDomainConfigResp, _, err := d.sdkClient.UpdateDomainConfig(updateDomainConfigReq)\n\td.logger.Debug(\"sdk request 'vod.UpdateDomainConfig'\", slog.Any(\"request\", updateDomainConfigReq), slog.Any(\"response\", updateDomainConfigResp))\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-vod/volcengine_vod_test.go",
"content": "package volcenginevod_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-vod\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfSpaceName string\n\tfDomainType string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINEVOD_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fSpaceName, argsPrefix+\"SPACENAME\", \"\", \"\")\n\tflag.StringVar(&fDomainType, argsPrefix+\"DOMAINTYPE\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_vod_test.go -args \\\n\t--VOLCENGINEVOD_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINEVOD_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINEVOD_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINEVOD_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINEVOD_SPACENAME=\"vod-space-name\" \\\n\t--VOLCENGINEVOD_DOMAINTYPE=\"play\" \\\n\t--VOLCENGINEVOD_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"SPACENAME: %v\", fSpaceName),\n\t\t\tfmt.Sprintf(\"DOMAINTYPE: %v\", fDomainType),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomainMatchPattern: provider.DOMAIN_MATCH_PATTERN_EXACT,\n\t\t\tSpaceName: fSpaceName,\n\t\t\tDomainType: fDomainType,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-waf/consts.go",
"content": "package volcenginewaf\n\nconst (\n\t// 接入模式:CNAME 接入。\n\tACCESS_MODE_CNAME = \"cname\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-waf/internal/client.go",
"content": "package internal\n\nimport (\n\t\"github.com/volcengine/volcengine-go-sdk/service/waf\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/client/metadata\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/corehandlers\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/request\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/signer/volc\"\n\t\"github.com/volcengine/volcengine-go-sdk/volcengine/volcenginequery\"\n)\n\n// This is a partial copy of https://github.com/volcengine/volcengine-go-sdk/blob/master/service/waf/service_waf.go\n// to lightweight the vendor packages in the built binary.\ntype WafClient struct {\n\t*client.Client\n}\n\nfunc NewWafClient(p client.ConfigProvider, cfgs ...*volcengine.Config) *WafClient {\n\tc := p.ClientConfig(waf.EndpointsID, cfgs...)\n\treturn newDcdnClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion, c.SigningName)\n}\n\nfunc newDcdnClient(cfg volcengine.Config, handlers request.Handlers, endpoint, signingRegion, signingName string) *WafClient {\n\tsvc := &WafClient{\n\t\tClient: client.New(\n\t\t\tcfg,\n\t\t\tmetadata.ClientInfo{\n\t\t\t\tServiceName: waf.ServiceName,\n\t\t\t\tServiceID: waf.ServiceID,\n\t\t\t\tSigningName: signingName,\n\t\t\t\tSigningRegion: signingRegion,\n\t\t\t\tEndpoint: endpoint,\n\t\t\t\tAPIVersion: \"2023-12-25\",\n\t\t\t},\n\t\t\thandlers,\n\t\t),\n\t}\n\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.SDKVersionUserAgentHandler)\n\tsvc.Handlers.Build.PushBackNamed(corehandlers.AddHostExecEnvUserAgentHandler)\n\tsvc.Handlers.Sign.PushBackNamed(volc.SignRequestHandler)\n\tsvc.Handlers.Build.PushBackNamed(volcenginequery.BuildHandler)\n\tsvc.Handlers.Unmarshal.PushBackNamed(volcenginequery.UnmarshalHandler)\n\tsvc.Handlers.UnmarshalMeta.PushBackNamed(volcenginequery.UnmarshalMetaHandler)\n\tsvc.Handlers.UnmarshalError.PushBackNamed(volcenginequery.UnmarshalErrorHandler)\n\n\treturn svc\n}\n\nfunc (c *WafClient) newRequest(op *request.Operation, params, data interface{}) *request.Request {\n\treq := c.NewRequest(op, params, data)\n\n\treturn req\n}\n\nfunc (c *WafClient) UpdateDomain(input *waf.UpdateDomainInput) (*waf.UpdateDomainOutput, error) {\n\treq, out := c.UpdateDomainRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *WafClient) UpdateDomainRequest(input *waf.UpdateDomainInput) (req *request.Request, output *waf.UpdateDomainOutput) {\n\top := &request.Operation{\n\t\tName: \"UpdateDomain\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &waf.UpdateDomainInput{}\n\t}\n\n\toutput = &waf.UpdateDomainOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n\nfunc (c *WafClient) ListDomain(input *waf.ListDomainInput) (*waf.ListDomainOutput, error) {\n\treq, out := c.ListDomainRequest(input)\n\treturn out, req.Send()\n}\n\nfunc (c *WafClient) ListDomainRequest(input *waf.ListDomainInput) (req *request.Request, output *waf.ListDomainOutput) {\n\top := &request.Operation{\n\t\tName: \"ListDomain\",\n\t\tHTTPMethod: \"POST\",\n\t\tHTTPPath: \"/\",\n\t}\n\n\tif input == nil {\n\t\tinput = &waf.ListDomainInput{}\n\t}\n\n\toutput = &waf.ListDomainOutput{}\n\treq = c.newRequest(op, input, output)\n\n\treq.HTTPRequest.Header.Set(\"Content-Type\", \"application/json; charset=utf-8\")\n\n\treturn\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-waf/volcengine_waf.go",
"content": "package volcenginewaf\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\tvewaf \"github.com/volcengine/volcengine-go-sdk/service/waf\"\n\tve \"github.com/volcengine/volcengine-go-sdk/volcengine\"\n\tvesession \"github.com/volcengine/volcengine-go-sdk/volcengine/session\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/volcengine-certcenter\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-waf/internal\"\n)\n\ntype DeployerConfig struct {\n\t// 火山引擎 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 火山引擎 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 火山引擎地域。\n\tRegion string `json:\"region\"`\n\t// WAF 接入模式。\n\tAccessMode string `json:\"accessMode\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *internal.WafClient\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret, config.Region)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t\tRegion: config.Region,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n\n\td.sdkCertmgr.SetLogger(logger)\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 根据接入方式决定部署方式\n\tswitch d.config.AccessMode {\n\tcase ACCESS_MODE_CNAME:\n\t\tif err := d.deployWithCNAME(ctx, upres.CertId); err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported access mode '%s'\", d.config.AccessMode)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc (d *Deployer) deployWithCNAME(ctx context.Context, cloudCertId string) error {\n\tif d.config.Domain == \"\" {\n\t\treturn errors.New(\"config `domain` is required\")\n\t}\n\n\t// 查询云 WAF 实例防护网站信息\n\t// REF: https://www.volcengine.com/docs/6511/1214827\n\tlistDomainReq := &vewaf.ListDomainInput{\n\t\tRegion: ve.String(d.config.Region),\n\t\tDomain: ve.String(d.config.Domain),\n\t\tAccurateQuery: ve.Int32(1),\n\t\tPage: ve.Int32(1),\n\t\tPageSize: ve.Int32(1),\n\t}\n\tlistDomainResp, err := d.sdkClient.ListDomain(listDomainReq)\n\td.logger.Debug(\"sdk request 'waf.ListDomain'\", slog.Any(\"request\", listDomainReq), slog.Any(\"response\", listDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.ListDomain': %w\", err)\n\t} else if len(listDomainResp.Data) == 0 {\n\t\treturn fmt.Errorf(\"could not find domain '%s'\", d.config.Domain)\n\t}\n\n\t// 更新云 WAF 实例的防护网站信息\n\t// REF: https://www.volcengine.com/docs/6511/1214835\n\tdomainInfo := listDomainResp.Data[0]\n\tupdateDomainReq := &vewaf.UpdateDomainInput{\n\t\tRegion: ve.String(d.config.Region),\n\t\tDomain: ve.String(d.config.Domain),\n\t\tAccessMode: ve.Int32(10),\n\t\tProtocols: ve.StringSlice([]string{\"HTTP\", \"HTTPS\"}),\n\t\tProtocolPorts: &vewaf.ProtocolPortsForUpdateDomainInput{\n\t\t\tHTTP: ve.Int32Slice([]int32{80}),\n\t\t\tHTTPS: ve.Int32Slice([]int32{443}),\n\t\t},\n\t\tVolcCertificateID: ve.String(cloudCertId),\n\t\tCertificatePlatform: ve.String(\"certificate-service\"),\n\t}\n\tif domainInfo.Protocols != nil {\n\t\tprotocols := strings.Split(ve.StringValue(domainInfo.Protocols), \",\")\n\t\tif !lo.Contains(protocols, \"HTTPS\") {\n\t\t\tprotocols = append(protocols, \"HTTPS\")\n\t\t}\n\t\tupdateDomainReq.Protocols = ve.StringSlice(protocols)\n\t}\n\tif domainInfo.ProtocolPorts != nil {\n\t\tupdateDomainReq.ProtocolPorts.HTTP = domainInfo.ProtocolPorts.HTTP\n\t\tif domainInfo.ProtocolPorts.HTTPS != nil {\n\t\t\tupdateDomainReq.ProtocolPorts.HTTPS = domainInfo.ProtocolPorts.HTTPS\n\t\t}\n\t}\n\tupdateDomainResp, err := d.sdkClient.UpdateDomain(updateDomainReq)\n\td.logger.Debug(\"sdk request 'waf.UpdateDomain'\", slog.Any(\"request\", updateDomainReq), slog.Any(\"response\", updateDomainResp))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to execute sdk request 'waf.UpdateDomain': %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret, region string) (*internal.WafClient, error) {\n\tconfig := ve.NewConfig().\n\t\tWithAkSk(accessKeyId, accessKeySecret).\n\t\tWithRegion(region)\n\n\tsession, err := vesession.NewSession(config)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tclient := internal.NewWafClient(session)\n\treturn client, nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/volcengine-waf/volcengine_waf_test.go",
"content": "package volcenginewaf_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/volcengine-waf\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfRegion string\n\tfAccessMode string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"VOLCENGINEWAF_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fRegion, argsPrefix+\"REGION\", \"\", \"\")\n\tflag.StringVar(&fAccessMode, argsPrefix+\"ACCESSMODE\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./volcengine_waf_test.go -args \\\n\t--VOLCENGINEWAF_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--VOLCENGINEWAF_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--VOLCENGINEWAF_ACCESSKEYID=\"your-access-key-id\" \\\n\t--VOLCENGINEWAF_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--VOLCENGINEWAF_REGION=\"cn-beijing\" \\\n\t--VOLCENGINEWAF_ACCESSMODE=\"cname\" \\\n\t--VOLCENGINEWAF_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"REGION: %v\", fRegion),\n\t\t\tfmt.Sprintf(\"ACCESSMODE: %v\", fAccessMode),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tRegion: fRegion,\n\t\t\tAccessMode: fAccessMode,\n\t\t\tDomain: fDomain,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-cdn/consts.go",
"content": "package wangsucdn\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-cdn/wangsu_cdn.go",
"content": "package wangsucdn\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strconv\"\n\t\"strings\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/wangsu-certificate\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\twangsusdk \"github.com/certimate-go/certimate/pkg/sdk3rd/wangsu/cdn\"\n)\n\ntype DeployerConfig struct {\n\t// 网宿云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 网宿云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 域名匹配模式。暂时只支持精确匹配。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名数组(支持泛域名)。\n\tDomains []string `json:\"domains\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *wangsusdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 上传证书\n\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t} else {\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t}\n\n\t// 获取待部署的域名列表\n\tdomains := make([]string, 0)\n\tswitch d.config.DomainMatchPattern {\n\tcase \"\", DOMAIN_MATCH_PATTERN_EXACT:\n\t\t{\n\t\t\tif len(d.config.Domains) == 0 {\n\t\t\t\treturn nil, errors.New(\"config `domains` is required\")\n\t\t\t}\n\n\t\t\t// \"*.example.com\" → \".example.com\",适配网宿云 CDN 要求的泛域名格式\n\t\t\tdomains = lo.Map(d.config.Domains, func(domain string, _ int) string {\n\t\t\t\treturn strings.TrimPrefix(domain, \"*\")\n\t\t\t})\n\t\t}\n\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported domain match pattern: '%s'\", d.config.DomainMatchPattern)\n\t}\n\n\t// 批量修改域名证书配置\n\t// REF: https://www.wangsu.com/document/api-doc/37447\n\tcertId, _ := strconv.ParseInt(upres.CertId, 10, 64)\n\tbatchUpdateCertificateConfigReq := &wangsusdk.BatchUpdateCertificateConfigRequest{\n\t\tCertificateId: certId,\n\t\tDomainNames: domains,\n\t}\n\tbatchUpdateCertificateConfigResp, err := d.sdkClient.BatchUpdateCertificateConfigWithContext(ctx, batchUpdateCertificateConfigReq)\n\td.logger.Debug(\"sdk request 'cdn.BatchUpdateCertificateConfig'\", slog.Any(\"request\", batchUpdateCertificateConfigReq), slog.Any(\"response\", batchUpdateCertificateConfigResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdn.BatchUpdateCertificateConfig': %w\", err)\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {\n\treturn wangsusdk.NewClient(accessKeyId, accessKeySecret)\n}\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-cdn/wangsu_cdn_test.go",
"content": "package wangsucdn_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/wangsu-cdn\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfDomain string\n)\n\nfunc init() {\n\targsPrefix := \"WANGSUCDN_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./wangsu_cdn_test.go -args \\\n\t--WANGSUCDN_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--WANGSUCDN_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--WANGSUCDN_ACCESSKEYID=\"your-access-key-id\" \\\n\t--WANGSUCDN_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--WANGSUCDN_DOMAIN=\"example.com\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tDomains: []string{fDomain},\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-cdnpro/consts.go",
"content": "package wangsucdnpro\n\nconst (\n\t// 匹配模式:精确匹配。\n\tDOMAIN_MATCH_PATTERN_EXACT = \"exact\"\n)\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go",
"content": "package wangsucdnpro\n\nimport (\n\t\"bytes\"\n\t\"context\"\n\t\"crypto/aes\"\n\t\"crypto/cipher\"\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"regexp\"\n\t\"strconv\"\n\t\"time\"\n\n\t\"github.com/samber/lo\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\twangsucdn \"github.com/certimate-go/certimate/pkg/sdk3rd/wangsu/cdnpro\"\n\txwait \"github.com/certimate-go/certimate/pkg/utils/wait\"\n)\n\ntype DeployerConfig struct {\n\t// 网宿云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 网宿云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 网宿云 API Key。\n\tApiKey string `json:\"apiKey\"`\n\t// 网宿云环境。\n\tEnvironment string `json:\"environment\"`\n\t// 域名匹配模式。暂时只支持精确匹配。\n\t// 零值时默认值 [DOMAIN_MATCH_PATTERN_EXACT]。\n\tDomainMatchPattern string `json:\"domainMatchPattern,omitempty\"`\n\t// 加速域名(支持泛域名)。\n\tDomain string `json:\"domain\"`\n\t// 证书 ID。\n\t// 选填。零值时表示新建证书;否则表示更新证书。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n\t// Webhook ID。\n\t// 选填。\n\tWebhookId string `json:\"webhookId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *wangsucdn.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.Domain == \"\" {\n\t\treturn nil, errors.New(\"config `domain` is required\")\n\t}\n\n\t// 查询已部署加速域名的详情\n\tgetHostnameDetailResp, err := d.sdkClient.GetHostnameDetailWithContext(ctx, d.config.Domain)\n\td.logger.Debug(\"sdk request 'cdnpro.GetHostnameDetail'\", slog.String(\"hostname\", d.config.Domain), slog.Any(\"response\", getHostnameDetailResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdnpro.GetHostnameDetail': %w\", err)\n\t}\n\n\t// 生成网宿云证书参数\n\tencryptedPrivateKey, err := encryptPrivateKey(privkeyPEM, d.config.ApiKey, time.Now().Unix())\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to encrypt private key: %w\", err)\n\t}\n\tcertificateNewVersionInfo := &wangsucdn.CertificateVersionInfo{\n\t\tPrivateKey: lo.ToPtr(encryptedPrivateKey),\n\t\tCertificate: lo.ToPtr(certPEM),\n\t}\n\n\t// 网宿云证书 URL 中包含证书 ID 及版本号\n\t// 格式:\n\t// http://open.chinanetcenter.com/cdn/certificates/5dca2205f9e9cc0001df7b33\n\t// http://open.chinanetcenter.com/cdn/certificates/329f12c1fe6708c23c31e91f/versions/5\n\tvar wangsuCertUrl string\n\tvar wangsuCertId string\n\tvar wangsuCertVer int32\n\n\t// 如果原证书 ID 为空,则创建证书;否则更新证书。\n\ttimestamp := time.Now().Unix()\n\tif d.config.CertificateId == \"\" {\n\t\t// 创建证书\n\t\tcreateCertificateReq := &wangsucdn.CreateCertificateRequest{\n\t\t\tTimestamp: timestamp,\n\t\t\tName: lo.ToPtr(fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())),\n\t\t\tAutoRenew: lo.ToPtr(\"Off\"),\n\t\t\tNewVersion: certificateNewVersionInfo,\n\t\t}\n\t\tcreateCertificateResp, err := d.sdkClient.CreateCertificateWithContext(ctx, createCertificateReq)\n\t\td.logger.Debug(\"sdk request 'cdnpro.CreateCertificate'\", slog.Any(\"request\", createCertificateReq), slog.Any(\"response\", createCertificateResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdnpro.CreateCertificate': %w\", err)\n\t\t}\n\n\t\twangsuCertUrl = createCertificateResp.CertificateLocation\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"certUrl\", wangsuCertUrl))\n\n\t\twangsuCertIdMatches := regexp.MustCompile(`/certificates/([a-zA-Z0-9-]+)`).FindStringSubmatch(wangsuCertUrl)\n\t\tif len(wangsuCertIdMatches) > 1 {\n\t\t\twangsuCertId = wangsuCertIdMatches[1]\n\t\t}\n\n\t\twangsuCertVer = 1\n\t} else {\n\t\t// 更新证书\n\t\tupdateCertificateReq := &wangsucdn.UpdateCertificateRequest{\n\t\t\tTimestamp: timestamp,\n\t\t\tName: lo.ToPtr(fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())),\n\t\t\tAutoRenew: lo.ToPtr(\"Off\"),\n\t\t\tNewVersion: certificateNewVersionInfo,\n\t\t}\n\t\tupdateCertificateResp, err := d.sdkClient.UpdateCertificateWithContext(ctx, d.config.CertificateId, updateCertificateReq)\n\t\td.logger.Debug(\"sdk request 'cdnpro.CreateCertificate'\", slog.Any(\"certificateId\", d.config.CertificateId), slog.Any(\"request\", updateCertificateReq), slog.Any(\"response\", updateCertificateResp))\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdnpro.UpdateCertificate': %w\", err)\n\t\t}\n\n\t\twangsuCertUrl = updateCertificateResp.CertificateLocation\n\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"certUrl\", wangsuCertUrl))\n\n\t\twangsuCertIdMatches := regexp.MustCompile(`/certificates/([a-zA-Z0-9-]+)`).FindStringSubmatch(wangsuCertUrl)\n\t\tif len(wangsuCertIdMatches) > 1 {\n\t\t\twangsuCertId = wangsuCertIdMatches[1]\n\t\t}\n\n\t\twangsuCertVerMatches := regexp.MustCompile(`/versions/(\\d+)`).FindStringSubmatch(wangsuCertUrl)\n\t\tif len(wangsuCertVerMatches) > 1 {\n\t\t\tn, _ := strconv.ParseInt(wangsuCertVerMatches[1], 10, 32)\n\t\t\twangsuCertVer = int32(n)\n\t\t}\n\t}\n\n\t// 创建部署任务\n\t// REF: https://www.wangsu.com/document/api-doc/27034\n\tvar wangsuTaskId string\n\tcreateDeploymentTaskReq := &wangsucdn.CreateDeploymentTaskRequest{\n\t\tName: lo.ToPtr(fmt.Sprintf(\"certimate_%d\", time.Now().UnixMilli())),\n\t\tTarget: lo.ToPtr(d.config.Environment),\n\t\tActions: &[]wangsucdn.DeploymentTaskActionInfo{\n\t\t\t{\n\t\t\t\tAction: lo.ToPtr(\"deploy_cert\"),\n\t\t\t\tCertificateId: lo.ToPtr(wangsuCertId),\n\t\t\t\tVersion: lo.ToPtr(wangsuCertVer),\n\t\t\t},\n\t\t},\n\t}\n\tif d.config.WebhookId != \"\" {\n\t\tcreateDeploymentTaskReq.Webhook = lo.ToPtr(d.config.WebhookId)\n\t}\n\tcreateDeploymentTaskResp, err := d.sdkClient.CreateDeploymentTaskWithContext(ctx, createDeploymentTaskReq)\n\td.logger.Debug(\"sdk request 'cdnpro.CreateCertificate'\", slog.Any(\"request\", createDeploymentTaskReq), slog.Any(\"response\", createDeploymentTaskResp))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to execute sdk request 'cdnpro.CreateDeploymentTask': %w\", err)\n\t} else {\n\t\twangsuTaskMatches := regexp.MustCompile(`/deploymentTasks/([a-zA-Z0-9-]+)`).FindStringSubmatch(createDeploymentTaskResp.DeploymentTaskLocation)\n\t\tif len(wangsuTaskMatches) > 1 {\n\t\t\twangsuTaskId = wangsuTaskMatches[1]\n\t\t}\n\t}\n\n\t// 获取部署任务详细信息,等待任务状态变更\n\t// REF: https://www.wangsu.com/document/api-doc/27038\n\tif _, err := xwait.UntilWithContext(ctx, func(_ context.Context, _ int) (bool, error) {\n\t\tgetDeploymentTaskDetailResp, err := d.sdkClient.GetDeploymentTaskDetailWithContext(ctx, wangsuTaskId)\n\t\td.logger.Info(\"sdk request 'cdnpro.GetDeploymentTaskDetail'\", slog.Any(\"taskId\", wangsuTaskId), slog.Any(\"response\", getDeploymentTaskDetailResp))\n\t\tif err != nil {\n\t\t\treturn false, fmt.Errorf(\"failed to execute sdk request 'cdnpro.GetDeploymentTaskDetail': %w\", err)\n\t\t}\n\n\t\tif getDeploymentTaskDetailResp.Status == \"failed\" {\n\t\t\treturn false, fmt.Errorf(\"unexpected wangsu deployment task status\")\n\t\t} else if getDeploymentTaskDetailResp.Status == \"succeeded\" || getDeploymentTaskDetailResp.FinishTime != \"\" {\n\t\t\treturn true, nil\n\t\t}\n\n\t\td.logger.Info(fmt.Sprintf(\"waiting for wangsu deployment task completion (current status: %s) ...\", getDeploymentTaskDetailResp.Status))\n\t\treturn false, nil\n\t}, time.Second*5); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*wangsucdn.Client, error) {\n\treturn wangsucdn.NewClient(accessKeyId, accessKeySecret)\n}\n\nfunc encryptPrivateKey(privkeyPEM string, apiKey string, timestamp int64) (string, error) {\n\tdate := time.Unix(timestamp, 0).UTC()\n\tdateStr := date.Format(\"Mon, 02 Jan 2006 15:04:05 GMT\")\n\n\th := hmac.New(sha256.New, []byte(apiKey))\n\th.Write([]byte(dateStr))\n\taesivkey := h.Sum(nil)\n\taesivkeyHex := hex.EncodeToString(aesivkey)\n\n\tif len(aesivkeyHex) != 64 {\n\t\treturn \"\", fmt.Errorf(\"invalid hmac length: %d\", len(aesivkeyHex))\n\t}\n\tivHex := aesivkeyHex[:32]\n\tkeyHex := aesivkeyHex[32:64]\n\n\tiv, err := hex.DecodeString(ivHex)\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"failed to decode iv: %w\", err)\n\t}\n\n\tkey, err := hex.DecodeString(keyHex)\n\tif err != nil {\n\t\treturn \"\", fmt.Errorf(\"failed to decode key: %w\", err)\n\t}\n\n\tblock, err := aes.NewCipher(key)\n\tif err != nil {\n\t\treturn \"\", err\n\t}\n\n\tplainBytes := []byte(privkeyPEM)\n\tpadlen := aes.BlockSize - len(plainBytes)%aes.BlockSize\n\tif padlen > 0 {\n\t\tpaddata := bytes.Repeat([]byte{byte(padlen)}, padlen)\n\t\tplainBytes = append(plainBytes, paddata...)\n\t}\n\n\tencBytes := make([]byte, len(plainBytes))\n\tmode := cipher.NewCBCEncrypter(block, iv)\n\tmode.CryptBlocks(encBytes, plainBytes)\n\n\treturn base64.StdEncoding.EncodeToString(encBytes), nil\n}\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go",
"content": "package wangsucdnpro_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/wangsu-cdnpro\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfApiKey string\n\tfEnvironment string\n\tfDomain string\n\tfCertificateId string\n\tfWebhookId string\n)\n\nfunc init() {\n\targsPrefix := \"WANGSUCDNPRO_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fApiKey, argsPrefix+\"APIKEY\", \"\", \"\")\n\tflag.StringVar(&fEnvironment, argsPrefix+\"ENVIRONMENT\", \"production\", \"\")\n\tflag.StringVar(&fDomain, argsPrefix+\"DOMAIN\", \"\", \"\")\n\tflag.StringVar(&fCertificateId, argsPrefix+\"CERTIFICATEID\", \"\", \"\")\n\tflag.StringVar(&fWebhookId, argsPrefix+\"WEBHOOKID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./wangsu_cdnpro_test.go -args \\\n\t--WANGSUCDNPRO_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--WANGSUCDNPRO_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--WANGSUCDNPRO_ACCESSKEYID=\"your-access-key-id\" \\\n\t--WANGSUCDNPRO_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--WANGSUCDNPRO_APIKEY=\"your-api-key\" \\\n\t--WANGSUCDNPRO_ENVIRONMENT=\"production\" \\\n\t--WANGSUCDNPRO_DOMAIN=\"example.com\" \\\n\t--WANGSUCDNPRO_CERTIFICATEID=\"your-certificate-id\" \\\n\t--WANGSUCDNPRO_WEBHOOKID=\"your-webhook-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"APIKEY: %v\", fApiKey),\n\t\t\tfmt.Sprintf(\"ENVIRONMENT: %v\", fEnvironment),\n\t\t\tfmt.Sprintf(\"DOMAIN: %v\", fDomain),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t\tfmt.Sprintf(\"WEBHOOKID: %v\", fWebhookId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tApiKey: fApiKey,\n\t\t\tEnvironment: fEnvironment,\n\t\t\tDomain: fDomain,\n\t\t\tCertificateId: fCertificateId,\n\t\t\tWebhookId: fWebhookId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-certificate/wangsu_certificate.go",
"content": "package wangsucertificate\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/certmgr\"\n\tmcertmgr \"github.com/certimate-go/certimate/pkg/core/certmgr/providers/wangsu-certificate\"\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\twangsusdk \"github.com/certimate-go/certimate/pkg/sdk3rd/wangsu/certificate\"\n)\n\ntype DeployerConfig struct {\n\t// 网宿云 AccessKeyId。\n\tAccessKeyId string `json:\"accessKeyId\"`\n\t// 网宿云 AccessKeySecret。\n\tAccessKeySecret string `json:\"accessKeySecret\"`\n\t// 证书 ID。\n\t// 选填。零值时表示新建证书;否则表示更新证书。\n\tCertificateId string `json:\"certificateId,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\tsdkClient *wangsusdk.Client\n\tsdkCertmgr certmgr.Provider\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient, err := createSDKClient(config.AccessKeyId, config.AccessKeySecret)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create client: %w\", err)\n\t}\n\n\tpcertmgr, err := mcertmgr.NewCertmgr(&mcertmgr.CertmgrConfig{\n\t\tAccessKeyId: config.AccessKeyId,\n\t\tAccessKeySecret: config.AccessKeySecret,\n\t})\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"could not create certmgr: %w\", err)\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\tsdkClient: client,\n\t\tsdkCertmgr: pcertmgr,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\tif d.config.CertificateId == \"\" {\n\t\t// 上传证书\n\t\tupres, err := d.sdkCertmgr.Upload(ctx, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to upload certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate uploaded\", slog.Any(\"result\", upres))\n\t\t}\n\t} else {\n\t\t// 替换证书\n\t\topres, err := d.sdkCertmgr.Replace(ctx, d.config.CertificateId, certPEM, privkeyPEM)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to replace certificate file: %w\", err)\n\t\t} else {\n\t\t\td.logger.Info(\"ssl certificate replaced\", slog.Any(\"result\", opres))\n\t\t}\n\t}\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc createSDKClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {\n\treturn wangsusdk.NewClient(accessKeyId, accessKeySecret)\n}\n"
},
{
"path": "pkg/core/deployer/providers/wangsu-certificate/wangsu_certificate_test.go",
"content": "package wangsucertificate_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/wangsu-certificate\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfAccessKeyId string\n\tfAccessKeySecret string\n\tfCertificateId string\n)\n\nfunc init() {\n\targsPrefix := \"WANGSUCERTIFICATE_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fAccessKeyId, argsPrefix+\"ACCESSKEYID\", \"\", \"\")\n\tflag.StringVar(&fAccessKeySecret, argsPrefix+\"ACCESSKEYSECRET\", \"\", \"\")\n\tflag.StringVar(&fCertificateId, argsPrefix+\"CERTIFICATEID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./wangsu_certificate_test.go -args \\\n\t--WANGSUCERTIFICATE_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--WANGSUCERTIFICATE_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--WANGSUCERTIFICATE_ACCESSKEYID=\"your-access-key-id\" \\\n\t--WANGSUCERTIFICATE_ACCESSKEYSECRET=\"your-access-key-secret\" \\\n\t--WANGSUCERTIFICATE_CERTIFICATEID=\"your-certificate-id\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"ACCESSKEYID: %v\", fAccessKeyId),\n\t\t\tfmt.Sprintf(\"ACCESSKEYSECRET: %v\", fAccessKeySecret),\n\t\t\tfmt.Sprintf(\"CERTIFICATEID: %v\", fCertificateId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tAccessKeyId: fAccessKeyId,\n\t\t\tAccessKeySecret: fAccessKeySecret,\n\t\t\tCertificateId: fCertificateId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/deployer/providers/webhook/webhook.go",
"content": "package webhook\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/deployer\"\n\txcert \"github.com/certimate-go/certimate/pkg/utils/cert\"\n\txcertx509 \"github.com/certimate-go/certimate/pkg/utils/cert/x509\"\n)\n\ntype DeployerConfig struct {\n\t// Webhook URL。\n\tWebhookUrl string `json:\"webhookUrl\"`\n\t// Webhook 回调数据(application/json 或 application/x-www-form-urlencoded 格式)。\n\tWebhookData string `json:\"webhookData,omitempty\"`\n\t// 请求谓词。\n\t// 零值时默认值 \"POST\"。\n\tMethod string `json:\"method,omitempty\"`\n\t// 请求标头。\n\tHeaders map[string]string `json:\"headers,omitempty\"`\n\t// 请求超时(单位:秒)。\n\t// 零值时默认值 30。\n\tTimeout int `json:\"timeout,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Deployer struct {\n\tconfig *DeployerConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ deployer.Provider = (*Deployer)(nil)\n\nfunc NewDeployer(config *DeployerConfig) (*Deployer, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the deployer provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetTimeout(30 * time.Second).\n\t\tSetRetryCount(3).\n\t\tSetRetryWaitTime(5 * time.Second)\n\tif config.Timeout > 0 {\n\t\tclient.SetTimeout(time.Duration(config.Timeout) * time.Second)\n\t}\n\tif config.AllowInsecureConnections {\n\t\tclient.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn &Deployer{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (d *Deployer) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\td.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\td.logger = logger\n\t}\n}\n\nfunc (d *Deployer) Deploy(ctx context.Context, certPEM, privkeyPEM string) (*deployer.DeployResult, error) {\n\t// 解析证书内容\n\tcertX509, err := xcert.ParseCertificateFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to parse x509: %w\", err)\n\t}\n\n\t// 提取服务器证书和中间证书\n\tserverCertPEM, intermediaCertPEM, err := xcert.ExtractCertificatesFromPEM(certPEM)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to extract certs: %w\", err)\n\t}\n\n\t// 处理 Webhook URL\n\twebhookUrl, err := url.Parse(d.config.WebhookUrl)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to parse webhook url: %w\", err)\n\t} else if webhookUrl.Scheme != \"http\" && webhookUrl.Scheme != \"https\" {\n\t\treturn nil, fmt.Errorf(\"unsupported webhook url scheme '%s'\", webhookUrl.Scheme)\n\t}\n\n\t// 处理 Webhook 请求谓词\n\twebhookMethod := strings.ToUpper(d.config.Method)\n\tif webhookMethod == \"\" {\n\t\twebhookMethod = http.MethodPost\n\t} else if webhookMethod != http.MethodGet &&\n\t\twebhookMethod != http.MethodPost &&\n\t\twebhookMethod != http.MethodPut &&\n\t\twebhookMethod != http.MethodPatch &&\n\t\twebhookMethod != http.MethodDelete {\n\t\treturn nil, fmt.Errorf(\"unsupported webhook request method '%s'\", webhookMethod)\n\t}\n\n\t// 处理 Webhook 请求标头\n\twebhookHeaders := make(http.Header)\n\tfor k, v := range d.config.Headers {\n\t\twebhookHeaders.Set(k, v)\n\t}\n\n\t// 处理 Webhook 请求内容类型\n\tconst CONTENT_TYPE_JSON = \"application/json\"\n\tconst CONTENT_TYPE_FORM = \"application/x-www-form-urlencoded\"\n\tconst CONTENT_TYPE_MULTIPART = \"multipart/form-data\"\n\twebhookContentType := webhookHeaders.Get(\"Content-Type\")\n\tif webhookContentType == \"\" {\n\t\twebhookContentType = CONTENT_TYPE_JSON\n\t\twebhookHeaders.Set(\"Content-Type\", CONTENT_TYPE_JSON)\n\t} else if strings.HasPrefix(webhookContentType, CONTENT_TYPE_JSON) &&\n\t\tstrings.HasPrefix(webhookContentType, CONTENT_TYPE_FORM) &&\n\t\tstrings.HasPrefix(webhookContentType, CONTENT_TYPE_MULTIPART) {\n\t\treturn nil, fmt.Errorf(\"unsupported webhook content type '%s'\", webhookContentType)\n\t}\n\n\t// 处理 Webhook 请求数据\n\tvar webhookData interface{}\n\tif d.config.WebhookData == \"\" {\n\t\twebhookData = map[string]string{\n\t\t\t\"name\": strings.Join(xcertx509.GetSubjectAltNames(certX509), \";\"),\n\t\t\t\"cert\": certPEM,\n\t\t\t\"privkey\": privkeyPEM,\n\t\t}\n\t} else {\n\t\terr = json.Unmarshal([]byte(d.config.WebhookData), &webhookData)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t}\n\n\t\tif webhookMethod == http.MethodGet || webhookContentType == CONTENT_TYPE_FORM || webhookContentType == CONTENT_TYPE_MULTIPART {\n\t\t\ttemp := make(map[string]string)\n\t\t\tjsonb, err := json.Marshal(webhookData)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t\t} else if err := json.Unmarshal(jsonb, &temp); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t\t} else {\n\t\t\t\twebhookData = temp\n\t\t\t}\n\t\t}\n\t}\n\n\t// 替换变量值\n\twebhookUrl.Path = strings.ReplaceAll(webhookUrl.Path, \"${CERTIMATE_DEPLOYER_COMMONNAME}\", url.PathEscape(xcertx509.GetSubjectCommonName(certX509)))\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_DEPLOYER_COMMONNAME}\", xcertx509.GetSubjectCommonName(certX509))\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_DEPLOYER_SUBJECTALTNAMES}\", strings.Join(xcertx509.GetSubjectAltNames(certX509), \";\"))\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_DEPLOYER_CERTIFICATE}\", certPEM)\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_DEPLOYER_CERTIFICATE_SERVER}\", serverCertPEM)\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_DEPLOYER_CERTIFICATE_INTERMEDIA}\", intermediaCertPEM)\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_DEPLOYER_PRIVATEKEY}\", privkeyPEM)\n\n\t// 兼容旧版变量\n\twebhookUrl.Path = strings.ReplaceAll(webhookUrl.Path, \"${DOMAIN}\", url.PathEscape(certX509.Subject.CommonName))\n\treplaceJsonValueRecursively(webhookData, \"${DOMAIN}\", certX509.Subject.CommonName)\n\treplaceJsonValueRecursively(webhookData, \"${DOMAINS}\", strings.Join(certX509.DNSNames, \";\"))\n\treplaceJsonValueRecursively(webhookData, \"${CERTIFICATE}\", certPEM)\n\treplaceJsonValueRecursively(webhookData, \"${SERVER_CERTIFICATE}\", serverCertPEM)\n\treplaceJsonValueRecursively(webhookData, \"${INTERMEDIA_CERTIFICATE}\", intermediaCertPEM)\n\treplaceJsonValueRecursively(webhookData, \"${PRIVATE_KEY}\", privkeyPEM)\n\n\t// 生成请求\n\t// 其中 GET 请求需转换为查询参数\n\treq := d.httpClient.R().SetHeaderMultiValues(webhookHeaders)\n\treq.URL = webhookUrl.String()\n\treq.Method = webhookMethod\n\tif webhookMethod == http.MethodGet {\n\t\treq.SetQueryParams(webhookData.(map[string]string))\n\t} else {\n\t\tswitch webhookContentType {\n\t\tcase CONTENT_TYPE_JSON:\n\t\t\treq.SetBody(webhookData)\n\t\tcase CONTENT_TYPE_FORM:\n\t\t\treq.SetFormData(webhookData.(map[string]string))\n\t\tcase CONTENT_TYPE_MULTIPART:\n\t\t\treq.SetMultipartFormData(webhookData.(map[string]string))\n\t\t}\n\t}\n\n\t// 发送请求\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to send webhook request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"unexpected webhook response status code: %d\", resp.StatusCode())\n\t}\n\n\td.logger.Debug(\"webhook responded\", slog.Any(\"response\", resp.String()))\n\n\treturn &deployer.DeployResult{}, nil\n}\n\nfunc replaceJsonValueRecursively(data interface{}, oldStr, newStr string) interface{} {\n\tswitch v := data.(type) {\n\tcase map[string]any:\n\t\tfor k, val := range v {\n\t\t\tv[k] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []any:\n\t\tfor i, val := range v {\n\t\t\tv[i] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase string:\n\t\treturn strings.ReplaceAll(v, oldStr, newStr)\n\t}\n\treturn data\n}\n"
},
{
"path": "pkg/core/deployer/providers/webhook/webhook_test.go",
"content": "package webhook_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"os\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/deployer/providers/webhook\"\n)\n\nvar (\n\tfInputCertPath string\n\tfInputKeyPath string\n\tfWebhookUrl string\n\tfWebhookContentType string\n\tfWebhookData string\n)\n\nfunc init() {\n\targsPrefix := \"WEBHOOK_\"\n\n\tflag.StringVar(&fInputCertPath, argsPrefix+\"INPUTCERTPATH\", \"\", \"\")\n\tflag.StringVar(&fInputKeyPath, argsPrefix+\"INPUTKEYPATH\", \"\", \"\")\n\tflag.StringVar(&fWebhookUrl, argsPrefix+\"URL\", \"\", \"\")\n\tflag.StringVar(&fWebhookContentType, argsPrefix+\"CONTENTTYPE\", \"application/json\", \"\")\n\tflag.StringVar(&fWebhookData, argsPrefix+\"DATA\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./webhook_test.go -args \\\n\t--WEBHOOK_INPUTCERTPATH=\"/path/to/your-input-cert.pem\" \\\n\t--WEBHOOK_INPUTKEYPATH=\"/path/to/your-input-key.pem\" \\\n\t--WEBHOOK_URL=\"https://example.com/your-webhook-url\" \\\n\t--WEBHOOK_CONTENTTYPE=\"application/json\" \\\n\t--WEBHOOK_DATA=\"{\\\"certificate\\\":\\\"${CERTIFICATE}\\\",\\\"privateKey\\\":\\\"${PRIVATE_KEY}\\\"}\"\n*/\nfunc TestDeploy(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Deploy\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"INPUTCERTPATH: %v\", fInputCertPath),\n\t\t\tfmt.Sprintf(\"INPUTKEYPATH: %v\", fInputKeyPath),\n\t\t\tfmt.Sprintf(\"WEBHOOKURL: %v\", fWebhookUrl),\n\t\t\tfmt.Sprintf(\"WEBHOOKCONTENTTYPE: %v\", fWebhookContentType),\n\t\t\tfmt.Sprintf(\"WEBHOOKDATA: %v\", fWebhookData),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewDeployer(&provider.DeployerConfig{\n\t\t\tWebhookUrl: fWebhookUrl,\n\t\t\tWebhookData: fWebhookData,\n\t\t\tMethod: \"POST\",\n\t\t\tHeaders: map[string]string{\n\t\t\t\t\"Content-Type\": fWebhookContentType,\n\t\t\t},\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tfInputCertData, _ := os.ReadFile(fInputCertPath)\n\t\tfInputKeyData, _ := os.ReadFile(fInputKeyPath)\n\t\tres, err := provider.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/provider.go",
"content": "package notifier\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n)\n\n// 表示定义消息通知器的抽象类型接口。\ntype Provider interface {\n\t// 设置日志记录器。\n\t//\n\t// 入参:\n\t// - logger:日志记录器实例。\n\tSetLogger(logger *slog.Logger)\n\n\t// 发送通知。\n\t//\n\t// 入参:\n\t// - ctx:上下文。\n\t// - subject:通知主题。\n\t// - message:通知内容。\n\t//\n\t// 出参:\n\t// - res:发送结果。\n\t// - err: 错误。\n\tNotify(ctx context.Context, subject, message string) (_res *NotifyResult, _err error)\n}\n\n// 表示通知发送结果的数据结构。\ntype NotifyResult struct {\n\tExtendedData map[string]any `json:\"extendedData,omitempty\"`\n}\n"
},
{
"path": "pkg/core/notifier/providers/dingtalkbot/dingtalkbot.go",
"content": "package dingtalkbot\n\nimport (\n\t\"context\"\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// 钉钉机器人的 Webhook 地址。\n\tWebhookUrl string `json:\"webhookUrl\"`\n\t// 钉钉机器人的 Secret。\n\tSecret string `json:\"secret\"`\n\t// 自定义消息数据。\n\t// 选填。\n\tCustomPayload string `json:\"customPayload,omitempty\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif config.Secret != \"\" {\n\t\t\t\ttimestamp := fmt.Sprintf(\"%d\", time.Now().UnixMilli())\n\n\t\t\t\th := hmac.New(sha256.New, []byte(config.Secret))\n\t\t\t\th.Write([]byte(fmt.Sprintf(\"%s\\n%s\", timestamp, config.Secret)))\n\t\t\t\tsign := base64.StdEncoding.EncodeToString(h.Sum(nil))\n\n\t\t\t\tqs := req.URL.Query()\n\t\t\t\tqs.Set(\"timestamp\", timestamp)\n\t\t\t\tqs.Set(\"sign\", sign)\n\t\t\t\treq.URL.RawQuery = qs.Encode()\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\twebhookUrl, err := url.Parse(n.config.WebhookUrl)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"dingtalk api error: invalid webhook url: %w\", err)\n\t} else {\n\t\tconst hostname = \"oapi.dingtalk.com\"\n\t\tif webhookUrl.Hostname() != hostname {\n\t\t\tn.logger.Warn(fmt.Sprintf(\"the webhook url hostname is not '%s', please make sure it is correct\", hostname))\n\t\t}\n\t}\n\n\tvar webhookData map[string]any\n\tif n.config.CustomPayload == \"\" {\n\t\twebhookData = map[string]any{\n\t\t\t\"msgtype\": \"text\",\n\t\t\t\"text\": map[string]string{\n\t\t\t\t\"content\": subject + \"\\n\\n\" + message,\n\t\t\t},\n\t\t}\n\t} else {\n\t\terr = json.Unmarshal([]byte(n.config.CustomPayload), &webhookData)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t}\n\n\t\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_SUBJECT}\", subject)\n\t\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_MESSAGE}\", message)\n\n\t\treplaceJsonValueRecursively(webhookData, \"${SUBJECT}\", subject)\n\t\treplaceJsonValueRecursively(webhookData, \"${MESSAGE}\", message)\n\t}\n\n\t// REF: https://open.dingtalk.com/document/development/custom-robots-send-group-messages\n\tvar result struct {\n\t\tErrorCode int `json:\"errcode\"`\n\t\tErrorMessage string `json:\"errmsg\"`\n\t}\n\treq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetBody(webhookData)\n\tresp, err := req.Post(webhookUrl.String())\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"dingtalk api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"dingtalk api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t} else if err := json.Unmarshal(resp.Body(), &result); err != nil {\n\t\treturn nil, fmt.Errorf(\"dingtalk api error: %w (resp: %s)\", err, resp.String())\n\t} else if result.ErrorCode != 0 {\n\t\treturn nil, fmt.Errorf(\"dingtalk api error: errcode='%d', errmsg='%s'\", result.ErrorCode, result.ErrorMessage)\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n\nfunc replaceJsonValueRecursively(data interface{}, oldStr, newStr string) interface{} {\n\tswitch v := data.(type) {\n\tcase map[string]any:\n\t\tfor k, val := range v {\n\t\t\tv[k] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []any:\n\t\tfor i, val := range v {\n\t\t\tv[i] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []string:\n\t\tfor i, s := range v {\n\t\t\tvar val interface{} = s\n\t\t\tvar newVal interface{} = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t\tv[i] = newVal.(string)\n\t\t}\n\tcase string:\n\t\treturn strings.ReplaceAll(v, oldStr, newStr)\n\t}\n\treturn data\n}\n"
},
{
"path": "pkg/core/notifier/providers/dingtalkbot/dingtalkbot_test.go",
"content": "package dingtalkbot_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/dingtalkbot\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar (\n\tfWebhookUrl string\n\tfSecret string\n)\n\nfunc init() {\n\targsPrefix := \"DINGTALKBOT_\"\n\n\tflag.StringVar(&fWebhookUrl, argsPrefix+\"WEBHOOKURL\", \"\", \"\")\n\tflag.StringVar(&fSecret, argsPrefix+\"SECRET\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./dingtalkbot_test.go -args \\\n\t--DINGTALKBOT_WEBHOOKURL=\"https://example.com/your-webhook-url\" \\\n\t--DINGTALKBOT_SECRET=\"your-secret\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"WEBHOOKURL: %v\", fWebhookUrl),\n\t\t\tfmt.Sprintf(\"SECRET: %v\", fSecret),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tWebhookUrl: fWebhookUrl,\n\t\t\tSecret: fSecret,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/discordbot/discordbot.go",
"content": "package discordbot\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// Discord Bot API Token。\n\tBotToken string `json:\"botToken\"`\n\t// Discord Channel ID。\n\tChannelId string `json:\"channelId\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetHeader(\"Authorization\", fmt.Sprintf(\"Bot %s\", config.BotToken)).\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\t// REF: https://discord.com/developers/docs/resources/message#create-message\n\treq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetBody(map[string]any{\n\t\t\t\"content\": subject + \"\\n\" + message,\n\t\t})\n\tresp, err := req.Post(fmt.Sprintf(\"https://discord.com/api/v9/channels/%s/messages\", n.config.ChannelId))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"discord api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"discord api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n"
},
{
"path": "pkg/core/notifier/providers/discordbot/discordbot_test.go",
"content": "package discordbot_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/discordbot\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar (\n\tfApiToken string\n\tfChannelId string\n)\n\nfunc init() {\n\targsPrefix := \"DISCORDBOT_\"\n\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fChannelId, argsPrefix+\"CHANNELID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./discordbot_test.go -args \\\n\t--DISCORDBOT_APITOKEN=\"your-bot-token\" \\\n\t--DISCORDBOT_CHANNELID=\"your-channel-id\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"CHANNELID: %v\", fChannelId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tBotToken: fApiToken,\n\t\t\tChannelId: fChannelId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/email/consts.go",
"content": "package email\n\nconst (\n\tMESSAGE_FORMAT_PLAIN = \"plain\"\n\tMESSAGE_FORMAT_HTML = \"html\"\n)\n"
},
{
"path": "pkg/core/notifier/providers/email/email.go",
"content": "package email\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/microcosm-cc/bluemonday\"\n\n\t\"github.com/certimate-go/certimate/internal/tools/smtp\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// SMTP 服务器地址。\n\tSmtpHost string `json:\"smtpHost\"`\n\t// SMTP 服务器端口。\n\t// 零值时根据是否启用 TLS 决定。\n\tSmtpPort int32 `json:\"smtpPort\"`\n\t// 是否启用 TLS。\n\tSmtpTls bool `json:\"smtpTls\"`\n\t// 用户名。\n\tUsername string `json:\"username\"`\n\t// 密码。\n\tPassword string `json:\"password\"`\n\t// 发件人邮箱。\n\tSenderAddress string `json:\"senderAddress\"`\n\t// 发件人显示名称。\n\tSenderName string `json:\"senderName,omitempty\"`\n\t// 收件人邮箱。\n\tReceiverAddress string `json:\"receiverAddress\"`\n\t// 消息格式。\n\t// 可取值 [MESSAGE_FORMAT_PLAIN]、[MESSAGE_FORMAT_HTML]。\n\t// 零值时默认值 [MESSAGE_FORMAT_PLAIN]。\n\tMessageFormat string `json:\"messageFormat,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\tclientCfg := smtp.NewDefaultConfig()\n\tclientCfg.Host = n.config.SmtpHost\n\tclientCfg.Port = int(n.config.SmtpPort)\n\tclientCfg.Username = n.config.Username\n\tclientCfg.Password = n.config.Password\n\tclientCfg.UseSsl = n.config.SmtpTls\n\tclientCfg.SkipTlsVerify = n.config.AllowInsecureConnections\n\tclient, err := smtp.NewClient(clientCfg)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to create SMTP client: %w\", err)\n\t}\n\n\tdefer client.Close()\n\n\tmsg := smtp.NewMessage()\n\tmsg.Subject(subject)\n\tswitch n.config.MessageFormat {\n\tcase \"\", MESSAGE_FORMAT_PLAIN:\n\t\tmsg.SetBodyString(smtp.MIMETypeTextPlain, message)\n\tcase MESSAGE_FORMAT_HTML:\n\t\tmsg.SetBodyString(smtp.MIMETypeTextHTML, bluemonday.UGCPolicy().Sanitize(message))\n\t\tmsg.AddAlternativeString(smtp.MIMETypeTextPlain, bluemonday.StrictPolicy().Sanitize(message))\n\tdefault:\n\t\treturn nil, fmt.Errorf(\"unsupported message format: '%s'\", n.config.MessageFormat)\n\t}\n\n\tif n.config.SenderName == \"\" {\n\t\tmsg.From(n.config.SenderAddress)\n\t} else {\n\t\tmsg.FromFormat(n.config.SenderName, n.config.SenderAddress)\n\t}\n\tmsg.To(n.config.ReceiverAddress)\n\n\tif err := client.Send(ctx, msg); err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to send mail: %w\", err)\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n"
},
{
"path": "pkg/core/notifier/providers/email/email_test.go",
"content": "package email_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/email\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n\tmockHtmlMessage = \"Hello Certimate! Google \"\n)\n\nvar (\n\tfSmtpHost string\n\tfSmtpPort int64\n\tfSmtpTLS bool\n\tfUsername string\n\tfPassword string\n\tfSenderAddress string\n\tfReceiverAddress string\n)\n\nfunc init() {\n\targsPrefix := \"EMAIL_\"\n\n\tflag.StringVar(&fSmtpHost, argsPrefix+\"SMTPHOST\", \"\", \"\")\n\tflag.Int64Var(&fSmtpPort, argsPrefix+\"SMTPPORT\", 0, \"\")\n\tflag.BoolVar(&fSmtpTLS, argsPrefix+\"SMTPTLS\", false, \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n\tflag.StringVar(&fSenderAddress, argsPrefix+\"SENDERADDRESS\", \"\", \"\")\n\tflag.StringVar(&fReceiverAddress, argsPrefix+\"RECEIVERADDRESS\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./email_test.go -args \\\n\t--EMAIL_SMTPHOST=\"smtp.example.com\" \\\n\t--EMAIL_SMTPPORT=465 \\\n\t--EMAIL_SMTPTLS=true \\\n\t--EMAIL_USERNAME=\"your-username\" \\\n\t--EMAIL_PASSWORD=\"your-password\" \\\n\t--EMAIL_SENDERADDRESS=\"sender@example.com\" \\\n\t--EMAIL_RECEIVERADDRESS=\"receiver@example.com\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"SMTPHOST: %v\", fSmtpHost),\n\t\t\tfmt.Sprintf(\"SMTPPORT: %v\", fSmtpPort),\n\t\t\tfmt.Sprintf(\"SMTPTLS: %v\", fSmtpTLS),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"SENDERADDRESS: %v\", fSenderAddress),\n\t\t\tfmt.Sprintf(\"RECEIVERADDRESS: %v\", fReceiverAddress),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tSmtpHost: fSmtpHost,\n\t\t\tSmtpPort: int32(fSmtpPort),\n\t\t\tSmtpTls: fSmtpTLS,\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tSenderAddress: fSenderAddress,\n\t\t\tReceiverAddress: fReceiverAddress,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n\n\tt.Run(\"Notify_Html\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"SMTPHOST: %v\", fSmtpHost),\n\t\t\tfmt.Sprintf(\"SMTPPORT: %v\", fSmtpPort),\n\t\t\tfmt.Sprintf(\"SMTPTLS: %v\", fSmtpTLS),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t\tfmt.Sprintf(\"SENDERADDRESS: %v\", fSenderAddress),\n\t\t\tfmt.Sprintf(\"RECEIVERADDRESS: %v\", fReceiverAddress),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tSmtpHost: fSmtpHost,\n\t\t\tSmtpPort: int32(fSmtpPort),\n\t\t\tSmtpTls: fSmtpTLS,\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t\tSenderAddress: fSenderAddress,\n\t\t\tReceiverAddress: fReceiverAddress,\n\t\t\tMessageFormat: provider.MESSAGE_FORMAT_HTML,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockHtmlMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/larkbot/larkbot.go",
"content": "package larkbot\n\nimport (\n\t\"context\"\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// 飞书机器人 Webhook 地址。\n\tWebhookUrl string `json:\"webhookUrl\"`\n\t// 飞书机器人的 Secret。\n\tSecret string `json:\"secret\"`\n\t// 自定义消息数据。\n\t// 选填。\n\tCustomPayload string `json:\"customPayload,omitempty\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\twebhookUrl, err := url.Parse(n.config.WebhookUrl)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"lark api error: invalid webhook url: %w\", err)\n\t} else {\n\t\tconst hostname = \"open.larksuite.com\"\n\t\tconst hostname_cn = \"open.feishu.cn\"\n\t\tif webhookUrl.Hostname() != hostname && webhookUrl.Hostname() != hostname_cn {\n\t\t\tn.logger.Warn(fmt.Sprintf(\"the webhook url hostname is not '%s' or '%s', please make sure it is correct\", hostname, hostname_cn))\n\t\t}\n\t}\n\n\tvar webhookData map[string]any\n\tif n.config.CustomPayload == \"\" {\n\t\twebhookData = map[string]any{\n\t\t\t\"msg_type\": \"text\",\n\t\t\t\"content\": map[string]string{\n\t\t\t\t\"text\": subject + \"\\n\\n\" + message,\n\t\t\t},\n\t\t}\n\t} else {\n\t\terr = json.Unmarshal([]byte(n.config.CustomPayload), &webhookData)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t}\n\n\t\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_SUBJECT}\", subject)\n\t\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_MESSAGE}\", message)\n\n\t\treplaceJsonValueRecursively(webhookData, \"${SUBJECT}\", subject)\n\t\treplaceJsonValueRecursively(webhookData, \"${MESSAGE}\", message)\n\t}\n\n\tif n.config.Secret != \"\" {\n\t\ttimestamp := fmt.Sprintf(\"%d\", time.Now().Unix())\n\n\t\tstringToSign := fmt.Sprintf(\"%s\\n%s\", timestamp, n.config.Secret)\n\n\t\th := hmac.New(sha256.New, []byte(stringToSign))\n\t\tvar data []byte\n\t\t_, err := h.Write(data)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"lark api error: failed to calc sign: %w\", err)\n\t\t}\n\t\tsign := base64.StdEncoding.EncodeToString(h.Sum(nil))\n\n\t\twebhookData[\"timestamp\"] = timestamp\n\t\twebhookData[\"sign\"] = sign\n\t}\n\n\t// REF: https://open.feishu.cn/document/client-docs/bot-v3/add-custom-bot\n\t// REF: https://open.larksuite.com/document/client-docs/bot-v3/add-custom-bot\n\tvar result struct {\n\t\tCode int `json:\"code\"`\n\t\tMessage string `json:\"msg\"`\n\t}\n\treq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetBody(webhookData)\n\tresp, err := req.Post(webhookUrl.String())\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"lark api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"lark api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t} else if err := json.Unmarshal(resp.Body(), &result); err != nil {\n\t\treturn nil, fmt.Errorf(\"lark api error: %w (resp: %s)\", err, resp.String())\n\t} else if result.Code != 0 {\n\t\treturn nil, fmt.Errorf(\"lark api error: code='%d', msg='%s'\", result.Code, result.Message)\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n\nfunc replaceJsonValueRecursively(data interface{}, oldStr, newStr string) interface{} {\n\tswitch v := data.(type) {\n\tcase map[string]any:\n\t\tfor k, val := range v {\n\t\t\tv[k] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []any:\n\t\tfor i, val := range v {\n\t\t\tv[i] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []string:\n\t\tfor i, s := range v {\n\t\t\tvar val interface{} = s\n\t\t\tvar newVal interface{} = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t\tv[i] = newVal.(string)\n\t\t}\n\tcase string:\n\t\treturn strings.ReplaceAll(v, oldStr, newStr)\n\t}\n\treturn data\n}\n"
},
{
"path": "pkg/core/notifier/providers/larkbot/larkbot_test.go",
"content": "package larkbot_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/larkbot\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar (\n\tfWebhookUrl string\n\tfSecret string\n)\n\nfunc init() {\n\targsPrefix := \"LARKBOT_\"\n\n\tflag.StringVar(&fWebhookUrl, argsPrefix+\"WEBHOOKURL\", \"\", \"\")\n\tflag.StringVar(&fSecret, argsPrefix+\"SECRET\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./larkbot_test.go -args \\\n\t--LARKBOT_WEBHOOKURL=\"https://example.com/your-webhook-url\" \\\n\t--LARKBOT_SECRET=\"your-secret\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"WEBHOOKURL: %v\", fWebhookUrl),\n\t\t\tfmt.Sprintf(\"SECRET: %v\", fSecret),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tWebhookUrl: fWebhookUrl,\n\t\t\tSecret: fSecret,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/mattermost/mattermost.go",
"content": "package mattermost\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"strings\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// Mattermost 服务地址。\n\tServerUrl string `json:\"serverUrl\"`\n\t// Mattermost 用户名。\n\tUsername string `json:\"username\"`\n\t// Mattermost 密码。\n\tPassword string `json:\"password\"`\n\t// Mattermost 频道 ID。\n\tChannelId string `json:\"channelId\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\tserverUrl := strings.TrimRight(n.config.ServerUrl, \"/\")\n\n\t// REF: https://developers.mattermost.com/api-documentation/#/operations/Login\n\tloginReq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetBody(map[string]any{\n\t\t\t\"login_id\": n.config.Username,\n\t\t\t\"password\": n.config.Password,\n\t\t})\n\tloginResp, err := loginReq.Post(fmt.Sprintf(\"%s/api/v4/users/login\", serverUrl))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"mattermost api error: failed to send request: %w\", err)\n\t} else if loginResp.IsError() {\n\t\treturn nil, fmt.Errorf(\"mattermost api error: unexpected status code: %d (resp: %s)\", loginResp.StatusCode(), loginResp.String())\n\t} else if loginResp.Header().Get(\"Token\") == \"\" {\n\t\treturn nil, fmt.Errorf(\"mattermost api error: received empty login token\")\n\t}\n\n\t// REF: https://developers.mattermost.com/api-documentation/#/operations/CreatePost\n\tpostReq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetHeader(\"Authorization\", \"Bearer \"+loginResp.Header().Get(\"Token\")).\n\t\tSetBody(map[string]any{\n\t\t\t\"channel_id\": n.config.ChannelId,\n\t\t\t\"props\": map[string]interface{}{\n\t\t\t\t\"attachments\": []map[string]interface{}{\n\t\t\t\t\t{\n\t\t\t\t\t\t\"title\": subject,\n\t\t\t\t\t\t\"text\": message,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\tpostResp, err := postReq.Post(fmt.Sprintf(\"%s/api/v4/posts\", serverUrl))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"mattermost api error: failed to send request: %w\", err)\n\t} else if postResp.IsError() {\n\t\treturn nil, fmt.Errorf(\"mattermost api error: unexpected status code: %d (resp: %s)\", postResp.StatusCode(), postResp.String())\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n"
},
{
"path": "pkg/core/notifier/providers/mattermost/mattermost_test.go",
"content": "package mattermost_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/mattermost\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar (\n\tfServerUrl string\n\tfChannelId string\n\tfUsername string\n\tfPassword string\n)\n\nfunc init() {\n\targsPrefix := \"MATTERMOST_\"\n\n\tflag.StringVar(&fServerUrl, argsPrefix+\"SERVERURL\", \"\", \"\")\n\tflag.StringVar(&fChannelId, argsPrefix+\"CHANNELID\", \"\", \"\")\n\tflag.StringVar(&fUsername, argsPrefix+\"USERNAME\", \"\", \"\")\n\tflag.StringVar(&fPassword, argsPrefix+\"PASSWORD\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./mattermost_test.go -args \\\n\t--MATTERMOST_SERVERURL=\"https://example.com/your-server-url\" \\\n\t--MATTERMOST_CHANNELID=\"your-chanel-id\" \\\n\t--MATTERMOST_USERNAME=\"your-username\" \\\n\t--MATTERMOST_PASSWORD=\"your-password\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"SERVERURL: %v\", fServerUrl),\n\t\t\tfmt.Sprintf(\"CHANNELID: %v\", fChannelId),\n\t\t\tfmt.Sprintf(\"USERNAME: %v\", fUsername),\n\t\t\tfmt.Sprintf(\"PASSWORD: %v\", fPassword),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tServerUrl: fServerUrl,\n\t\t\tChannelId: fChannelId,\n\t\t\tUsername: fUsername,\n\t\t\tPassword: fPassword,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/slackbot/slackbot.go",
"content": "package discordbot\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// Slack Bot API Token。\n\tBotToken string `json:\"botToken\"`\n\t// Slack Channel ID。\n\tChannelId string `json:\"channelId\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetHeader(\"Authorization\", fmt.Sprintf(\"Bearer %s\", config.BotToken)).\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\t// REF: https://docs.slack.dev/messaging/sending-and-scheduling-messages#publishing\n\treq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetBody(map[string]any{\n\t\t\t\"token\": n.config.BotToken,\n\t\t\t\"channel\": n.config.ChannelId,\n\t\t\t\"text\": subject + \"\\n\" + message,\n\t\t})\n\tresp, err := req.Post(\"https://slack.com/api/chat.postMessage\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"slack api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"slack api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n"
},
{
"path": "pkg/core/notifier/providers/slackbot/slackbot_test.go",
"content": "package discordbot_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/slackbot\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar (\n\tfApiToken string\n\tfChannelId string\n)\n\nfunc init() {\n\targsPrefix := \"SLACKBOT_\"\n\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fChannelId, argsPrefix+\"CHANNELID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./slackbot_test.go -args \\\n\t--SLACKBOT_APITOKEN=\"your-bot-token\" \\\n\t--SLACKBOT_CHANNELID=\"your-channel-id\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"CHANNELID: %v\", fChannelId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tBotToken: fApiToken,\n\t\t\tChannelId: fChannelId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/telegrambot/telegrambot.go",
"content": "package telegrambot\n\nimport (\n\t\"context\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// Telegram Bot API Token。\n\tBotToken string `json:\"botToken\"`\n\t// Telegram Chat ID。\n\tChatId string `json:\"chatId\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\t// REF: https://core.telegram.org/bots/api#sendmessage\n\treq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetBody(map[string]any{\n\t\t\t\"chat_id\": n.config.ChatId,\n\t\t\t\"text\": subject + \"\\n\" + message,\n\t\t})\n\tresp, err := req.Post(fmt.Sprintf(\"https://api.telegram.org/bot%s/sendMessage\", n.config.BotToken))\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"telegram api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"telegram api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n"
},
{
"path": "pkg/core/notifier/providers/telegrambot/telegrambot_test.go",
"content": "package telegrambot_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/telegrambot\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar (\n\tfApiToken string\n\tfChatId string\n)\n\nfunc init() {\n\targsPrefix := \"TELEGRAMBOT_\"\n\n\tflag.StringVar(&fApiToken, argsPrefix+\"APITOKEN\", \"\", \"\")\n\tflag.StringVar(&fChatId, argsPrefix+\"CHATID\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./telegrambot_test.go -args \\\n\t--TELEGRAMBOT_APITOKEN=\"your-api-token\" \\\n\t--TELEGRAMBOT_CHATID=\"your-chat-id\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"APITOKEN: %v\", fApiToken),\n\t\t\tfmt.Sprintf(\"CHATID: %v\", fChatId),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tBotToken: fApiToken,\n\t\t\tChatId: fChatId,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/webhook/webhook.go",
"content": "package webhook\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// Webhook URL。\n\tWebhookUrl string `json:\"webhookUrl\"`\n\t// Webhook 回调数据(application/json 或 application/x-www-form-urlencoded 格式)。\n\tWebhookData string `json:\"webhookData,omitempty\"`\n\t// 请求谓词。\n\t// 零值时默认值 \"POST\"。\n\tMethod string `json:\"method,omitempty\"`\n\t// 请求标头。\n\tHeaders map[string]string `json:\"headers,omitempty\"`\n\t// 请求超时(单位:秒)。\n\t// 零值时默认值 30。\n\tTimeout int `json:\"timeout,omitempty\"`\n\t// 是否允许不安全的连接。\n\tAllowInsecureConnections bool `json:\"allowInsecureConnections,omitempty\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetTimeout(30 * time.Second).\n\t\tSetRetryCount(3).\n\t\tSetRetryWaitTime(5 * time.Second)\n\tif config.Timeout > 0 {\n\t\tclient.SetTimeout(time.Duration(config.Timeout) * time.Second)\n\t}\n\tif config.AllowInsecureConnections {\n\t\tclient.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})\n\t}\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\t// 处理 Webhook URL\n\twebhookUrl, err := url.Parse(n.config.WebhookUrl)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"failed to parse webhook url: %w\", err)\n\t} else if webhookUrl.Scheme != \"http\" && webhookUrl.Scheme != \"https\" {\n\t\treturn nil, fmt.Errorf(\"unsupported webhook url scheme '%s'\", webhookUrl.Scheme)\n\t}\n\n\t// 处理 Webhook 请求谓词\n\twebhookMethod := strings.ToUpper(n.config.Method)\n\tif webhookMethod == \"\" {\n\t\twebhookMethod = http.MethodPost\n\t} else if webhookMethod != http.MethodGet &&\n\t\twebhookMethod != http.MethodPost &&\n\t\twebhookMethod != http.MethodPut &&\n\t\twebhookMethod != http.MethodPatch &&\n\t\twebhookMethod != http.MethodDelete {\n\t\treturn nil, fmt.Errorf(\"unsupported webhook request method '%s'\", webhookMethod)\n\t}\n\n\t// 处理 Webhook 请求标头\n\twebhookHeaders := make(http.Header)\n\tfor k, v := range n.config.Headers {\n\t\twebhookHeaders.Set(k, v)\n\t}\n\n\t// 处理 Webhook 请求内容类型\n\tconst CONTENT_TYPE_JSON = \"application/json\"\n\tconst CONTENT_TYPE_FORM = \"application/x-www-form-urlencoded\"\n\tconst CONTENT_TYPE_MULTIPART = \"multipart/form-data\"\n\twebhookContentType := webhookHeaders.Get(\"Content-Type\")\n\tif webhookContentType == \"\" {\n\t\twebhookContentType = CONTENT_TYPE_JSON\n\t\twebhookHeaders.Set(\"Content-Type\", CONTENT_TYPE_JSON)\n\t} else if strings.HasPrefix(webhookContentType, CONTENT_TYPE_JSON) &&\n\t\tstrings.HasPrefix(webhookContentType, CONTENT_TYPE_FORM) &&\n\t\tstrings.HasPrefix(webhookContentType, CONTENT_TYPE_MULTIPART) {\n\t\treturn nil, fmt.Errorf(\"unsupported webhook content type '%s'\", webhookContentType)\n\t}\n\n\t// 处理 Webhook 请求数据\n\tvar webhookData interface{}\n\tif n.config.WebhookData == \"\" {\n\t\twebhookData = map[string]string{\n\t\t\t\"subject\": subject,\n\t\t\t\"message\": message,\n\t\t}\n\t} else {\n\t\terr = json.Unmarshal([]byte(n.config.WebhookData), &webhookData)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t}\n\n\t\tif webhookMethod == http.MethodGet || webhookContentType == CONTENT_TYPE_FORM || webhookContentType == CONTENT_TYPE_MULTIPART {\n\t\t\ttemp := make(map[string]string)\n\t\t\tjsonb, err := json.Marshal(webhookData)\n\t\t\tif err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t\t} else if err := json.Unmarshal(jsonb, &temp); err != nil {\n\t\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t\t} else {\n\t\t\t\twebhookData = temp\n\t\t\t}\n\t\t}\n\t}\n\n\t// 替换变量值\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_SUBJECT}\", subject)\n\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_MESSAGE}\", message)\n\n\t// 兼容旧版变量\n\treplaceJsonValueRecursively(webhookData, \"${SUBJECT}\", subject)\n\treplaceJsonValueRecursively(webhookData, \"${MESSAGE}\", message)\n\n\t// 生成请求\n\t// 其中 GET 请求需转换为查询参数\n\treq := n.httpClient.R().SetContext(ctx).SetHeaderMultiValues(webhookHeaders)\n\treq.URL = webhookUrl.String()\n\treq.Method = webhookMethod\n\tif webhookMethod == http.MethodGet {\n\t\treq.SetQueryParams(webhookData.(map[string]string))\n\t} else {\n\t\tswitch webhookContentType {\n\t\tcase CONTENT_TYPE_JSON:\n\t\t\treq.SetBody(webhookData)\n\t\tcase CONTENT_TYPE_FORM:\n\t\t\treq.SetFormData(webhookData.(map[string]string))\n\t\tcase CONTENT_TYPE_MULTIPART:\n\t\t\treq.SetMultipartFormData(webhookData.(map[string]string))\n\t\t}\n\t}\n\n\t// 发送请求\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"webhook error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"webhook error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\tn.logger.Debug(\"webhook responded\", slog.String(\"response\", resp.String()))\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n\nfunc replaceJsonValueRecursively(data interface{}, oldStr, newStr string) interface{} {\n\tswitch v := data.(type) {\n\tcase map[string]any:\n\t\tfor k, val := range v {\n\t\t\tv[k] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []any:\n\t\tfor i, val := range v {\n\t\t\tv[i] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []string:\n\t\tfor i, s := range v {\n\t\t\tvar val interface{} = s\n\t\t\tvar newVal interface{} = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t\tv[i] = newVal.(string)\n\t\t}\n\tcase string:\n\t\treturn strings.ReplaceAll(v, oldStr, newStr)\n\t}\n\treturn data\n}\n"
},
{
"path": "pkg/core/notifier/providers/webhook/webhook_test.go",
"content": "package webhook_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/webhook\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar (\n\tfWebhookUrl string\n\tfWebhookContentType string\n)\n\nfunc init() {\n\targsPrefix := \"WEBHOOK_\"\n\n\tflag.StringVar(&fWebhookUrl, argsPrefix+\"URL\", \"\", \"\")\n\tflag.StringVar(&fWebhookContentType, argsPrefix+\"CONTENTTYPE\", \"application/json\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./webhook_test.go -args \\\n\t--WEBHOOK_URL=\"https://example.com/your-webhook-url\" \\\n\t--WEBHOOK_CONTENTTYPE=\"application/json\"\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"URL: %v\", fWebhookUrl),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tWebhookUrl: fWebhookUrl,\n\t\t\tMethod: \"POST\",\n\t\t\tHeaders: map[string]string{\n\t\t\t\t\"Content-Type\": fWebhookContentType,\n\t\t\t},\n\t\t\tAllowInsecureConnections: true,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/notifier/providers/wecombot/wecombot.go",
"content": "package wecombot\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"log/slog\"\n\t\"net/url\"\n\t\"strings\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n\t\"github.com/certimate-go/certimate/pkg/core/notifier\"\n)\n\ntype NotifierConfig struct {\n\t// 企业微信机器人 Webhook 地址。\n\tWebhookUrl string `json:\"webhookUrl\"`\n\t// 自定义消息数据。\n\t// 选填。\n\tCustomPayload string `json:\"customPayload,omitempty\"`\n}\n\ntype Notifier struct {\n\tconfig *NotifierConfig\n\tlogger *slog.Logger\n\thttpClient *resty.Client\n}\n\nvar _ notifier.Provider = (*Notifier)(nil)\n\nfunc NewNotifier(config *NotifierConfig) (*Notifier, error) {\n\tif config == nil {\n\t\treturn nil, errors.New(\"the configuration of the notifier provider is nil\")\n\t}\n\n\tclient := resty.New().\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Notifier{\n\t\tconfig: config,\n\t\tlogger: slog.Default(),\n\t\thttpClient: client,\n\t}, nil\n}\n\nfunc (n *Notifier) SetLogger(logger *slog.Logger) {\n\tif logger == nil {\n\t\tn.logger = slog.New(slog.DiscardHandler)\n\t} else {\n\t\tn.logger = logger\n\t}\n}\n\nfunc (n *Notifier) Notify(ctx context.Context, subject string, message string) (*notifier.NotifyResult, error) {\n\twebhookUrl, err := url.Parse(n.config.WebhookUrl)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"dingtalk api error: invalid webhook url: %w\", err)\n\t} else {\n\t\tconst hostname = \"qyapi.weixin.qq.com\"\n\t\tif webhookUrl.Hostname() != hostname {\n\t\t\tn.logger.Warn(fmt.Sprintf(\"the webhook url hostname is not '%s', please make sure it is correct\", hostname))\n\t\t}\n\t}\n\n\tvar webhookData map[string]any\n\tif n.config.CustomPayload == \"\" {\n\t\twebhookData = map[string]any{\n\t\t\t\"msgtype\": \"text\",\n\t\t\t\"text\": map[string]string{\n\t\t\t\t\"content\": subject + \"\\n\\n\" + message,\n\t\t\t},\n\t\t}\n\t} else {\n\t\terr = json.Unmarshal([]byte(n.config.CustomPayload), &webhookData)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"failed to unmarshal webhook data: %w\", err)\n\t\t}\n\n\t\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_SUBJECT}\", subject)\n\t\treplaceJsonValueRecursively(webhookData, \"${CERTIMATE_NOTIFIER_MESSAGE}\", message)\n\n\t\treplaceJsonValueRecursively(webhookData, \"${SUBJECT}\", subject)\n\t\treplaceJsonValueRecursively(webhookData, \"${MESSAGE}\", message)\n\t}\n\n\t// REF: https://developer.work.weixin.qq.com/document/path/91770\n\tvar result struct {\n\t\tErrorCode int `json:\"errcode\"`\n\t\tErrorMessage string `json:\"errmsg\"`\n\t}\n\treq := n.httpClient.R().\n\t\tSetContext(ctx).\n\t\tSetBody(webhookData)\n\tresp, err := req.Post(webhookUrl.String())\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"wecom api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn nil, fmt.Errorf(\"wecom api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t} else if err := json.Unmarshal(resp.Body(), &result); err != nil {\n\t\treturn nil, fmt.Errorf(\"wecom api error: %w (resp: %s)\", err, string(resp.Body()))\n\t} else if result.ErrorCode != 0 {\n\t\treturn nil, fmt.Errorf(\"wecom api error: errcode='%d', errmsg='%s'\", result.ErrorCode, result.ErrorMessage)\n\t}\n\n\treturn ¬ifier.NotifyResult{}, nil\n}\n\nfunc replaceJsonValueRecursively(data interface{}, oldStr, newStr string) interface{} {\n\tswitch v := data.(type) {\n\tcase map[string]any:\n\t\tfor k, val := range v {\n\t\t\tv[k] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []any:\n\t\tfor i, val := range v {\n\t\t\tv[i] = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t}\n\tcase []string:\n\t\tfor i, s := range v {\n\t\t\tvar val interface{} = s\n\t\t\tvar newVal interface{} = replaceJsonValueRecursively(val, oldStr, newStr)\n\t\t\tv[i] = newVal.(string)\n\t\t}\n\tcase string:\n\t\treturn strings.ReplaceAll(v, oldStr, newStr)\n\t}\n\treturn data\n}\n"
},
{
"path": "pkg/core/notifier/providers/wecombot/wecombot_test.go",
"content": "package wecombot_test\n\nimport (\n\t\"context\"\n\t\"flag\"\n\t\"fmt\"\n\t\"strings\"\n\t\"testing\"\n\n\tprovider \"github.com/certimate-go/certimate/pkg/core/notifier/providers/wecombot\"\n)\n\nconst (\n\tmockSubject = \"test_subject\"\n\tmockMessage = \"test_message\"\n)\n\nvar fWebhookUrl string\n\nfunc init() {\n\targsPrefix := \"WECOMBOT_\"\n\n\tflag.StringVar(&fWebhookUrl, argsPrefix+\"WEBHOOKURL\", \"\", \"\")\n}\n\n/*\nShell command to run this test:\n\n\tgo test -v ./wecombot_test.go -args \\\n\t--WECOMBOT_WEBHOOKURL=\"https://example.com/your-webhook-url\" \\\n*/\nfunc TestNotify(t *testing.T) {\n\tflag.Parse()\n\n\tt.Run(\"Notify\", func(t *testing.T) {\n\t\tt.Log(strings.Join([]string{\n\t\t\t\"args:\",\n\t\t\tfmt.Sprintf(\"WEBHOOKURL: %v\", fWebhookUrl),\n\t\t}, \"\\n\"))\n\n\t\tprovider, err := provider.NewNotifier(&provider.NotifierConfig{\n\t\t\tWebhookUrl: fWebhookUrl,\n\t\t})\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tres, err := provider.Notify(context.Background(), mockSubject, mockMessage)\n\t\tif err != nil {\n\t\t\tt.Errorf(\"err: %+v\", err)\n\t\t\treturn\n\t\t}\n\n\t\tt.Logf(\"ok: %v\", res)\n\t})\n}\n"
},
{
"path": "pkg/core/shared.go",
"content": "package core\n\nimport (\n\t\"log/slog\"\n)\n\ntype WithLogger interface {\n\tSetLogger(logger *slog.Logger)\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/README.md",
"content": "移动云 Go SDK 文档: [https://ecloud.10086.cn/op-help-center/doc/article/53799](https://ecloud.10086.cn/op-help-center/doc/article/53799)\n\n移动云 Go SDK 下载地址: [https://ecloud.10086.cn/api/query/developer/nexus/service/rest/repository/browse/go-sdk/gitlab.ecloud.com/ecloud/](https://ecloud.10086.cn/api/query/developer/nexus/service/rest/repository/browse/go-sdk/gitlab.ecloud.com/ecloud/)\n\n---\n\n将其引入本地目录的原因是:\n\n1. 原始包必须通过移动云私有仓库获取, 为构建带来不便。\n2. 原始包存在部分内容错误, 需要自行修改, 如:\n - 存在一些编译错误;\n - 返回错误的时候, 未返回错误信息;\n - 解析响应体错误。\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/client.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage ecloudsdkclouddns\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkclouddns/model\"\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore\"\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/config\"\n)\n\ntype Client struct {\n\tAPIClient *ecloudsdkcore.APIClient\n\tconfig *config.Config\n\thttpRequest *ecloudsdkcore.HttpRequest\n}\n\nfunc NewClient(config *config.Config) *Client {\n\tclient := &Client{}\n\tclient.config = config\n\tapiClient := ecloudsdkcore.NewAPIClient()\n\thttpRequest := ecloudsdkcore.NewDefaultHttpRequest()\n\thttpRequest.Product = product\n\thttpRequest.Version = version\n\thttpRequest.SdkVersion = sdkVersion\n\tclient.httpRequest = httpRequest\n\tclient.APIClient = apiClient\n\treturn client\n}\n\nfunc NewClientByCustomized(config *config.Config, httpRequest *ecloudsdkcore.HttpRequest) *Client {\n\tclient := &Client{}\n\tclient.config = config\n\tapiClient := ecloudsdkcore.NewAPIClient()\n\thttpRequest.Product = product\n\thttpRequest.Version = version\n\thttpRequest.SdkVersion = sdkVersion\n\tclient.httpRequest = httpRequest\n\tclient.APIClient = apiClient\n\treturn client\n}\n\nconst (\n\tproduct string = \"clouddns\"\n\tversion string = \"v1\"\n\tsdkVersion string = \"1.0.1\"\n)\n\n// CreateRecord 新增解析记录\nfunc (c *Client) CreateRecord(request *model.CreateRecordRequest) (*model.CreateRecordResponse, error) {\n\tc.httpRequest.Action = \"createRecord\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.CreateRecordResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n\n// CreateRecordOpenapi 新增解析记录Openapi\nfunc (c *Client) CreateRecordOpenapi(request *model.CreateRecordOpenapiRequest) (*model.CreateRecordOpenapiResponse, error) {\n\tc.httpRequest.Action = \"createRecordOpenapi\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.CreateRecordOpenapiResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n\n// DeleteRecord 删除解析记录\nfunc (c *Client) DeleteRecord(request *model.DeleteRecordRequest) (*model.DeleteRecordResponse, error) {\n\tc.httpRequest.Action = \"deleteRecord\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.DeleteRecordResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n\n// DeleteRecordOpenapi 删除解析记录Openapi\nfunc (c *Client) DeleteRecordOpenapi(request *model.DeleteRecordOpenapiRequest) (*model.DeleteRecordOpenapiResponse, error) {\n\tc.httpRequest.Action = \"deleteRecordOpenapi\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.DeleteRecordOpenapiResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n\n// ListRecord 查询解析记录\nfunc (c *Client) ListRecord(request *model.ListRecordRequest) (*model.ListRecordResponse, error) {\n\tc.httpRequest.Action = \"listRecord\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.ListRecordResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n\n// ListRecordOpenapi 查询解析记录Openapi\nfunc (c *Client) ListRecordOpenapi(request *model.ListRecordOpenapiRequest) (*model.ListRecordOpenapiResponse, error) {\n\tc.httpRequest.Action = \"listRecordOpenapi\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.ListRecordOpenapiResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n\n// ModifyRecord 修改解析记录\nfunc (c *Client) ModifyRecord(request *model.ModifyRecordRequest) (*model.ModifyRecordResponse, error) {\n\tc.httpRequest.Action = \"modifyRecord\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.ModifyRecordResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n\n// ModifyRecordOpenapi 修改解析记录Openapi\nfunc (c *Client) ModifyRecordOpenapi(request *model.ModifyRecordOpenapiRequest) (*model.ModifyRecordOpenapiResponse, error) {\n\tc.httpRequest.Action = \"modifyRecordOpenapi\"\n\tc.httpRequest.Body = request\n\treturnValue := &model.ModifyRecordOpenapiResponse{}\n\tif _, err := c.APIClient.Excute(c.httpRequest, c.config, returnValue); err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treturn returnValue, nil\n\t}\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/go.mod",
"content": "module gitlab.ecloud.com/ecloud/ecloudsdkclouddns\n\ngo 1.14\n\nrequire gitlab.ecloud.com/ecloud/ecloudsdkcore v1.0.0\n\nreplace gitlab.ecloud.com/ecloud/ecloudsdkcore v1.0.0 => ../ecloudsdkcore@v1.0.0\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype CreateRecordBodyTypeEnum string\n\n// List of Type\nconst (\n\tCreateRecordBodyTypeEnumA CreateRecordBodyTypeEnum = \"A\"\n\tCreateRecordBodyTypeEnumAaaa CreateRecordBodyTypeEnum = \"AAAA\"\n\tCreateRecordBodyTypeEnumCaa CreateRecordBodyTypeEnum = \"CAA\"\n\tCreateRecordBodyTypeEnumCmauth CreateRecordBodyTypeEnum = \"CMAUTH\"\n\tCreateRecordBodyTypeEnumCname CreateRecordBodyTypeEnum = \"CNAME\"\n\tCreateRecordBodyTypeEnumMx CreateRecordBodyTypeEnum = \"MX\"\n\tCreateRecordBodyTypeEnumNs CreateRecordBodyTypeEnum = \"NS\"\n\tCreateRecordBodyTypeEnumPtr CreateRecordBodyTypeEnum = \"PTR\"\n\tCreateRecordBodyTypeEnumRp CreateRecordBodyTypeEnum = \"RP\"\n\tCreateRecordBodyTypeEnumSpf CreateRecordBodyTypeEnum = \"SPF\"\n\tCreateRecordBodyTypeEnumSrv CreateRecordBodyTypeEnum = \"SRV\"\n\tCreateRecordBodyTypeEnumTxt CreateRecordBodyTypeEnum = \"TXT\"\n\tCreateRecordBodyTypeEnumUrl CreateRecordBodyTypeEnum = \"URL\"\n)\n\ntype CreateRecordBody struct {\n\tposition.Body\n\t// 主机头\n\tRr string `json:\"rr\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId\"`\n\n\t// MX优先级,若“记录类型”选择”MX”,则需要配置该参数,默认是5\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType CreateRecordBodyTypeEnum `json:\"type\"`\n\n\t// 缓存的生命周期,默认可配置600s\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_openapi_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype CreateRecordOpenapiBodyTypeEnum string\n\n// List of Type\nconst (\n\tCreateRecordOpenapiBodyTypeEnumA CreateRecordOpenapiBodyTypeEnum = \"A\"\n\tCreateRecordOpenapiBodyTypeEnumAaaa CreateRecordOpenapiBodyTypeEnum = \"AAAA\"\n\tCreateRecordOpenapiBodyTypeEnumCname CreateRecordOpenapiBodyTypeEnum = \"CNAME\"\n\tCreateRecordOpenapiBodyTypeEnumMx CreateRecordOpenapiBodyTypeEnum = \"MX\"\n\tCreateRecordOpenapiBodyTypeEnumTxt CreateRecordOpenapiBodyTypeEnum = \"TXT\"\n\tCreateRecordOpenapiBodyTypeEnumNs CreateRecordOpenapiBodyTypeEnum = \"NS\"\n\tCreateRecordOpenapiBodyTypeEnumSpf CreateRecordOpenapiBodyTypeEnum = \"SPF\"\n\tCreateRecordOpenapiBodyTypeEnumSrv CreateRecordOpenapiBodyTypeEnum = \"SRV\"\n\tCreateRecordOpenapiBodyTypeEnumCaa CreateRecordOpenapiBodyTypeEnum = \"CAA\"\n\tCreateRecordOpenapiBodyTypeEnumCmauth CreateRecordOpenapiBodyTypeEnum = \"CMAUTH\"\n)\n\ntype CreateRecordOpenapiBody struct {\n\tposition.Body\n\t// 主机头\n\tRr string `json:\"rr\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId\"`\n\n\t// MX优先级,若“记录类型”选择”MX”,则需要配置该参数,默认是5\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType CreateRecordOpenapiBodyTypeEnum `json:\"type\"`\n\n\t// 缓存的生命周期,默认可配置600s\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_openapi_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordOpenapiRequest struct {\n\tCreateRecordOpenapiBody *CreateRecordOpenapiBody `json:\"createRecordOpenapiBody,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_openapi_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordOpenapiResponseStateEnum string\n\n// List of State\nconst (\n\tCreateRecordOpenapiResponseStateEnumError CreateRecordOpenapiResponseStateEnum = \"ERROR\"\n\tCreateRecordOpenapiResponseStateEnumException CreateRecordOpenapiResponseStateEnum = \"EXCEPTION\"\n\tCreateRecordOpenapiResponseStateEnumForbidden CreateRecordOpenapiResponseStateEnum = \"FORBIDDEN\"\n\tCreateRecordOpenapiResponseStateEnumOk CreateRecordOpenapiResponseStateEnum = \"OK\"\n)\n\ntype CreateRecordOpenapiResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState CreateRecordOpenapiResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *CreateRecordOpenapiResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_openapi_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordOpenapiResponseBodyTypeEnum string\n\n// List of Type\nconst (\n\tCreateRecordOpenapiResponseBodyTypeEnumA CreateRecordOpenapiResponseBodyTypeEnum = \"A\"\n\tCreateRecordOpenapiResponseBodyTypeEnumAaaa CreateRecordOpenapiResponseBodyTypeEnum = \"AAAA\"\n\tCreateRecordOpenapiResponseBodyTypeEnumCname CreateRecordOpenapiResponseBodyTypeEnum = \"CNAME\"\n\tCreateRecordOpenapiResponseBodyTypeEnumMx CreateRecordOpenapiResponseBodyTypeEnum = \"MX\"\n\tCreateRecordOpenapiResponseBodyTypeEnumTxt CreateRecordOpenapiResponseBodyTypeEnum = \"TXT\"\n\tCreateRecordOpenapiResponseBodyTypeEnumNs CreateRecordOpenapiResponseBodyTypeEnum = \"NS\"\n\tCreateRecordOpenapiResponseBodyTypeEnumSpf CreateRecordOpenapiResponseBodyTypeEnum = \"SPF\"\n\tCreateRecordOpenapiResponseBodyTypeEnumSrv CreateRecordOpenapiResponseBodyTypeEnum = \"SRV\"\n\tCreateRecordOpenapiResponseBodyTypeEnumCaa CreateRecordOpenapiResponseBodyTypeEnum = \"CAA\"\n\tCreateRecordOpenapiResponseBodyTypeEnumCmauth CreateRecordOpenapiResponseBodyTypeEnum = \"CMAUTH\"\n)\n\ntype CreateRecordOpenapiResponseBodyStateEnum string\n\n// List of State\nconst (\n\tCreateRecordOpenapiResponseBodyStateEnumDisabled CreateRecordOpenapiResponseBodyStateEnum = \"DISABLED\"\n\tCreateRecordOpenapiResponseBodyStateEnumEnabled CreateRecordOpenapiResponseBodyStateEnum = \"ENABLED\"\n)\n\ntype CreateRecordOpenapiResponseBody struct {\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 修改时间\n\tModifiedTime string `json:\"modifiedTime,omitempty\"`\n\n\t// 线路中文名\n\tLineZh string `json:\"lineZh,omitempty\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// 权重值\n\tWeight *int32 `json:\"weight,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType CreateRecordOpenapiResponseBodyTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 标签\n\tTags *[]CreateRecordOpenapiResponseTags `json:\"tags,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName,omitempty\"`\n\n\t// 线路英文名\n\tLineEn string `json:\"lineEn,omitempty\"`\n\n\t// 状态\n\tState CreateRecordOpenapiResponseBodyStateEnum `json:\"state,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n\n\t// 定时发布时间\n\tPubdate string `json:\"pubdate,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_openapi_response_tags.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordOpenapiResponseTags struct {\n\t// 标签ID\n\tTagId string `json:\"tagId,omitempty\"`\n\n\t// 标签名称\n\tValue string `json:\"value,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordRequest struct {\n\tCreateRecordBody *CreateRecordBody `json:\"createRecordBody,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordResponseStateEnum string\n\n// List of State\nconst (\n\tCreateRecordResponseStateEnumError CreateRecordResponseStateEnum = \"ERROR\"\n\tCreateRecordResponseStateEnumException CreateRecordResponseStateEnum = \"EXCEPTION\"\n\tCreateRecordResponseStateEnumForbidden CreateRecordResponseStateEnum = \"FORBIDDEN\"\n\tCreateRecordResponseStateEnumOk CreateRecordResponseStateEnum = \"OK\"\n)\n\ntype CreateRecordResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState CreateRecordResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *CreateRecordResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordResponseBodyTypeEnum string\n\n// List of Type\nconst (\n\tCreateRecordResponseBodyTypeEnumA CreateRecordResponseBodyTypeEnum = \"A\"\n\tCreateRecordResponseBodyTypeEnumAaaa CreateRecordResponseBodyTypeEnum = \"AAAA\"\n\tCreateRecordResponseBodyTypeEnumCaa CreateRecordResponseBodyTypeEnum = \"CAA\"\n\tCreateRecordResponseBodyTypeEnumCmauth CreateRecordResponseBodyTypeEnum = \"CMAUTH\"\n\tCreateRecordResponseBodyTypeEnumCname CreateRecordResponseBodyTypeEnum = \"CNAME\"\n\tCreateRecordResponseBodyTypeEnumMx CreateRecordResponseBodyTypeEnum = \"MX\"\n\tCreateRecordResponseBodyTypeEnumNs CreateRecordResponseBodyTypeEnum = \"NS\"\n\tCreateRecordResponseBodyTypeEnumPtr CreateRecordResponseBodyTypeEnum = \"PTR\"\n\tCreateRecordResponseBodyTypeEnumRp CreateRecordResponseBodyTypeEnum = \"RP\"\n\tCreateRecordResponseBodyTypeEnumSpf CreateRecordResponseBodyTypeEnum = \"SPF\"\n\tCreateRecordResponseBodyTypeEnumSrv CreateRecordResponseBodyTypeEnum = \"SRV\"\n\tCreateRecordResponseBodyTypeEnumTxt CreateRecordResponseBodyTypeEnum = \"TXT\"\n\tCreateRecordResponseBodyTypeEnumUrl CreateRecordResponseBodyTypeEnum = \"URL\"\n)\n\ntype CreateRecordResponseBodyTimedStatusEnum string\n\n// List of TimedStatus\nconst (\n\tCreateRecordResponseBodyTimedStatusEnumDisabled CreateRecordResponseBodyTimedStatusEnum = \"DISABLED\"\n\tCreateRecordResponseBodyTimedStatusEnumEnabled CreateRecordResponseBodyTimedStatusEnum = \"ENABLED\"\n\tCreateRecordResponseBodyTimedStatusEnumTimed CreateRecordResponseBodyTimedStatusEnum = \"TIMED\"\n)\n\ntype CreateRecordResponseBodyStateEnum string\n\n// List of State\nconst (\n\tCreateRecordResponseBodyStateEnumDisabled CreateRecordResponseBodyStateEnum = \"DISABLED\"\n\tCreateRecordResponseBodyStateEnumEnabled CreateRecordResponseBodyStateEnum = \"ENABLED\"\n)\n\ntype CreateRecordResponseBody struct {\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 修改时间\n\tModifiedTime string `json:\"modifiedTime,omitempty\"`\n\n\t// 线路中文名\n\tLineZh string `json:\"lineZh,omitempty\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// 权重值\n\tWeight *int32 `json:\"weight,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType CreateRecordResponseBodyTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 标签\n\tTags *[]CreateRecordResponseTags `json:\"tags,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 定时状态\n\tTimedStatus CreateRecordResponseBodyTimedStatusEnum `json:\"timedStatus,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName,omitempty\"`\n\n\t// 线路英文名\n\tLineEn string `json:\"lineEn,omitempty\"`\n\n\t// 状态\n\tState CreateRecordResponseBodyStateEnum `json:\"state,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n\n\t// 定时发布时间\n\tPubdate string `json:\"pubdate,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/create_record_response_tags.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype CreateRecordResponseTags struct {\n\t// 标签ID\n\tTagId string `json:\"tagId,omitempty\"`\n\n\t// 标签名称\n\tValue string `json:\"value,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype DeleteRecordBody struct {\n\tposition.Body\n\t// 解析记录ID列表\n\tRecordIdList []string `json:\"recordIdList\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_openapi_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype DeleteRecordOpenapiBody struct {\n\tposition.Body\n\t// 待删除的解析记录ID请求体\n\tRecordIdList []string `json:\"recordIdList\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_openapi_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype DeleteRecordOpenapiRequest struct {\n\tDeleteRecordOpenapiBody *DeleteRecordOpenapiBody `json:\"deleteRecordOpenapiBody,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_openapi_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype DeleteRecordOpenapiResponseStateEnum string\n\n// List of State\nconst (\n\tDeleteRecordOpenapiResponseStateEnumError DeleteRecordOpenapiResponseStateEnum = \"ERROR\"\n\tDeleteRecordOpenapiResponseStateEnumException DeleteRecordOpenapiResponseStateEnum = \"EXCEPTION\"\n\tDeleteRecordOpenapiResponseStateEnumForbidden DeleteRecordOpenapiResponseStateEnum = \"FORBIDDEN\"\n\tDeleteRecordOpenapiResponseStateEnumOk DeleteRecordOpenapiResponseStateEnum = \"OK\"\n)\n\ntype DeleteRecordOpenapiResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState DeleteRecordOpenapiResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *[]DeleteRecordOpenapiResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_openapi_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype DeleteRecordOpenapiResponseBodyCodeEnum string\n\n// List of Code\nconst (\n\tDeleteRecordOpenapiResponseBodyCodeEnumError DeleteRecordOpenapiResponseBodyCodeEnum = \"ERROR\"\n\tDeleteRecordOpenapiResponseBodyCodeEnumSuccess DeleteRecordOpenapiResponseBodyCodeEnum = \"SUCCESS\"\n)\n\ntype DeleteRecordOpenapiResponseBody struct {\n\t// 结果说明\n\tMsg string `json:\"msg,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 结果码\n\tCode DeleteRecordOpenapiResponseBodyCodeEnum `json:\"code,omitempty\"`\n\n\t// 域名\n\tDomainName string `json:\"domainName,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype DeleteRecordRequest struct {\n\tDeleteRecordBody *DeleteRecordBody `json:\"deleteRecordBody,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype DeleteRecordResponseStateEnum string\n\n// List of State\nconst (\n\tDeleteRecordResponseStateEnumError DeleteRecordResponseStateEnum = \"ERROR\"\n\tDeleteRecordResponseStateEnumException DeleteRecordResponseStateEnum = \"EXCEPTION\"\n\tDeleteRecordResponseStateEnumForbidden DeleteRecordResponseStateEnum = \"FORBIDDEN\"\n\tDeleteRecordResponseStateEnumOk DeleteRecordResponseStateEnum = \"OK\"\n)\n\ntype DeleteRecordResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState DeleteRecordResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *[]DeleteRecordResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/delete_record_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype DeleteRecordResponseBodyCodeEnum string\n\n// List of Code\nconst (\n\tDeleteRecordResponseBodyCodeEnumError DeleteRecordResponseBodyCodeEnum = \"ERROR\"\n\tDeleteRecordResponseBodyCodeEnumSuccess DeleteRecordResponseBodyCodeEnum = \"SUCCESS\"\n)\n\ntype DeleteRecordResponseBody struct {\n\t// 结果说明\n\tMsg string `json:\"msg,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 结果码\n\tCode DeleteRecordResponseBodyCodeEnum `json:\"code,omitempty\"`\n\n\t// 域名\n\tDomainName string `json:\"domainName,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype ListRecordBody struct {\n\tposition.Body\n\t// 域名\n\tDomainName string `json:\"domainName\"`\n\n\t// 可以匹配主机头rr、记录值value、备注description,并且是模糊搜索\n\tDataLike string `json:\"dataLike,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_openapi_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype ListRecordOpenapiBody struct {\n\tposition.Body\n\t// 域名\n\tDomainName string `json:\"domainName\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_openapi_query.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype ListRecordOpenapiQuery struct {\n\tposition.Query\n\t// 页大小\n\tPageSize *int32 `json:\"pageSize,omitempty\"`\n\n\t// 当前页\n\tPage *int32 `json:\"page,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_openapi_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordOpenapiRequest struct {\n\tListRecordOpenapiQuery *ListRecordOpenapiQuery `json:\"listRecordOpenapiQuery,omitempty\"`\n\n\tListRecordOpenapiBody *ListRecordOpenapiBody `json:\"listRecordOpenapiBody,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_openapi_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordOpenapiResponseStateEnum string\n\n// List of State\nconst (\n\tListRecordOpenapiResponseStateEnumError ListRecordOpenapiResponseStateEnum = \"ERROR\"\n\tListRecordOpenapiResponseStateEnumException ListRecordOpenapiResponseStateEnum = \"EXCEPTION\"\n\tListRecordOpenapiResponseStateEnumForbidden ListRecordOpenapiResponseStateEnum = \"FORBIDDEN\"\n\tListRecordOpenapiResponseStateEnumOk ListRecordOpenapiResponseStateEnum = \"OK\"\n)\n\ntype ListRecordOpenapiResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState ListRecordOpenapiResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *ListRecordOpenapiResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_openapi_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordOpenapiResponseBody struct {\n\t// 当前页的具体数据列表\n\tData *[]ListRecordOpenapiResponseData `json:\"data,omitempty\"`\n\n\t// 总数据量\n\tTotalNum *int32 `json:\"totalNum,omitempty\"`\n\n\t// 总页数\n\tTotalPages *int32 `json:\"totalPages,omitempty\"`\n\n\t// 页大小\n\tPageSize *int32 `json:\"pageSize,omitempty\"`\n\n\t// 当前页码,从0开始,0表示第一页\n\tPage *int32 `json:\"page,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_openapi_response_data.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordOpenapiResponseDataTypeEnum string\n\n// List of Type\nconst (\n\tListRecordOpenapiResponseDataTypeEnumA ListRecordOpenapiResponseDataTypeEnum = \"A\"\n\tListRecordOpenapiResponseDataTypeEnumAaaa ListRecordOpenapiResponseDataTypeEnum = \"AAAA\"\n\tListRecordOpenapiResponseDataTypeEnumCname ListRecordOpenapiResponseDataTypeEnum = \"CNAME\"\n\tListRecordOpenapiResponseDataTypeEnumMx ListRecordOpenapiResponseDataTypeEnum = \"MX\"\n\tListRecordOpenapiResponseDataTypeEnumTxt ListRecordOpenapiResponseDataTypeEnum = \"TXT\"\n\tListRecordOpenapiResponseDataTypeEnumNs ListRecordOpenapiResponseDataTypeEnum = \"NS\"\n\tListRecordOpenapiResponseDataTypeEnumSpf ListRecordOpenapiResponseDataTypeEnum = \"SPF\"\n\tListRecordOpenapiResponseDataTypeEnumSrv ListRecordOpenapiResponseDataTypeEnum = \"SRV\"\n\tListRecordOpenapiResponseDataTypeEnumCaa ListRecordOpenapiResponseDataTypeEnum = \"CAA\"\n\tListRecordOpenapiResponseDataTypeEnumCmauth ListRecordOpenapiResponseDataTypeEnum = \"CMAUTH\"\n)\n\ntype ListRecordOpenapiResponseDataTimedStatusEnum string\n\n// List of TimedStatus\nconst (\n\tListRecordOpenapiResponseDataTimedStatusEnumDisabled ListRecordOpenapiResponseDataTimedStatusEnum = \"DISABLED\"\n\tListRecordOpenapiResponseDataTimedStatusEnumEnabled ListRecordOpenapiResponseDataTimedStatusEnum = \"ENABLED\"\n\tListRecordOpenapiResponseDataTimedStatusEnumTimed ListRecordOpenapiResponseDataTimedStatusEnum = \"TIMED\"\n)\n\ntype ListRecordOpenapiResponseDataStateEnum string\n\n// List of State\nconst (\n\tListRecordOpenapiResponseDataStateEnumDisabled ListRecordOpenapiResponseDataStateEnum = \"DISABLED\"\n\tListRecordOpenapiResponseDataStateEnumEnabled ListRecordOpenapiResponseDataStateEnum = \"ENABLED\"\n)\n\ntype ListRecordOpenapiResponseData struct {\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 修改时间\n\tModifiedTime string `json:\"modifiedTime,omitempty\"`\n\n\t// 线路中文名\n\tLineZh string `json:\"lineZh,omitempty\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// 权重值\n\tWeight *int32 `json:\"weight,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType ListRecordOpenapiResponseDataTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 标签\n\tTags *[]ListRecordOpenapiResponseTags `json:\"tags,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 定时状态\n\tTimedStatus ListRecordOpenapiResponseDataTimedStatusEnum `json:\"timedStatus,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName,omitempty\"`\n\n\t// 线路英文名\n\tLineEn string `json:\"lineEn,omitempty\"`\n\n\t// 状态\n\tState ListRecordOpenapiResponseDataStateEnum `json:\"state,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n\n\t// 定时发布时间\n\tPubdate string `json:\"pubdate,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_openapi_response_tags.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordOpenapiResponseTags struct {\n\t// 标签ID\n\tTagId string `json:\"tagId,omitempty\"`\n\n\t// 标签名称\n\tValue string `json:\"value,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_query.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype ListRecordQuery struct {\n\tposition.Query\n\t// 页大小\n\tPageSize *int32 `json:\"pageSize,omitempty\"`\n\n\t// 当前页\n\tCurrentPage *int32 `json:\"currentPage,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordRequest struct {\n\tListRecordBody *ListRecordBody `json:\"listRecordBody,omitempty\"`\n\n\tListRecordQuery *ListRecordQuery `json:\"listRecordQuery,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordResponseStateEnum string\n\n// List of State\nconst (\n\tListRecordResponseStateEnumError ListRecordResponseStateEnum = \"ERROR\"\n\tListRecordResponseStateEnumException ListRecordResponseStateEnum = \"EXCEPTION\"\n\tListRecordResponseStateEnumForbidden ListRecordResponseStateEnum = \"FORBIDDEN\"\n\tListRecordResponseStateEnumOk ListRecordResponseStateEnum = \"OK\"\n)\n\ntype ListRecordResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState ListRecordResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *ListRecordResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordResponseBody struct {\n\t// 总页数\n\tTotalPages *int32 `json:\"totalPages,omitempty\"`\n\n\t// 当前页码,从0开始,0表示第一页\n\tCurrentPage *int32 `json:\"currentPage,omitempty\"`\n\n\t// 当前页的具体数据列表\n\tResults *[]ListRecordResponseResults `json:\"results,omitempty\"`\n\n\t// 总数据量\n\tTotalElements *int64 `json:\"totalElements,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/list_record_response_results.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ListRecordResponseResultsTypeEnum string\n\n// List of Type\nconst (\n\tListRecordResponseResultsTypeEnumA ListRecordResponseResultsTypeEnum = \"A\"\n\tListRecordResponseResultsTypeEnumAaaa ListRecordResponseResultsTypeEnum = \"AAAA\"\n\tListRecordResponseResultsTypeEnumCaa ListRecordResponseResultsTypeEnum = \"CAA\"\n\tListRecordResponseResultsTypeEnumCmauth ListRecordResponseResultsTypeEnum = \"CMAUTH\"\n\tListRecordResponseResultsTypeEnumCname ListRecordResponseResultsTypeEnum = \"CNAME\"\n\tListRecordResponseResultsTypeEnumMx ListRecordResponseResultsTypeEnum = \"MX\"\n\tListRecordResponseResultsTypeEnumNs ListRecordResponseResultsTypeEnum = \"NS\"\n\tListRecordResponseResultsTypeEnumPtr ListRecordResponseResultsTypeEnum = \"PTR\"\n\tListRecordResponseResultsTypeEnumRp ListRecordResponseResultsTypeEnum = \"RP\"\n\tListRecordResponseResultsTypeEnumSpf ListRecordResponseResultsTypeEnum = \"SPF\"\n\tListRecordResponseResultsTypeEnumSrv ListRecordResponseResultsTypeEnum = \"SRV\"\n\tListRecordResponseResultsTypeEnumTxt ListRecordResponseResultsTypeEnum = \"TXT\"\n\tListRecordResponseResultsTypeEnumUrl ListRecordResponseResultsTypeEnum = \"URL\"\n)\n\ntype ListRecordResponseResultsTimedStatusEnum string\n\n// List of TimedStatus\nconst (\n\tListRecordResponseResultsTimedStatusEnumDisabled ListRecordResponseResultsTimedStatusEnum = \"DISABLED\"\n\tListRecordResponseResultsTimedStatusEnumEnabled ListRecordResponseResultsTimedStatusEnum = \"ENABLED\"\n\tListRecordResponseResultsTimedStatusEnumTimed ListRecordResponseResultsTimedStatusEnum = \"TIMED\"\n)\n\ntype ListRecordResponseResultsStateEnum string\n\n// List of State\nconst (\n\tListRecordResponseResultsStateEnumDisabled ListRecordResponseResultsStateEnum = \"DISABLED\"\n\tListRecordResponseResultsStateEnumEnabled ListRecordResponseResultsStateEnum = \"ENABLED\"\n)\n\ntype ListRecordResponseResults struct {\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 修改时间\n\tModifiedTime string `json:\"modifiedTime,omitempty\"`\n\n\t// 线路中文名\n\tLineZh string `json:\"lineZh,omitempty\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// 权重值\n\tWeight *int32 `json:\"weight,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType ListRecordResponseResultsTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 定时状态\n\tTimedStatus ListRecordResponseResultsTimedStatusEnum `json:\"timedStatus,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName,omitempty\"`\n\n\t// 线路英文名\n\tLineEn string `json:\"lineEn,omitempty\"`\n\n\t// 状态\n\tState ListRecordResponseResultsStateEnum `json:\"state,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n\n\t// 定时发布时间\n\tPubdate string `json:\"pubdate,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype ModifyRecordBodyTypeEnum string\n\n// List of Type\nconst (\n\tModifyRecordBodyTypeEnumA ModifyRecordBodyTypeEnum = \"A\"\n\tModifyRecordBodyTypeEnumAaaa ModifyRecordBodyTypeEnum = \"AAAA\"\n\tModifyRecordBodyTypeEnumCaa ModifyRecordBodyTypeEnum = \"CAA\"\n\tModifyRecordBodyTypeEnumCmauth ModifyRecordBodyTypeEnum = \"CMAUTH\"\n\tModifyRecordBodyTypeEnumCname ModifyRecordBodyTypeEnum = \"CNAME\"\n\tModifyRecordBodyTypeEnumMx ModifyRecordBodyTypeEnum = \"MX\"\n\tModifyRecordBodyTypeEnumNs ModifyRecordBodyTypeEnum = \"NS\"\n\tModifyRecordBodyTypeEnumPtr ModifyRecordBodyTypeEnum = \"PTR\"\n\tModifyRecordBodyTypeEnumRp ModifyRecordBodyTypeEnum = \"RP\"\n\tModifyRecordBodyTypeEnumSpf ModifyRecordBodyTypeEnum = \"SPF\"\n\tModifyRecordBodyTypeEnumSrv ModifyRecordBodyTypeEnum = \"SRV\"\n\tModifyRecordBodyTypeEnumTxt ModifyRecordBodyTypeEnum = \"TXT\"\n\tModifyRecordBodyTypeEnumUrl ModifyRecordBodyTypeEnum = \"URL\"\n)\n\ntype ModifyRecordBody struct {\n\tposition.Body\n\t// 解析记录ID\n\tRecordId string `json:\"recordId\"`\n\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType ModifyRecordBodyTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_openapi_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\nimport (\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/position\"\n)\n\ntype ModifyRecordOpenapiBodyTypeEnum string\n\n// List of Type\nconst (\n\tModifyRecordOpenapiBodyTypeEnumA ModifyRecordOpenapiBodyTypeEnum = \"A\"\n\tModifyRecordOpenapiBodyTypeEnumAaaa ModifyRecordOpenapiBodyTypeEnum = \"AAAA\"\n\tModifyRecordOpenapiBodyTypeEnumCname ModifyRecordOpenapiBodyTypeEnum = \"CNAME\"\n\tModifyRecordOpenapiBodyTypeEnumMx ModifyRecordOpenapiBodyTypeEnum = \"MX\"\n\tModifyRecordOpenapiBodyTypeEnumTxt ModifyRecordOpenapiBodyTypeEnum = \"TXT\"\n\tModifyRecordOpenapiBodyTypeEnumNs ModifyRecordOpenapiBodyTypeEnum = \"NS\"\n\tModifyRecordOpenapiBodyTypeEnumSpf ModifyRecordOpenapiBodyTypeEnum = \"SPF\"\n\tModifyRecordOpenapiBodyTypeEnumSrv ModifyRecordOpenapiBodyTypeEnum = \"SRV\"\n\tModifyRecordOpenapiBodyTypeEnumCaa ModifyRecordOpenapiBodyTypeEnum = \"CAA\"\n\tModifyRecordOpenapiBodyTypeEnumCmauth ModifyRecordOpenapiBodyTypeEnum = \"CMAUTH\"\n)\n\ntype ModifyRecordOpenapiBody struct {\n\tposition.Body\n\t// 解析记录ID\n\tRecordId string `json:\"recordId\"`\n\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType ModifyRecordOpenapiBodyTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_openapi_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ModifyRecordOpenapiRequest struct {\n\tModifyRecordOpenapiBody *ModifyRecordOpenapiBody `json:\"modifyRecordOpenapiBody,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_openapi_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ModifyRecordOpenapiResponseStateEnum string\n\n// List of State\nconst (\n\tModifyRecordOpenapiResponseStateEnumError ModifyRecordOpenapiResponseStateEnum = \"ERROR\"\n\tModifyRecordOpenapiResponseStateEnumException ModifyRecordOpenapiResponseStateEnum = \"EXCEPTION\"\n\tModifyRecordOpenapiResponseStateEnumForbidden ModifyRecordOpenapiResponseStateEnum = \"FORBIDDEN\"\n\tModifyRecordOpenapiResponseStateEnumOk ModifyRecordOpenapiResponseStateEnum = \"OK\"\n)\n\ntype ModifyRecordOpenapiResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState ModifyRecordOpenapiResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *ModifyRecordOpenapiResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_openapi_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ModifyRecordOpenapiResponseBodyTypeEnum string\n\n// List of Type\nconst (\n\tModifyRecordOpenapiResponseBodyTypeEnumA ModifyRecordOpenapiResponseBodyTypeEnum = \"A\"\n\tModifyRecordOpenapiResponseBodyTypeEnumAaaa ModifyRecordOpenapiResponseBodyTypeEnum = \"AAAA\"\n\tModifyRecordOpenapiResponseBodyTypeEnumCname ModifyRecordOpenapiResponseBodyTypeEnum = \"CNAME\"\n\tModifyRecordOpenapiResponseBodyTypeEnumMx ModifyRecordOpenapiResponseBodyTypeEnum = \"MX\"\n\tModifyRecordOpenapiResponseBodyTypeEnumTxt ModifyRecordOpenapiResponseBodyTypeEnum = \"TXT\"\n\tModifyRecordOpenapiResponseBodyTypeEnumNs ModifyRecordOpenapiResponseBodyTypeEnum = \"NS\"\n\tModifyRecordOpenapiResponseBodyTypeEnumSpf ModifyRecordOpenapiResponseBodyTypeEnum = \"SPF\"\n\tModifyRecordOpenapiResponseBodyTypeEnumSrv ModifyRecordOpenapiResponseBodyTypeEnum = \"SRV\"\n\tModifyRecordOpenapiResponseBodyTypeEnumCaa ModifyRecordOpenapiResponseBodyTypeEnum = \"CAA\"\n\tModifyRecordOpenapiResponseBodyTypeEnumCmauth ModifyRecordOpenapiResponseBodyTypeEnum = \"CMAUTH\"\n)\n\ntype ModifyRecordOpenapiResponseBodyTimedStatusEnum string\n\n// List of TimedStatus\nconst (\n\tModifyRecordOpenapiResponseBodyTimedStatusEnumDisabled ModifyRecordOpenapiResponseBodyTimedStatusEnum = \"DISABLED\"\n\tModifyRecordOpenapiResponseBodyTimedStatusEnumEnabled ModifyRecordOpenapiResponseBodyTimedStatusEnum = \"ENABLED\"\n\tModifyRecordOpenapiResponseBodyTimedStatusEnumTimed ModifyRecordOpenapiResponseBodyTimedStatusEnum = \"TIMED\"\n)\n\ntype ModifyRecordOpenapiResponseBodyStateEnum string\n\n// List of State\nconst (\n\tModifyRecordOpenapiResponseBodyStateEnumDisabled ModifyRecordOpenapiResponseBodyStateEnum = \"DISABLED\"\n\tModifyRecordOpenapiResponseBodyStateEnumEnabled ModifyRecordOpenapiResponseBodyStateEnum = \"ENABLED\"\n)\n\ntype ModifyRecordOpenapiResponseBody struct {\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 修改时间\n\tModifiedTime string `json:\"modifiedTime,omitempty\"`\n\n\t// 线路中文名\n\tLineZh string `json:\"lineZh,omitempty\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// 权重值\n\tWeight *int32 `json:\"weight,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType ModifyRecordOpenapiResponseBodyTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 标签\n\tTags *[]ModifyRecordOpenapiResponseTags `json:\"tags,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 定时状态\n\tTimedStatus ModifyRecordOpenapiResponseBodyTimedStatusEnum `json:\"timedStatus,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName,omitempty\"`\n\n\t// 线路英文名\n\tLineEn string `json:\"lineEn,omitempty\"`\n\n\t// 状态\n\tState ModifyRecordOpenapiResponseBodyStateEnum `json:\"state,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n\n\t// 定时发布时间\n\tPubdate string `json:\"pubdate,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_openapi_response_tags.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ModifyRecordOpenapiResponseTags struct {\n\t// 标签ID\n\tTagId string `json:\"tagId,omitempty\"`\n\n\t// 标签名称\n\tValue string `json:\"value,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_request.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ModifyRecordRequest struct {\n\tModifyRecordBody *ModifyRecordBody `json:\"modifyRecordBody,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_response.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ModifyRecordResponseStateEnum string\n\n// List of State\nconst (\n\tModifyRecordResponseStateEnumError ModifyRecordResponseStateEnum = \"ERROR\"\n\tModifyRecordResponseStateEnumException ModifyRecordResponseStateEnum = \"EXCEPTION\"\n\tModifyRecordResponseStateEnumForbidden ModifyRecordResponseStateEnum = \"FORBIDDEN\"\n\tModifyRecordResponseStateEnumOk ModifyRecordResponseStateEnum = \"OK\"\n)\n\ntype ModifyRecordResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\n\tState ModifyRecordResponseStateEnum `json:\"state,omitempty\"`\n\n\tBody *ModifyRecordResponseBody `json:\"body,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkclouddns@v1.0.1/model/modify_record_response_body.go",
"content": "// @Title Golang SDK Client\n// @Description This code is auto generated\n// @Author Ecloud SDK\n\npackage model\n\ntype ModifyRecordResponseBodyTypeEnum string\n\n// List of Type\nconst (\n\tModifyRecordResponseBodyTypeEnumA ModifyRecordResponseBodyTypeEnum = \"A\"\n\tModifyRecordResponseBodyTypeEnumAaaa ModifyRecordResponseBodyTypeEnum = \"AAAA\"\n\tModifyRecordResponseBodyTypeEnumCaa ModifyRecordResponseBodyTypeEnum = \"CAA\"\n\tModifyRecordResponseBodyTypeEnumCmauth ModifyRecordResponseBodyTypeEnum = \"CMAUTH\"\n\tModifyRecordResponseBodyTypeEnumCname ModifyRecordResponseBodyTypeEnum = \"CNAME\"\n\tModifyRecordResponseBodyTypeEnumMx ModifyRecordResponseBodyTypeEnum = \"MX\"\n\tModifyRecordResponseBodyTypeEnumNs ModifyRecordResponseBodyTypeEnum = \"NS\"\n\tModifyRecordResponseBodyTypeEnumPtr ModifyRecordResponseBodyTypeEnum = \"PTR\"\n\tModifyRecordResponseBodyTypeEnumRp ModifyRecordResponseBodyTypeEnum = \"RP\"\n\tModifyRecordResponseBodyTypeEnumSpf ModifyRecordResponseBodyTypeEnum = \"SPF\"\n\tModifyRecordResponseBodyTypeEnumSrv ModifyRecordResponseBodyTypeEnum = \"SRV\"\n\tModifyRecordResponseBodyTypeEnumTxt ModifyRecordResponseBodyTypeEnum = \"TXT\"\n\tModifyRecordResponseBodyTypeEnumUrl ModifyRecordResponseBodyTypeEnum = \"URL\"\n)\n\ntype ModifyRecordResponseBodyStateEnum string\n\n// List of State\nconst (\n\tModifyRecordResponseBodyStateEnumDisabled ModifyRecordResponseBodyStateEnum = \"DISABLED\"\n\tModifyRecordResponseBodyStateEnumEnabled ModifyRecordResponseBodyStateEnum = \"ENABLED\"\n)\n\ntype ModifyRecordResponseBody struct {\n\t// 主机头\n\tRr string `json:\"rr,omitempty\"`\n\n\t// 修改时间\n\tModifiedTime string `json:\"modifiedTime,omitempty\"`\n\n\t// 线路中文名\n\tLineZh string `json:\"lineZh,omitempty\"`\n\n\t// 备注\n\tDescription string `json:\"description,omitempty\"`\n\n\t// 线路ID\n\tLineId string `json:\"lineId,omitempty\"`\n\n\t// 权重值\n\tWeight *int32 `json:\"weight,omitempty\"`\n\n\t// MX优先级\n\tMxPri *int32 `json:\"mxPri,omitempty\"`\n\n\t// 记录类型\n\tType ModifyRecordResponseBodyTypeEnum `json:\"type,omitempty\"`\n\n\t// 缓存的生命周期\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\n\t// 解析记录ID\n\tRecordId string `json:\"recordId,omitempty\"`\n\n\t// 域名名称\n\tDomainName string `json:\"domainName,omitempty\"`\n\n\t// 线路英文名\n\tLineEn string `json:\"lineEn,omitempty\"`\n\n\t// 状态\n\tState ModifyRecordResponseBodyStateEnum `json:\"state,omitempty\"`\n\n\t// 记录值\n\tValue string `json:\"value,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/api_client.go",
"content": "package ecloudsdkcore\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"encoding/xml\"\n\t\"errors\"\n\t\"fmt\"\n\t\"io\"\n\t\"io/ioutil\"\n\t\"mime/multipart\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"os\"\n\t\"path/filepath\"\n\t\"reflect\"\n\t\"regexp\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\t\"unicode/utf8\"\n\n\t\"gitlab.ecloud.com/ecloud/ecloudsdkcore/config\"\n)\n\nvar (\n\tjsonCheck = regexp.MustCompile(\"(?i:(?:application|text)/json)\")\n\txmlCheck = regexp.MustCompile(\"(?i:(?:application|text)/xml)\")\n)\n\n// APIClient manages communication\n// In most cases there should be only one, shared, APIClient.\ntype APIClient struct {\n\tcfg *Configuration\n\tcommon service\n}\n\ntype service struct {\n\tclient *APIClient\n}\n\ntype HttpRequestPosition string\n\nconst (\n\tBODY HttpRequestPosition = \"Body\"\n\tQUERY HttpRequestPosition = \"Query\"\n\tPATH HttpRequestPosition = \"Path\"\n\tHEADER HttpRequestPosition = \"Header\"\n)\n\nconst (\n\tSdkPortalUrl = \"/op-apim-portal/apim/request/sdk\"\n\tSdkPortalGatewayUrl = \"/api/query/openapi/apim/request/sdk\"\n)\n\n// NewAPIClient creates a new API client.\nfunc NewAPIClient() *APIClient {\n\tcfg := NewConfiguration()\n\tif cfg.HTTPClient == nil {\n\t\tcfg.HTTPClient = http.DefaultClient\n\t}\n\tc := &APIClient{}\n\tc.cfg = cfg\n\tc.common.client = c\n\treturn c\n}\n\n// atoi string to int\nfunc atoi(in string) (int, error) {\n\treturn strconv.Atoi(in)\n}\n\n// selectHeaderContentType select a content type from the available list.\nfunc selectHeaderContentType(contentTypes []string) string {\n\tif len(contentTypes) == 0 {\n\t\treturn \"\"\n\t}\n\tif contains(contentTypes, \"application/json\") {\n\t\treturn \"application/json\"\n\t}\n\treturn contentTypes[0]\n}\n\n// selectHeaderAccept join all accept types and return\nfunc selectHeaderAccept(accepts []string) string {\n\tif len(accepts) == 0 {\n\t\treturn \"\"\n\t}\n\n\tif contains(accepts, \"application/json\") {\n\t\treturn \"application/json\"\n\t}\n\n\treturn strings.Join(accepts, \",\")\n}\n\n// contains is a case insenstive match, finding needle in a haystack\nfunc contains(haystack []string, needle string) bool {\n\tfor _, a := range haystack {\n\t\tif strings.ToLower(a) == strings.ToLower(needle) {\n\t\t\treturn true\n\t\t}\n\t}\n\treturn false\n}\n\n// Verify optional parameters are of the correct type.\nfunc typeCheckParameter(obj interface{}, expected string, name string) error {\n\tif obj == nil {\n\t\treturn nil\n\t}\n\tif reflect.TypeOf(obj).String() != expected {\n\t\treturn fmt.Errorf(\"Expected %s to be of type %s but received %s.\", name, expected, reflect.TypeOf(obj).String())\n\t}\n\treturn nil\n}\n\n// parameterToString convert interface{} parameters to string, using a delimiter if format is provided.\nfunc parameterToString(obj interface{}, collectionFormat string, request HttpRequest) (*http.Request, string) {\n\tvar delimiter string\n\n\tswitch collectionFormat {\n\tcase \"pipes\":\n\t\tdelimiter = \"|\"\n\tcase \"ssv\":\n\t\tdelimiter = \" \"\n\tcase \"tsv\":\n\t\tdelimiter = \"\\t\"\n\tcase \"csv\":\n\t\tdelimiter = \",\"\n\t}\n\n\tif reflect.TypeOf(obj).Kind() == reflect.Slice {\n\t\treturn nil, strings.Trim(strings.Replace(fmt.Sprint(obj), \" \", delimiter, -1), \"[]\")\n\t}\n\n\treturn nil, fmt.Sprintf(\"%v\", obj)\n}\n\n// Excute entry for http call\nfunc (c *APIClient) Excute(httpRequest *HttpRequest, config *config.Config, returnType interface{}) (*http.Response, error) {\n\thttpRequest = buildHttpRequest(httpRequest, config)\n\trequest := buildCall(httpRequest)\n\thttpResponse, err := c.callAPI(request)\n\tif err != nil || httpResponse == nil {\n\t\treturn nil, err\n\t}\n\n\tresponseBody, err := ioutil.ReadAll(httpResponse.Body)\n\thttpResponse.Body.Close()\n\tif err != nil {\n\t\treturn httpResponse, err\n\t}\n\n\tif httpResponse.StatusCode < 300 {\n\t\t// If we succeed, return the data, otherwise pass on to decode error.\n\t\terr = c.decode(&returnType, responseBody, httpResponse.Header.Get(\"Content-Type\"))\n\t\tif err != nil {\n\t\t\treturn httpResponse, fmt.Errorf(\"%w, response body is: %s\", err, string(responseBody))\n\t\t}\n\t\treturn httpResponse, nil\n\t}\n\n\tif httpResponse.StatusCode >= 300 {\n\t\tnewErr := GenericResponseError{\n\t\t\tbody: responseBody,\n\t\t\terror: httpResponse.Status,\n\t\t}\n\t\treturn httpResponse, newErr\n\t}\n\treturn httpResponse, err\n}\n\n// callAPI do the request.\nfunc (c *APIClient) callAPI(request *http.Request) (*http.Response, error) {\n\treturn c.cfg.HTTPClient.Do(request)\n}\n\n// ChangeBasePath Change base path to allow switching to mocks\nfunc (c *APIClient) ChangeBasePath(path string) {\n\tc.cfg.BasePath = path\n}\n\n// buildHttpRequest build the request\nfunc buildHttpRequest(httpRequest *HttpRequest, config *config.Config) *HttpRequest {\n\topenApiRequest := &OpenApiRequest{\n\t\tAccessKey: config.AccessKey,\n\t\tSecretKey: config.SecretKey,\n\t\tPoolId: config.PoolId,\n\t\tApi: httpRequest.Action,\n\t\tProduct: httpRequest.Product,\n\t\tVersion: httpRequest.Version,\n\t\tSdkVersion: httpRequest.SdkVersion,\n\t\tLanguage: \"Golang\",\n\t}\n\tif httpRequest.Body != nil {\n\t\treqType := reflect.TypeOf(httpRequest.Body)\n\t\tif reqType.Kind() == reflect.Ptr {\n\t\t\treqType = reqType.Elem()\n\t\t}\n\t\tv := reflect.ValueOf(httpRequest.Body)\n\t\tif v.Kind() == reflect.Ptr {\n\t\t\tv = v.Elem()\n\t\t}\n\t\tflag := false\n\t\tfor i := 0; i < reqType.NumField(); i++ {\n\t\t\tfieldType := reqType.Field(i)\n\t\t\tvalue := v.FieldByName(fieldType.Name)\n\t\t\tif value.Kind() == reflect.Ptr {\n\t\t\t\tif value.IsNil() {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\t\t\t\tvalue = value.Elem()\n\n\t\t\t}\n\t\t\tpropertyType := fieldType.Type\n\t\t\tif propertyType.Kind() == reflect.Ptr {\n\t\t\t\tpropertyType = propertyType.Elem()\n\t\t\t}\n\n\t\t\t_, flag = propertyType.FieldByName(string(BODY))\n\t\t\tif flag {\n\t\t\t\topenApiRequest.BodyParameter = value.Interface()\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\t_, flag = propertyType.FieldByName(string(HEADER))\n\t\t\tif flag {\n\t\t\t\topenApiRequest.HeaderParameter = structToMap(value.Interface())\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\t_, flag = propertyType.FieldByName(string(QUERY))\n\t\t\tif flag {\n\t\t\t\topenApiRequest.QueryParameter = structToMap(value.Interface())\n\t\t\t\tcontinue\n\t\t\t}\n\t\t\t_, flag = propertyType.FieldByName(string(PATH))\n\t\t\tif flag {\n\t\t\t\topenApiRequest.PathParameter = structToMap(value.Interface())\n\t\t\t\tcontinue\n\t\t\t}\n\t\t}\n\t}\n\theaders := make(map[string]interface{})\n\tif httpRequest.HeaderParams != nil {\n\t\tif openApiRequest.HeaderParameter == nil {\n\t\t\theaders = httpRequest.HeaderParams\n\t\t} else {\n\t\t\theaders = mergeMap(openApiRequest.HeaderParameter, httpRequest.HeaderParams)\n\t\t}\n\t\topenApiRequest.HeaderParameter = headers\n\t}\n\thttpRequest.Body = openApiRequest\n\treturn httpRequest\n}\n\n// mergeMap merge the two map results\nfunc mergeMap(mObj ...map[string]interface{}) map[string]interface{} {\n\tnewMap := map[string]interface{}{}\n\tfor _, m := range mObj {\n\t\tfor k, v := range m {\n\t\t\tnewMap[k] = v\n\t\t}\n\t}\n\treturn newMap\n}\n\n// structToMap struct convert to map\nfunc structToMap(value interface{}) map[string]interface{} {\n\tdata, _ := json.Marshal(value)\n\tresult := make(map[string]interface{})\n\tjson.Unmarshal(data, &result)\n\treturn result\n}\n\nfunc buildCall(httpRequest *HttpRequest) (request *http.Request) {\n\turl := \"\"\n\tif len(httpRequest.Url) > 0 {\n\t\turl = httpRequest.Url + SdkPortalUrl\n\t} else {\n\t\turl = httpRequest.DefaultUrl + SdkPortalGatewayUrl\n\t}\n\trequest, _ = prepareRequest(url, \"POST\", httpRequest.Body)\n\treturn request\n}\n\n// prepareRequest build the request\nfunc prepareRequest(path string, method string,\n\tpostBody interface{},\n) (httpRequest *http.Request, err error) {\n\tvar body *bytes.Buffer\n\n\t// Detect postBody type and post.\n\tif postBody != nil {\n\t\tcontentType := detectContentType(postBody)\n\t\tbody, err = setBody(postBody, contentType)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t}\n\n\t// Setup path and query parameters\n\turl, err := url.Parse(path)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// Generate a new request\n\tif body != nil {\n\t\thttpRequest, err = http.NewRequest(method, url.String(), body)\n\t} else {\n\t\thttpRequest, err = http.NewRequest(method, url.String(), nil)\n\t}\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\t// add default header parameters\n\thttpRequest.Header.Add(\"Content-Type\", \"application/json\")\n\treturn httpRequest, nil\n}\n\nfunc (c *APIClient) decode(v interface{}, b []byte, contentType string) (err error) {\n\tif strings.Contains(contentType, \"application/xml\") {\n\t\tif err = xml.Unmarshal(b, v); err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t} else if strings.Contains(contentType, \"application/json\") {\n\t\tplatformResponse := &APIPlatformResponse{}\n\t\tif err = json.Unmarshal(b, platformResponse); err != nil {\n\t\t\tnewErr := GenericResponseError{\n\t\t\t\tbody: b,\n\t\t\t\terror: err.Error(),\n\t\t\t}\n\t\t\treturn newErr\n\t\t}\n\t\tplatformResponseBodyBytes, _ := json.Marshal(platformResponse.Body)\n\t\tplatformResponseBody := &APIPlatformResponseBody{}\n\t\tif err = json.Unmarshal(platformResponseBodyBytes, platformResponseBody); err != nil {\n\t\t\treturn err\n\t\t}\n\t\t/*\n\t\t\t找到两层指针指向的元素\n\t\t*/\n\t\tvalue := reflect.ValueOf(v).Elem().Elem()\n\n\t\tif !value.IsNil() {\n\t\t\tstructValue := value.Elem()\n\t\t\tif structValue.NumField() == 1 && structValue.Field(0).Kind() == reflect.String {\n\t\t\t\tn := len(platformResponseBody.ResponseBody)\n\t\t\t\tstructValue.Field(0).SetString(platformResponseBody.ResponseBody[1 : n-1])\n\t\t\t\treturn nil\n\t\t\t}\n\t\t}\n\n\t\tif err = json.Unmarshal([]byte(platformResponseBody.ResponseBody), v); err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t}\n\treturn errors.New(\"undefined response type\")\n}\n\n// Add a file to the multipart request\nfunc addFile(w *multipart.Writer, fieldName, path string) error {\n\tfile, err := os.Open(path)\n\tif err != nil {\n\t\treturn err\n\t}\n\tdefer file.Close()\n\n\tpart, err := w.CreateFormFile(fieldName, filepath.Base(path))\n\tif err != nil {\n\t\treturn err\n\t}\n\t_, err = io.Copy(part, file)\n\n\treturn err\n}\n\n// Prevent trying to import \"fmt\"\nfunc reportError(format string, a ...interface{}) error {\n\treturn fmt.Errorf(format, a...)\n}\n\n// Set request body from an interface{}\nfunc setBody(body interface{}, contentType string) (bodyBuf *bytes.Buffer, err error) {\n\tif bodyBuf == nil {\n\t\tbodyBuf = &bytes.Buffer{}\n\t}\n\tif reader, ok := body.(io.Reader); ok {\n\t\t_, err = bodyBuf.ReadFrom(reader)\n\t} else if b, ok := body.([]byte); ok {\n\t\t_, err = bodyBuf.Write(b)\n\t} else if s, ok := body.(string); ok {\n\t\t_, err = bodyBuf.WriteString(s)\n\t} else if s, ok := body.(*string); ok {\n\t\t_, err = bodyBuf.WriteString(*s)\n\t} else if jsonCheck.MatchString(contentType) {\n\t\terr = json.NewEncoder(bodyBuf).Encode(body)\n\t} else if xmlCheck.MatchString(contentType) {\n\t\txml.NewEncoder(bodyBuf).Encode(body)\n\t}\n\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif bodyBuf.Len() == 0 {\n\t\terr = fmt.Errorf(\"Invalid body type %s\\n\", contentType)\n\t\treturn nil, err\n\t}\n\treturn bodyBuf, nil\n}\n\n// detectContentType method is used to figure out `Request.Body` content type for request header\nfunc detectContentType(body interface{}) string {\n\tcontentType := \"text/plain; charset=utf-8\"\n\tkind := reflect.TypeOf(body).Kind()\n\n\tswitch kind {\n\tcase reflect.Struct, reflect.Map, reflect.Ptr:\n\t\tcontentType = \"application/json; charset=utf-8\"\n\tcase reflect.String:\n\t\tcontentType = \"text/plain; charset=utf-8\"\n\tdefault:\n\t\tif b, ok := body.([]byte); ok {\n\t\t\tcontentType = http.DetectContentType(b)\n\t\t} else if kind == reflect.Slice {\n\t\t\tcontentType = \"application/json; charset=utf-8\"\n\t\t}\n\t}\n\n\treturn contentType\n}\n\ntype cacheControl map[string]string\n\nfunc parseCacheControl(headers http.Header) cacheControl {\n\tcc := cacheControl{}\n\tccHeader := headers.Get(\"Cache-Control\")\n\tfor _, part := range strings.Split(ccHeader, \",\") {\n\t\tpart = strings.Trim(part, \" \")\n\t\tif part == \"\" {\n\t\t\tcontinue\n\t\t}\n\t\tif strings.ContainsRune(part, '=') {\n\t\t\tkeyval := strings.Split(part, \"=\")\n\t\t\tcc[strings.Trim(keyval[0], \" \")] = strings.Trim(keyval[1], \",\")\n\t\t} else {\n\t\t\tcc[part] = \"\"\n\t\t}\n\t}\n\treturn cc\n}\n\n// CacheExpires helper function to determine remaining time before repeating a request.\nfunc CacheExpires(r *http.Response) time.Time {\n\t// Figure out when the cache expires.\n\tvar expires time.Time\n\tnow, err := time.Parse(time.RFC1123, r.Header.Get(\"date\"))\n\tif err != nil {\n\t\treturn time.Now()\n\t}\n\trespCacheControl := parseCacheControl(r.Header)\n\n\tif maxAge, ok := respCacheControl[\"max-age\"]; ok {\n\t\tlifetime, err := time.ParseDuration(maxAge + \"s\")\n\t\tif err != nil {\n\t\t\texpires = now\n\t\t}\n\t\texpires = now.Add(lifetime)\n\t} else {\n\t\texpiresHeader := r.Header.Get(\"Expires\")\n\t\tif expiresHeader != \"\" {\n\t\t\texpires, err = time.Parse(time.RFC1123, expiresHeader)\n\t\t\tif err != nil {\n\t\t\t\texpires = now\n\t\t\t}\n\t\t}\n\t}\n\treturn expires\n}\n\nfunc strlen(s string) int {\n\treturn utf8.RuneCountInString(s)\n}\n\n// GenericResponseError Provides access to the body, error and model on returned errors.\ntype GenericResponseError struct {\n\tbody []byte\n\terror string\n\tmodel interface{}\n}\n\n// Error returns non-empty string if there was an error.\nfunc (e GenericResponseError) Error() string {\n\treturn e.error\n}\n\n// Body returns the raw bytes of the response\nfunc (e GenericResponseError) Body() []byte {\n\treturn e.body\n}\n\n// Model returns the unpacked model of the error\nfunc (e GenericResponseError) Model() interface{} {\n\treturn e.model\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/api_response.go",
"content": "package ecloudsdkcore\n\nimport (\n\t\"net/http\"\n)\n\ntype ReturnState string\n\nconst (\n\tOK ReturnState = \"OK\"\n\tERROR ReturnState = \"ERROR\"\n\tEXCEPTION ReturnState = \"EXCEPTION\"\n\tALARM ReturnState = \"ALARM\"\n\tFORBIDDEN ReturnState = \"FORBIDDEN\"\n)\n\ntype APIResponse struct {\n\t*http.Response `json:\"-\"`\n\tMessage string `json:\"message,omitempty\"`\n\t// Operation is the name of the swagger operation.\n\tOperation string `json:\"operation,omitempty\"`\n\t// RequestURL is the request URL. This value is always available, even if the\n\t// embedded *http.Response is nil.\n\tRequestURL string `json:\"url,omitempty\"`\n\t// Method is the HTTP method used for the request. This value is always\n\t// available, even if the embedded *http.Response is nil.\n\tMethod string `json:\"method,omitempty\"`\n\t// Payload holds the contents of the response body (which may be nil or empty).\n\t// This is provided here as the raw response.Body() reader will have already\n\t// been drained.\n\tPayload []byte `json:\"-\"`\n}\n\ntype APIPlatformResponse struct {\n\tRequestId string `json:\"requestId,omitempty\"`\n\tState ReturnState `json:\"state,omitempty\"`\n\tBody interface{} `json:\"body,omitempty\"`\n\tErrorCode string `json:\"errorCode,omitempty\"`\n\tErrorParams []string `json:\"errorParams,omitempty\"`\n\tErrorMessage string `json:\"errorMessage,omitempty\"`\n}\n\ntype APIPlatformResponseBody struct {\n\t// TimeConsuming int64 `json:\"timeConsuming,omitempty\"`\n\tResponseBody string `json:\"responseBody,omitempty\"`\n\tRequestHeader map[string]interface{} `json:\"requestHeader,omitempty\"`\n\tResponseHeader map[string]interface{} `json:\"responseHeader,omitempty\"`\n\tResponseMessage string `json:\"responseMessage,omitempty\"`\n\tStatusCode int `json:\"statusCode,omitempty\"`\n\tHttpMethod string `json:\"httpMethod,omitempty\"`\n\tRequestUrl string `json:\"requestUrl,omitempty\"`\n}\n\nfunc NewAPIResponse(r *http.Response) *APIResponse {\n\tresponse := &APIResponse{Response: r}\n\treturn response\n}\n\nfunc NewAPIResponseWithError(errorMessage string) *APIResponse {\n\tresponse := &APIResponse{Message: errorMessage}\n\treturn response\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/config/config.go",
"content": "package config\n\ntype Config struct {\n\tAccessKey string `json:\"accessKey,string\"`\n\tSecretKey string `json:\"secretKey,string\"`\n\tPoolId string `json:\"poolId,string\"`\n\tReadTimeOut int `json:\"readTimeOut,int\"`\n\tConnectTimeout int `json:\"connectTimeout,int\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/configuration.go",
"content": "package ecloudsdkcore\n\nimport (\n\t\"net/http\"\n)\n\ntype APIKey struct {\n\tKey string\n\tPrefix string\n}\n\ntype Configuration struct {\n\tBasePath string `json:\"basePath,omitempty\"`\n\tHost string `json:\"host,omitempty\"`\n\tScheme string `json:\"scheme,omitempty\"`\n\tDefaultHeader map[string]string `json:\"defaultHeader,omitempty\"`\n\tUserAgent string `json:\"userAgent,omitempty\"`\n\tHTTPClient *http.Client\n}\n\nfunc NewConfiguration() *Configuration {\n\tcfg := &Configuration{\n\t\tBasePath: \"https://ecloud.10086.cn/\",\n\t\tDefaultHeader: make(map[string]string),\n\t\tUserAgent: \"Ecloud-SDK/1.0.0/go\",\n\t}\n\treturn cfg\n}\n\nfunc (c *Configuration) AddDefaultHeader(key string, value string) {\n\tc.DefaultHeader[key] = value\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/go.mod",
"content": "module gitlab.ecloud.com/ecloud/ecloudsdkcore\n\ngo 1.14\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/http_request.go",
"content": "package ecloudsdkcore\n\ntype HttpRequest struct {\n\tUrl string `json:\"url,omitempty\"`\n\tDefaultUrl string `json:\"defaultUrl,omitempty\"`\n\tMethod string `json:\"method,omitempty\"`\n\tAction string `json:\"action,omitempty\"`\n\tProduct string `json:\"product,omitempty\"`\n\tVersion string `json:\"version,omitempty\"`\n\tSdkVersion string `json:\"sdkVersion,omitempty\"`\n\tBody interface{} `json:\"body,omitempty\"`\n\tPathParams map[string]interface{} `json:\"pathParams,omitempty\"`\n\tQueryParams map[string]interface{} `json:\"queryParams,omitempty\"`\n\tHeaderParams map[string]interface{} `json:\"headerParams,omitempty\"`\n}\n\nfunc NewDefaultHttpRequest() *HttpRequest {\n\treturn &HttpRequest{\n\t\tDefaultUrl: \"https://ecloud.10086.cn\",\n\t\tMethod: \"POST\",\n\t}\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/open_api_request.go",
"content": "package ecloudsdkcore\n\ntype OpenApiRequest struct {\n\tProduct string `json:\"product,omitempty\"`\n\tVersion string `json:\"version,omitempty\"`\n\tSdkVersion string `json:\"sdkVersion,omitempty\"`\n\tLanguage string `json:\"language,omitempty\"`\n\tApi string `json:\"api,omitempty\"`\n\tPoolId string `json:\"poolId,omitempty\"`\n\tHeaderParameter map[string]interface{} `json:\"headerParameter,omitempty\"`\n\tPathParameter map[string]interface{} `json:\"pathParameter,omitempty\"`\n\tQueryParameter map[string]interface{} `json:\"queryParameter,omitempty\"`\n\tBodyParameter interface{} `json:\"bodyParameter,omitempty\"`\n\tAccessKey string `json:\"accessKey,omitempty\"`\n\tSecretKey string `json:\"secretKey,omitempty\"`\n}\n"
},
{
"path": "pkg/forks/gitlab.ecloud.com/ecloud/ecloudsdkcore@v1.0.0/position/http_position.go",
"content": "package position\n\ntype Body struct{}\n\ntype Query struct{}\n\ntype Path struct{}\n\ntype Header struct{}\n"
},
{
"path": "pkg/logging/handler.go",
"content": "package logging\n\nimport (\n\t\"context\"\n\t\"log/slog\"\n\t\"sync\"\n)\n\ntype HookHandlerOptions struct {\n\tLevel slog.Leveler\n\tWriteFunc func(ctx context.Context, record Record) error\n}\n\nvar _ slog.Handler = (*HookHandler)(nil)\n\ntype HookHandler struct {\n\tmutex *sync.Mutex\n\tparent *HookHandler\n\toptions *HookHandlerOptions\n\tgroup string\n\tattrs []slog.Attr\n}\n\nfunc NewHookHandler(opts *HookHandlerOptions) *HookHandler {\n\tif opts == nil {\n\t\topts = &HookHandlerOptions{}\n\t}\n\n\th := &HookHandler{\n\t\tmutex: &sync.Mutex{},\n\t\toptions: opts,\n\t}\n\n\tif h.options.WriteFunc == nil {\n\t\tpanic(\"the `options.WriteFunc` is nil\")\n\t}\n\n\tif h.options.Level == nil {\n\t\th.options.Level = slog.LevelInfo\n\t}\n\n\treturn h\n}\n\nfunc (h *HookHandler) Enabled(ctx context.Context, level slog.Level) bool {\n\treturn level >= h.options.Level.Level()\n}\n\nfunc (h *HookHandler) WithGroup(name string) slog.Handler {\n\tif name == \"\" {\n\t\treturn h\n\t}\n\n\treturn &HookHandler{\n\t\tparent: h,\n\t\tmutex: h.mutex,\n\t\toptions: h.options,\n\t\tgroup: name,\n\t}\n}\n\nfunc (h *HookHandler) WithAttrs(attrs []slog.Attr) slog.Handler {\n\tif len(attrs) == 0 {\n\t\treturn h\n\t}\n\n\treturn &HookHandler{\n\t\tparent: h,\n\t\tmutex: h.mutex,\n\t\toptions: h.options,\n\t\tattrs: attrs,\n\t}\n}\n\nfunc (h *HookHandler) Handle(ctx context.Context, r slog.Record) error {\n\tif h.group != \"\" {\n\t\th.mutex.Lock()\n\t\tattrs := make([]any, 0, len(h.attrs)+r.NumAttrs())\n\t\tfor _, a := range h.attrs {\n\t\t\tattrs = append(attrs, a)\n\t\t}\n\t\th.mutex.Unlock()\n\n\t\tr.Attrs(func(a slog.Attr) bool {\n\t\t\tattrs = append(attrs, a)\n\t\t\treturn true\n\t\t})\n\n\t\tr = slog.NewRecord(r.Time, r.Level, r.Message, r.PC)\n\t\tr.AddAttrs(slog.Group(h.group, attrs...))\n\t} else if len(h.attrs) > 0 {\n\t\tr = r.Clone()\n\n\t\th.mutex.Lock()\n\t\tr.AddAttrs(h.attrs...)\n\t\th.mutex.Unlock()\n\t}\n\n\tif h.parent != nil {\n\t\treturn h.parent.Handle(ctx, r)\n\t}\n\n\tif err := h.writeRecord(ctx, Record{Record: r}); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n\nfunc (h *HookHandler) SetLevel(level slog.Level) {\n\th.mutex.Lock()\n\th.options.Level = level\n\th.mutex.Unlock()\n}\n\nfunc (h *HookHandler) writeRecord(ctx context.Context, r Record) error {\n\tif h.parent != nil {\n\t\treturn h.parent.writeRecord(ctx, r)\n\t}\n\n\treturn h.options.WriteFunc(ctx, r)\n}\n"
},
{
"path": "pkg/logging/record.go",
"content": "package logging\n\nimport (\n\t\"log/slog\"\n\n\ttypes \"github.com/pocketbase/pocketbase/tools/types\"\n)\n\ntype Record struct {\n\tslog.Record\n}\n\nfunc (r Record) Data() types.JSONMap[any] {\n\tdata := make(map[string]any, r.NumAttrs())\n\n\tr.Attrs(func(a slog.Attr) bool {\n\t\tif err := r.resolveAttr(data, a); err != nil {\n\t\t\treturn false\n\t\t}\n\t\treturn true\n\t})\n\n\treturn types.JSONMap[any](data)\n}\n\nfunc (r Record) resolveAttr(data map[string]any, attr slog.Attr) error {\n\tattr.Value = attr.Value.Resolve()\n\n\tif attr.Equal(slog.Attr{}) {\n\t\treturn nil\n\t}\n\n\tswitch attr.Value.Kind() {\n\tcase slog.KindGroup:\n\t\t{\n\t\t\tattrs := attr.Value.Group()\n\t\t\tif len(attrs) == 0 {\n\t\t\t\treturn nil\n\t\t\t}\n\n\t\t\tgroupData := make(map[string]any, len(attrs))\n\n\t\t\tfor _, subAttr := range attrs {\n\t\t\t\tr.resolveAttr(groupData, subAttr)\n\t\t\t}\n\n\t\t\tif len(groupData) > 0 {\n\t\t\t\tdata[attr.Key] = groupData\n\t\t\t}\n\t\t}\n\n\tdefault:\n\t\t{\n\t\t\tswitch v := attr.Value.Any().(type) {\n\t\t\tcase error:\n\t\t\t\tdata[attr.Key] = v.Error()\n\t\t\tdefault:\n\t\t\t\tdata[attr.Key] = v\n\t\t\t}\n\t\t}\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_settings_ssl_update.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SettingsSSLUpdateRequest struct {\n\tCert string `json:\"cert\"`\n\tKey string `json:\"key\"`\n\tSSLType string `json:\"sslType\"`\n\tSSL string `json:\"ssl\"`\n\tSSLID int64 `json:\"sslID\"`\n\tAutoRestart string `json:\"autoRestart\"`\n}\n\ntype SettingsSSLUpdateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SettingsSSLUpdate(req *SettingsSSLUpdateRequest) (*SettingsSSLUpdateResponse, error) {\n\treturn c.SettingsSSLUpdateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SettingsSSLUpdateWithContext(ctx context.Context, req *SettingsSSLUpdateRequest) (*SettingsSSLUpdateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/settings/ssl/update\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SettingsSSLUpdateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_website_get.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteGetRequest struct {\n\tName string `json:\"name\"`\n\tType string `json:\"type\"`\n\tPage int32 `json:\"page\"`\n\tPageSize int32 `json:\"pageSize\"`\n}\n\ntype WebsiteGetResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tID int64 `json:\"id\"`\n\t\tAlias string `json:\"alias\"`\n\t\tPrimaryDomain string `json:\"primaryDomain\"`\n\t\tProtocol string `json:\"protocol\"`\n\t\tType string `json:\"type\"`\n\t\tStatus string `json:\"status\"`\n\t\tSitePath string `json:\"sitePath\"`\n\t\tRemark string `json:\"remark\"`\n\t\tDomains []*struct {\n\t\t\tID int64 `json:\"id\"`\n\t\t\tDomain string `json:\"domain\"`\n\t\t\tPort int32 `json:\"port\"`\n\t\t\tSSL bool `json:\"ssl\"`\n\t\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\t\tCreatedAt string `json:\"createdAt\"`\n\t\t} `json:\"domains\"`\n\t\tWebsiteSSLId int64 `json:\"webSiteSSLId\"`\n\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\tCreatedAt string `json:\"createdAt\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteGet(websiteId int64) (*WebsiteGetResponse, error) {\n\treturn c.WebsiteGetWithContext(context.Background(), websiteId)\n}\n\nfunc (c *Client) WebsiteGetWithContext(ctx context.Context, websiteId int64) (*WebsiteGetResponse, error) {\n\tif websiteId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset websiteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/websites/%d\", websiteId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_website_https_get.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteHttpsGetResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tEnable bool `json:\"enable\"`\n\t\tWebsiteSSLID int64 `json:\"websiteSSLId\"`\n\t\tHttpConfig string `json:\"httpConfig\"`\n\t\tSSLProtocol []string `json:\"SSLProtocol\"`\n\t\tAlgorithm string `json:\"algorithm\"`\n\t\tHsts bool `json:\"hsts\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteHttpsGet(websiteId int64) (*WebsiteHttpsGetResponse, error) {\n\treturn c.WebsiteHttpsGetWithContext(context.Background(), websiteId)\n}\n\nfunc (c *Client) WebsiteHttpsGetWithContext(ctx context.Context, websiteId int64) (*WebsiteHttpsGetResponse, error) {\n\tif websiteId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset websiteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/websites/%d/https\", websiteId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteHttpsGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_website_https_post.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteHttpsPostRequest struct {\n\tWebsiteID int64 `json:\"websiteId\"`\n\tEnable bool `json:\"enable\"`\n\tType string `json:\"type\"`\n\tWebsiteSSLID int64 `json:\"websiteSSLId\"`\n\tHttpConfig string `json:\"httpConfig\"`\n\tSSLProtocol []string `json:\"SSLProtocol\"`\n\tAlgorithm string `json:\"algorithm\"`\n\tHsts bool `json:\"hsts\"`\n}\n\ntype WebsiteHttpsPostResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) WebsiteHttpsPost(websiteId int64, req *WebsiteHttpsPostRequest) (*WebsiteHttpsPostResponse, error) {\n\treturn c.WebsiteHttpsPostWithContext(context.Background(), websiteId, req)\n}\n\nfunc (c *Client) WebsiteHttpsPostWithContext(ctx context.Context, websiteId int64, req *WebsiteHttpsPostRequest) (*WebsiteHttpsPostResponse, error) {\n\tif websiteId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset websiteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/websites/%d/https\", websiteId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treq.WebsiteID = websiteId\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteHttpsPostResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_website_search.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype WebsiteSearchRequest struct {\n\tName string `json:\"name\"`\n\tType string `json:\"type\"`\n\tOrder string `json:\"order\"`\n\tOrderBy string `json:\"orderBy\"`\n\tPage int32 `json:\"page\"`\n\tPageSize int32 `json:\"pageSize\"`\n}\n\ntype WebsiteSearchResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tItems []*struct {\n\t\t\tID int64 `json:\"id\"`\n\t\t\tAlias string `json:\"alias\"`\n\t\t\tPrimaryDomain string `json:\"primaryDomain\"`\n\t\t\tProtocol string `json:\"protocol\"`\n\t\t\tType string `json:\"type\"`\n\t\t\tStatus string `json:\"status\"`\n\t\t\tSitePath string `json:\"sitePath\"`\n\t\t\tRemark string `json:\"remark\"`\n\t\t\tSSLStatus string `json:\"sslStatus\"`\n\t\t\tSSLExpireDate string `json:\"sslExpireDate\"`\n\t\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\t\tCreatedAt string `json:\"createdAt\"`\n\t\t} `json:\"items\"`\n\t\tTotal int32 `json:\"total\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteSearch(req *WebsiteSearchRequest) (*WebsiteSearchResponse, error) {\n\treturn c.WebsiteSearchWithContext(context.Background(), req)\n}\n\nfunc (c *Client) WebsiteSearchWithContext(ctx context.Context, req *WebsiteSearchRequest) (*WebsiteSearchResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/websites/search\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSearchResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_website_ssl_get.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteSSLGetResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tID int64 `json:\"id\"`\n\t\tProvider string `json:\"provider\"`\n\t\tDescription string `json:\"description\"`\n\t\tPrimaryDomain string `json:\"primaryDomain\"`\n\t\tDomains string `json:\"domains\"`\n\t\tType string `json:\"type\"`\n\t\tOrganization string `json:\"organization\"`\n\t\tStatus string `json:\"status\"`\n\t\tStartDate string `json:\"startDate\"`\n\t\tExpireDate string `json:\"expireDate\"`\n\t\tCreatedAt string `json:\"createdAt\"`\n\t\tUpdatedAt string `json:\"updatedAt\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteSSLGet(sslId int64) (*WebsiteSSLGetResponse, error) {\n\treturn c.WebsiteSSLGetWithContext(context.Background(), sslId)\n}\n\nfunc (c *Client) WebsiteSSLGetWithContext(ctx context.Context, sslId int64) (*WebsiteSSLGetResponse, error) {\n\tif sslId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset sslId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/websites/ssl/%d\", sslId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSSLGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_website_ssl_search.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype WebsiteSSLSearchRequest struct {\n\tDomain string `json:\"domain\"`\n\tPage int32 `json:\"page\"`\n\tPageSize int32 `json:\"pageSize\"`\n}\n\ntype WebsiteSSLSearchResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tItems []*struct {\n\t\t\tID int64 `json:\"id\"`\n\t\t\tPEM string `json:\"pem\"`\n\t\t\tPrivateKey string `json:\"privateKey\"`\n\t\t\tDomains string `json:\"domains\"`\n\t\t\tDescription string `json:\"description\"`\n\t\t\tStatus string `json:\"status\"`\n\t\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\t\tCreatedAt string `json:\"createdAt\"`\n\t\t} `json:\"items\"`\n\t\tTotal int32 `json:\"total\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteSSLSearch(req *WebsiteSSLSearchRequest) (*WebsiteSSLSearchResponse, error) {\n\treturn c.WebsiteSSLSearchWithContext(context.Background(), req)\n}\n\nfunc (c *Client) WebsiteSSLSearchWithContext(ctx context.Context, req *WebsiteSSLSearchRequest) (*WebsiteSSLSearchResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/websites/ssl/search\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSSLSearchResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/api_website_ssl_upload.go",
"content": "package onepanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype WebsiteSSLUploadRequest struct {\n\tSSLID int64 `json:\"sslID\"`\n\tType string `json:\"type\"`\n\tCertificate string `json:\"certificate\"`\n\tCertificatePath string `json:\"certificatePath\"`\n\tPrivateKey string `json:\"privateKey\"`\n\tPrivateKeyPath string `json:\"privateKeyPath\"`\n\tDescription string `json:\"description\"`\n}\n\ntype WebsiteSSLUploadResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) WebsiteSSLUpload(req *WebsiteSSLUploadRequest) (*WebsiteSSLUploadResponse, error) {\n\treturn c.WebsiteSSLUploadWithContext(context.Background(), req)\n}\n\nfunc (c *Client) WebsiteSSLUploadWithContext(ctx context.Context, req *WebsiteSSLUploadRequest) (*WebsiteSSLUploadResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/websites/ssl/upload\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSSLUploadResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/client.go",
"content": "package onepanel\n\nimport (\n\t\"crypto/md5\"\n\t\"crypto/tls\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/api/v1\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\ttimestamp := fmt.Sprintf(\"%d\", time.Now().Unix())\n\t\t\ttokenMd5 := md5.Sum([]byte(\"1panel\" + apiKey + timestamp))\n\t\t\ttokenMd5Hex := hex.EncodeToString(tokenMd5[:])\n\t\t\treq.Header.Set(\"1Panel-Timestamp\", timestamp)\n\t\t\treq.Header.Set(\"1Panel-Token\", tokenMd5Hex)\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode/100 != 2 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/types.go",
"content": "package onepanel\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_core_settings_ssl_update.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CoreSettingsSSLUpdateRequest struct {\n\tCert string `json:\"cert\"`\n\tKey string `json:\"key\"`\n\tSSLType string `json:\"sslType\"`\n\tSSL string `json:\"ssl\"`\n\tSSLID int64 `json:\"sslID\"`\n\tAutoRestart string `json:\"autoRestart\"`\n}\n\ntype CoreSettingsSSLUpdateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) CoreSettingsSSLUpdate(req *CoreSettingsSSLUpdateRequest) (*CoreSettingsSSLUpdateResponse, error) {\n\treturn c.CoreSettingsSSLUpdateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CoreSettingsSSLUpdateWithContext(ctx context.Context, req *CoreSettingsSSLUpdateRequest) (*CoreSettingsSSLUpdateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/core/settings/ssl/update\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CoreSettingsSSLUpdateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_website_get.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteGetRequest struct {\n\tName string `json:\"name\"`\n\tType string `json:\"type\"`\n\tPage int32 `json:\"page\"`\n\tPageSize int32 `json:\"pageSize\"`\n}\n\ntype WebsiteGetResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tID int64 `json:\"id\"`\n\t\tAlias string `json:\"alias\"`\n\t\tPrimaryDomain string `json:\"primaryDomain\"`\n\t\tProtocol string `json:\"protocol\"`\n\t\tType string `json:\"type\"`\n\t\tStatus string `json:\"status\"`\n\t\tSitePath string `json:\"sitePath\"`\n\t\tRemark string `json:\"remark\"`\n\t\tDomains []*struct {\n\t\t\tID int64 `json:\"id\"`\n\t\t\tDomain string `json:\"domain\"`\n\t\t\tPort int32 `json:\"port\"`\n\t\t\tSSL bool `json:\"ssl\"`\n\t\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\t\tCreatedAt string `json:\"createdAt\"`\n\t\t} `json:\"domains,omitempty\"`\n\t\tWebsiteSSLId int64 `json:\"webSiteSSLId\"`\n\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\tCreatedAt string `json:\"createdAt\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteGet(websiteId int64) (*WebsiteGetResponse, error) {\n\treturn c.WebsiteGetWithContext(context.Background(), websiteId)\n}\n\nfunc (c *Client) WebsiteGetWithContext(ctx context.Context, websiteId int64) (*WebsiteGetResponse, error) {\n\tif websiteId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset websiteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/websites/%d\", websiteId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_website_https_get.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteHttpsGetResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tEnable bool `json:\"enable\"`\n\t\tHttpConfig string `json:\"httpConfig\"`\n\t\tWebsiteSSLID int64 `json:\"websiteSSLId\"`\n\t\tSSLProtocol []string `json:\"SSLProtocol\"`\n\t\tAlgorithm string `json:\"algorithm\"`\n\t\tHsts bool `json:\"hsts\"`\n\t\tHttp3 bool `json:\"http3\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteHttpsGet(websiteId int64) (*WebsiteHttpsGetResponse, error) {\n\treturn c.WebsiteHttpsGetWithContext(context.Background(), websiteId)\n}\n\nfunc (c *Client) WebsiteHttpsGetWithContext(ctx context.Context, websiteId int64) (*WebsiteHttpsGetResponse, error) {\n\tif websiteId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset websiteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/websites/%d/https\", websiteId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteHttpsGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_website_https_post.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteHttpsPostRequest struct {\n\tWebsiteID int64 `json:\"websiteId\"`\n\tEnable bool `json:\"enable\"`\n\tType string `json:\"type\"`\n\tWebsiteSSLID int64 `json:\"websiteSSLId\"`\n\tHttpConfig string `json:\"httpConfig\"`\n\tSSLProtocol []string `json:\"SSLProtocol\"`\n\tAlgorithm string `json:\"algorithm\"`\n\tHsts bool `json:\"hsts\"`\n\tHttp3 bool `json:\"http3\"`\n}\n\ntype WebsiteHttpsPostResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) WebsiteHttpsPost(websiteId int64, req *WebsiteHttpsPostRequest) (*WebsiteHttpsPostResponse, error) {\n\treturn c.WebsiteHttpsPostWithContext(context.Background(), websiteId, req)\n}\n\nfunc (c *Client) WebsiteHttpsPostWithContext(ctx context.Context, websiteId int64, req *WebsiteHttpsPostRequest) (*WebsiteHttpsPostResponse, error) {\n\tif websiteId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset websiteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/websites/%d/https\", websiteId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\treq.WebsiteID = websiteId\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteHttpsPostResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_website_search.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype WebsiteSearchRequest struct {\n\tName string `json:\"name\"`\n\tType string `json:\"type\"`\n\tOrder string `json:\"order\"`\n\tOrderBy string `json:\"orderBy\"`\n\tPage int32 `json:\"page\"`\n\tPageSize int32 `json:\"pageSize\"`\n}\n\ntype WebsiteSearchResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tItems []*struct {\n\t\t\tID int64 `json:\"id\"`\n\t\t\tAlias string `json:\"alias\"`\n\t\t\tPrimaryDomain string `json:\"primaryDomain\"`\n\t\t\tProtocol string `json:\"protocol\"`\n\t\t\tType string `json:\"type\"`\n\t\t\tStatus string `json:\"status\"`\n\t\t\tSitePath string `json:\"sitePath\"`\n\t\t\tRemark string `json:\"remark\"`\n\t\t\tSSLStatus string `json:\"sslStatus\"`\n\t\t\tSSLExpireDate string `json:\"sslExpireDate\"`\n\t\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\t\tCreatedAt string `json:\"createdAt\"`\n\t\t} `json:\"items\"`\n\t\tTotal int32 `json:\"total\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteSearch(req *WebsiteSearchRequest) (*WebsiteSearchResponse, error) {\n\treturn c.WebsiteSearchWithContext(context.Background(), req)\n}\n\nfunc (c *Client) WebsiteSearchWithContext(ctx context.Context, req *WebsiteSearchRequest) (*WebsiteSearchResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/websites/search\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSearchResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_website_ssl_get.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype WebsiteSSLGetResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tID int64 `json:\"id\"`\n\t\tProvider string `json:\"provider\"`\n\t\tDescription string `json:\"description\"`\n\t\tPrimaryDomain string `json:\"primaryDomain\"`\n\t\tDomains string `json:\"domains\"`\n\t\tType string `json:\"type\"`\n\t\tOrganization string `json:\"organization\"`\n\t\tStatus string `json:\"status\"`\n\t\tStartDate string `json:\"startDate\"`\n\t\tExpireDate string `json:\"expireDate\"`\n\t\tCreatedAt string `json:\"createdAt\"`\n\t\tUpdatedAt string `json:\"updatedAt\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteSSLGet(sslId int64) (*WebsiteSSLGetResponse, error) {\n\treturn c.WebsiteSSLGetWithContext(context.Background(), sslId)\n}\n\nfunc (c *Client) WebsiteSSLGetWithContext(ctx context.Context, sslId int64) (*WebsiteSSLGetResponse, error) {\n\tif sslId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset sslId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/websites/ssl/%d\", sslId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSSLGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_website_ssl_search.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype WebsiteSSLSearchRequest struct {\n\tDomain string `json:\"domain\"`\n\tOrder string `json:\"order\"`\n\tOrderBy string `json:\"orderBy\"`\n\tPage int32 `json:\"page\"`\n\tPageSize int32 `json:\"pageSize\"`\n}\n\ntype WebsiteSSLSearchResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tItems []*struct {\n\t\t\tID int64 `json:\"id\"`\n\t\t\tPEM string `json:\"pem\"`\n\t\t\tPrivateKey string `json:\"privateKey\"`\n\t\t\tDomains string `json:\"domains\"`\n\t\t\tDescription string `json:\"description\"`\n\t\t\tStatus string `json:\"status\"`\n\t\t\tUpdatedAt string `json:\"updatedAt\"`\n\t\t\tCreatedAt string `json:\"createdAt\"`\n\t\t} `json:\"items\"`\n\t\tTotal int32 `json:\"total\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) WebsiteSSLSearch(req *WebsiteSSLSearchRequest) (*WebsiteSSLSearchResponse, error) {\n\treturn c.WebsiteSSLSearchWithContext(context.Background(), req)\n}\n\nfunc (c *Client) WebsiteSSLSearchWithContext(ctx context.Context, req *WebsiteSSLSearchRequest) (*WebsiteSSLSearchResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/websites/ssl/search\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSSLSearchResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/api_website_ssl_upload.go",
"content": "package v2\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype WebsiteSSLUploadRequest struct {\n\tSSLID int64 `json:\"sslID\"`\n\tType string `json:\"type\"`\n\tCertificate string `json:\"certificate\"`\n\tCertificatePath string `json:\"certificatePath\"`\n\tPrivateKey string `json:\"privateKey\"`\n\tPrivateKeyPath string `json:\"privateKeyPath\"`\n\tDescription string `json:\"description\"`\n}\n\ntype WebsiteSSLUploadResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) WebsiteSSLUpload(req *WebsiteSSLUploadRequest) (*WebsiteSSLUploadResponse, error) {\n\treturn c.WebsiteSSLUploadWithContext(context.Background(), req)\n}\n\nfunc (c *Client) WebsiteSSLUploadWithContext(ctx context.Context, req *WebsiteSSLUploadRequest) (*WebsiteSSLUploadResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/websites/ssl/upload\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &WebsiteSSLUploadResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/client.go",
"content": "package v2\n\nimport (\n\t\"crypto/md5\"\n\t\"crypto/tls\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/api/v2\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\ttimestamp := fmt.Sprintf(\"%d\", time.Now().Unix())\n\t\t\ttokenMd5 := md5.Sum([]byte(\"1panel\" + apiKey + timestamp))\n\t\t\ttokenMd5Hex := hex.EncodeToString(tokenMd5[:])\n\t\t\treq.Header.Set(\"1Panel-Timestamp\", timestamp)\n\t\t\treq.Header.Set(\"1Panel-Token\", tokenMd5Hex)\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc NewClientWithNode(serverUrl, apiKey, node string) (*Client, error) {\n\tclient, err := NewClient(serverUrl, apiKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif node == \"\" {\n\t\tnode = \"local\"\n\t}\n\tclient.client.SetHeader(\"CurrentNode\", node)\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode/100 != 2 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/1panel/v2/types.go",
"content": "package v2\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/51dnscom/api_domain_list.go",
"content": "package dnscom\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype DomainListRequest struct {\n\tGroupID *string `json:\"groupID,omitempty\"`\n\tPage *int32 `json:\"page,omitempty\"`\n\tPageSize *int32 `json:\"pageSize,omitempty\"`\n}\n\ntype DomainListResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tData []*DomainRecord `json:\"data\"`\n\t\tPage int32 `json:\"page\"`\n\t\tPageSize int32 `json:\"pageSize\"`\n\t\tPageCount int32 `json:\"pageCount\"`\n\t} `json:\"data\"`\n}\n\nfunc (c *Client) DomainList(req *DomainListRequest) (*DomainListResponse, error) {\n\treturn c.DomainListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) DomainListWithContext(ctx context.Context, req *DomainListRequest) (*DomainListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/domain/list/\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DomainListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/51dnscom/api_record_create.go",
"content": "package dnscom\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype RecordCreateRequest struct {\n\tDomainID *string `json:\"domainID,omitempty\"`\n\tViewID *string `json:\"viewID,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tHost *string `json:\"host,omitempty\"`\n\tValue *string `json:\"value,omitempty\"`\n\tTTL *int32 `json:\"ttl,omitempty\"`\n\tMX *int32 `json:\"mx,omitempty\"`\n\tRemark *string `json:\"remark,omitempty\"`\n}\n\ntype RecordCreateResponse struct {\n\tsdkResponseBase\n\n\tData *DNSRecord `json:\"data\"`\n}\n\nfunc (c *Client) RecordCreate(req *RecordCreateRequest) (*RecordCreateResponse, error) {\n\treturn c.RecordCreateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) RecordCreateWithContext(ctx context.Context, req *RecordCreateRequest) (*RecordCreateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/record/create/\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &RecordCreateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/51dnscom/api_record_remove.go",
"content": "package dnscom\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype RecordRemoveRequest struct {\n\tDomainID *string `json:\"domainID,omitempty\"`\n\tRecordID *string `json:\"recordID,omitempty\"`\n}\n\ntype RecordRemoveResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) RecordRemove(req *RecordRemoveRequest) (*RecordRemoveResponse, error) {\n\treturn c.RecordRemoveWithContext(context.Background(), req)\n}\n\nfunc (c *Client) RecordRemoveWithContext(ctx context.Context, req *RecordRemoveRequest) (*RecordRemoveResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/record/remove/\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &RecordRemoveResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/51dnscom/client.go",
"content": "package dnscom\n\nimport (\n\t\"crypto/md5\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"sort\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tapiKey string\n\tapiSecret string\n\n\tclient *resty.Client\n}\n\nfunc NewClient(apiKey, apiSecret string) (*Client, error) {\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\tif apiSecret == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiSecret\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://www.51dns.com/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{\n\t\tapiKey: apiKey,\n\t\tapiSecret: apiSecret,\n\t\tclient: client,\n\t}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string, params any) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\tdata := make(map[string]string)\n\tif params != nil {\n\t\ttemp := make(map[string]any)\n\t\tjsonb, _ := json.Marshal(params)\n\t\tjson.Unmarshal(jsonb, &temp)\n\t\tfor k, v := range temp {\n\t\t\tif v == nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdata[k] = fmt.Sprintf(\"%v\", v)\n\t\t}\n\t}\n\n\tdata[\"apiKey\"] = c.apiKey\n\tdata[\"timestamp\"] = fmt.Sprintf(\"%d\", time.Now().Unix())\n\tdata[\"hash\"] = generateHash(data, c.apiSecret)\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treq.SetBody(data)\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetBody` or `req.SetFormData` HERE! USE `newRequest` INSTEAD.\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 0 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc generateHash(params map[string]string, secert string) string {\n\tvar keyList []string\n\tfor k := range params {\n\t\tkeyList = append(keyList, k)\n\t}\n\tsort.Strings(keyList)\n\n\tvar hashString string\n\tfor _, key := range keyList {\n\t\tif hashString == \"\" {\n\t\t\thashString += key + \"=\" + params[key]\n\t\t} else {\n\t\t\thashString += \"&\" + key + \"=\" + params[key]\n\t\t}\n\t}\n\n\tm := md5.New()\n\tm.Write([]byte(hashString + secert))\n\tcipherStr := m.Sum(nil)\n\treturn hex.EncodeToString(cipherStr)\n}\n"
},
{
"path": "pkg/sdk3rd/51dnscom/types.go",
"content": "package dnscom\n\nimport (\n\t\"encoding/json\"\n)\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode int `json:\"code\"`\n\tMessage string `json:\"message\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\treturn r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\treturn r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DomainRecord struct {\n\tGroupID json.Number `json:\"groupID\"`\n\tDomainID json.Number `json:\"domainsID\"`\n\tDomain string `json:\"domains\"`\n\tState int32 `json:\"state\"`\n\tUserLockState int32 `json:\"userLock\"`\n\tAdminLockState int32 `json:\"adminLock\"`\n\tHealthState int32 `json:\"healthState\"`\n\tViewType string `json:\"view_type\"`\n}\n\ntype DNSRecord struct {\n\tDomainID json.Number `json:\"domainID\"`\n\tRecordID json.Number `json:\"recordID\"`\n\tViewID json.Number `json:\"viewID\"`\n\tRecord string `json:\"record\"`\n\tType string `json:\"type\"`\n\tHost string `json:\"host\"`\n\tValue string `json:\"value\"`\n\tTTL int32 `json:\"ttl\"`\n\tMX int32 `json:\"mx\"`\n\tState int32 `json:\"state\"`\n\tRemark string `json:\"remark\"`\n}\n"
},
{
"path": "pkg/sdk3rd/apisix/api_ssl_update.go",
"content": "package apisix\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype SslUpdateRequest = SslCertificate\n\ntype SslUpdateResponse = SslCertificate\n\nfunc (c *Client) SslUpdate(sslId string, req *SslUpdateRequest) (*SslUpdateResponse, error) {\n\treturn c.SslUpdateWithContext(context.Background(), sslId, req)\n}\n\nfunc (c *Client) SslUpdateWithContext(ctx context.Context, sslId string, req *SslUpdateRequest) (*SslUpdateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/ssls/%s\", url.PathEscape(sslId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SslUpdateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/apisix/client.go",
"content": "package apisix\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/apisix/admin\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetHeader(\"X-Api-Key\", apiKey)\n\n\treturn &Client{\n\t\tclient: client,\n\t}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res interface{}) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/apisix/types.go",
"content": "package apisix\n\ntype SslCertificate struct {\n\tID *string `json:\"id,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\"`\n\tCertificate *string `json:\"cert,omitempty\"`\n\tPrivateKey *string `json:\"key,omitempty\"`\n\tSNIs *[]string `json:\"snis,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tValidityStart *int64 `json:\"validity_start,omitempty\"`\n\tValidityEnd *int64 `json:\"validity_end,omitempty\"`\n\tLabels *map[string]string `json:\"labels,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/azure/env/config.go",
"content": "package env\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\n\t\"github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud\"\n)\n\nfunc IsPublicEnv(env string) bool {\n\tswitch strings.ToLower(env) {\n\tcase \"\", \"default\", \"public\", \"azurecloud\":\n\t\treturn true\n\tdefault:\n\t\treturn false\n\t}\n}\n\nfunc IsUSGovernmentEnv(env string) bool {\n\tswitch strings.ToLower(env) {\n\tcase \"usgovernment\", \"government\", \"azureusgovernment\", \"azuregovernment\":\n\t\treturn true\n\tdefault:\n\t\treturn false\n\t}\n}\n\nfunc IsChinaEnv(env string) bool {\n\tswitch strings.ToLower(env) {\n\tcase \"china\", \"chinacloud\", \"azurechina\", \"azurechinacloud\":\n\t\treturn true\n\tdefault:\n\t\treturn false\n\t}\n}\n\nfunc GetCloudEnvConfiguration(env string) (cloud.Configuration, error) {\n\tif IsPublicEnv(env) {\n\t\treturn cloud.AzurePublic, nil\n\t} else if IsUSGovernmentEnv(env) {\n\t\treturn cloud.AzureGovernment, nil\n\t} else if IsChinaEnv(env) {\n\t\treturn cloud.AzureChina, nil\n\t}\n\n\treturn cloud.Configuration{}, fmt.Errorf(\"unknown azure cloud environment %s\", env)\n}\n"
},
{
"path": "pkg/sdk3rd/baiducloud/cert/cert.go",
"content": "package cert\n\nimport (\n\t\"errors\"\n\t\"fmt\"\n\n\t\"github.com/baidubce/bce-sdk-go/bce\"\n\t\"github.com/baidubce/bce-sdk-go/http\"\n\t\"github.com/baidubce/bce-sdk-go/services/cert\"\n)\n\nfunc (c *Client) CreateCert(args *CreateCertArgs) (*CreateCertResult, error) {\n\tif args == nil {\n\t\treturn nil, errors.New(\"unset args\")\n\t}\n\n\tresult, err := c.Client.CreateCert(&args.CreateCertArgs)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &CreateCertResult{CreateCertResult: *result}, nil\n}\n\nfunc (c *Client) ListCerts() (*ListCertResult, error) {\n\tresult, err := c.Client.ListCerts()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &ListCertResult{ListCertResult: *result}, nil\n}\n\nfunc (c *Client) ListCertDetail() (*ListCertDetailResult, error) {\n\tresult, err := c.Client.ListCertDetail()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &ListCertDetailResult{ListCertDetailResult: *result}, nil\n}\n\nfunc (c *Client) GetCertMeta(id string) (*CertificateMeta, error) {\n\tresult, err := c.Client.GetCertMeta(id)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &CertificateMeta{CertificateMeta: *result}, nil\n}\n\nfunc (c *Client) GetCertDetail(id string) (*CertificateDetailMeta, error) {\n\tresult, err := c.Client.GetCertDetail(id)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &CertificateDetailMeta{CertificateDetailMeta: *result}, nil\n}\n\nfunc (c *Client) GetCertRawData(id string) (*CertificateRawData, error) {\n\tresult := &CertificateRawData{}\n\terr := bce.NewRequestBuilder(c).\n\t\tWithMethod(http.GET).\n\t\tWithURL(cert.URI_PREFIX + cert.REQUEST_CERT_URL + \"/\" + id + \"/rawData\").\n\t\tWithResult(result).\n\t\tDo()\n\n\treturn result, err\n}\n\nfunc (c *Client) UpdateCertName(id string, args *UpdateCertNameArgs) error {\n\tif args == nil {\n\t\treturn errors.New(\"unset args\")\n\t}\n\n\terr := c.Client.UpdateCertName(id, &args.UpdateCertNameArgs)\n\treturn err\n}\n\nfunc (c *Client) UpdateCertData(id string, args *UpdateCertDataArgs) error {\n\tif args == nil {\n\t\treturn fmt.Errorf(\"unset args\")\n\t}\n\n\terr := c.Client.UpdateCertData(id, &args.UpdateCertDataArgs)\n\treturn err\n}\n\nfunc (c *Client) DeleteCert(id string) error {\n\terr := c.Client.DeleteCert(id)\n\treturn err\n}\n"
},
{
"path": "pkg/sdk3rd/baiducloud/cert/client.go",
"content": "package cert\n\nimport (\n\t\"github.com/baidubce/bce-sdk-go/services/cert\"\n)\n\ntype Client struct {\n\t*cert.Client\n}\n\nfunc NewClient(ak, sk, endPoint string) (*Client, error) {\n\tclient, err := cert.NewClient(ak, sk, endPoint)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client}, nil\n}\n"
},
{
"path": "pkg/sdk3rd/baiducloud/cert/model.go",
"content": "package cert\n\nimport \"github.com/baidubce/bce-sdk-go/services/cert\"\n\ntype CreateCertArgs struct {\n\tcert.CreateCertArgs\n}\n\ntype CreateCertResult struct {\n\tcert.CreateCertResult\n}\n\ntype UpdateCertNameArgs struct {\n\tcert.UpdateCertNameArgs\n}\n\ntype CertificateMeta struct {\n\tcert.CertificateMeta\n}\n\ntype CertificateDetailMeta struct {\n\tcert.CertificateDetailMeta\n}\n\ntype CertificateRawData struct {\n\tCertId string `json:\"certId\"`\n\tCertName string `json:\"certName\"`\n\tCertServerData string `json:\"certServerData\"`\n\tCertPrivateData string `json:\"certPrivateKey\"`\n\tCertLinkData string `json:\"certLinkData,omitempty\"`\n\tCertType int `json:\"certType,omitempty\"`\n}\n\ntype ListCertResult struct {\n\tcert.ListCertResult\n}\n\ntype ListCertDetailResult struct {\n\tcert.ListCertDetailResult\n}\n\ntype UpdateCertDataArgs struct {\n\tcert.UpdateCertDataArgs\n}\n\ntype CertInServiceMeta struct {\n\tcert.CertInServiceMeta\n}\n"
},
{
"path": "pkg/sdk3rd/baishan/api_get_domain_config.go",
"content": "package baishan\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype GetDomainConfigRequest struct {\n\tDomains *string `json:\"domains,omitempty\" url:\"domains,omitempty\"`\n\tConfig *[]string `json:\"config,omitempty\" url:\"config,omitempty\"`\n}\n\ntype GetDomainConfigResponse struct {\n\tsdkResponseBase\n\n\tData []*struct {\n\t\tDomain string `json:\"domain\"`\n\t\tConfig *DomainConfig `json:\"config\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) GetDomainConfig(req *GetDomainConfigRequest) (*GetDomainConfigResponse, error) {\n\treturn c.GetDomainConfigWithContext(context.Background(), req)\n}\n\nfunc (c *Client) GetDomainConfigWithContext(ctx context.Context, req *GetDomainConfigRequest) (*GetDomainConfigResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v2/domain/config\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tif req.Domains != nil {\n\t\t\thttpreq.SetQueryParam(\"domains\", *req.Domains)\n\t\t}\n\t\tif req.Config != nil {\n\t\t\tfor _, config := range *req.Config {\n\t\t\t\thttpreq.QueryParam.Add(\"config[]\", config)\n\t\t\t}\n\t\t}\n\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetDomainConfigResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/baishan/api_get_domain_list.go",
"content": "package baishan\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype GetDomainListRequest struct {\n\tPageNumber *int32 `json:\"page_number,omitempty\" url:\"page_number,omitempty\"`\n\tPageSize *int32 `json:\"page_size,omitempty\" url:\"page_size,omitempty\"`\n\tDomainStatus *string `json:\"domain_status,omitempty\" url:\"domain_status,omitempty\"`\n}\n\ntype GetDomainListResponse struct {\n\tsdkResponseBase\n\n\tData []*struct {\n\t\tList []*DomainRecord `json:\"list\"`\n\t\tPageNumber json.Number `json:\"page_number\"`\n\t\tPageSize json.Number `json:\"page_size\"`\n\t\tTotalNumber json.Number `json:\"total_number\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) GetDomainList(req *GetDomainListRequest) (*GetDomainListResponse, error) {\n\treturn c.GetDomainListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) GetDomainListWithContext(ctx context.Context, req *GetDomainListRequest) (*GetDomainListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v2/domain/list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetDomainListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/baishan/api_set_domain_config.go",
"content": "package baishan\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SetDomainConfigRequest struct {\n\tDomains *string `json:\"domains,omitempty\"`\n\tConfig *DomainConfig `json:\"config,omitempty\"`\n}\n\ntype SetDomainConfigResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tConfig *DomainConfig `json:\"config\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) SetDomainConfig(req *SetDomainConfigRequest) (*SetDomainConfigResponse, error) {\n\treturn c.SetDomainConfigWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SetDomainConfigWithContext(ctx context.Context, req *SetDomainConfigRequest) (*SetDomainConfigResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v2/domain/config\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SetDomainConfigResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/baishan/api_upload_domain_certificate.go",
"content": "package baishan\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UploadDomainCertificateRequest struct {\n\tCertificateId *string `json:\"cert_id,omitempty\"`\n\tCertificate *string `json:\"certificate,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n\tName *string `json:\"name,omitempty\"`\n}\n\ntype UploadDomainCertificateResponse struct {\n\tsdkResponseBase\n\n\tData *DomainCertificate `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) UploadDomainCertificate(req *UploadDomainCertificateRequest) (*UploadDomainCertificateResponse, error) {\n\treturn c.UploadDomainCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UploadDomainCertificateWithContext(ctx context.Context, req *UploadDomainCertificateRequest) (*UploadDomainCertificateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v2/domain/certificate\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UploadDomainCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/baishan/client.go",
"content": "package baishan\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(apiToken string) (*Client, error) {\n\tif apiToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://cdn.api.baishan.com\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetQueryParam(\"token\", apiToken)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 0 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/baishan/types.go",
"content": "package baishan\n\nimport (\n\t\"encoding/json\"\n)\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DomainRecord struct {\n\tId string `json:\"id\"`\n\tDomain string `json:\"domain\"`\n\tType string `json:\"type\"`\n\tStatus string `json:\"status\"`\n\tCname string `json:\"cname\"`\n\tArea string `json:\"area\"`\n\tCreateTime string `json:\"create_time\"`\n\tUpdateTime string `json:\"update_time\"`\n}\n\ntype DomainCertificate struct {\n\tCertId json.Number `json:\"cert_id\"`\n\tName string `json:\"name\"`\n\tCertStartTime string `json:\"cert_start_time\"`\n\tCertExpireTime string `json:\"cert_expire_time\"`\n}\n\ntype DomainConfig struct {\n\tHttps *DomainConfigHttps `json:\"https\"`\n}\n\ntype DomainConfigHttps struct {\n\tCertId json.Number `json:\"cert_id\"`\n\tForceHttps *string `json:\"force_https,omitempty\"`\n\tEnableHttp2 *string `json:\"http2,omitempty\"`\n\tEnableOcsp *string `json:\"ocsp,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/api_config_save_panel_ssl.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ConfigSavePanelSSLRequest struct {\n\tPrivateKey string `json:\"privateKey\"`\n\tCertificate string `json:\"certPem\"`\n}\n\ntype ConfigSavePanelSSLResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) ConfigSavePanelSSL(req *ConfigSavePanelSSLRequest) (*ConfigSavePanelSSLResponse, error) {\n\treturn c.ConfigSavePanelSSLWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ConfigSavePanelSSLWithContext(ctx context.Context, req *ConfigSavePanelSSLRequest) (*ConfigSavePanelSSLResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/config?action=SavePanelSSL\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ConfigSavePanelSSLResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/api_mod_proxy_com_set_ssl.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ModProxyComSetSSLRequest struct {\n\tSiteName string `json:\"site_name\"`\n\tPrivateKey string `json:\"key\"`\n\tCertificate string `json:\"csr\"`\n}\n\ntype ModProxyComSetSSLResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) ModProxyComSetSSL(req *ModProxyComSetSSLRequest) (*ModProxyComSetSSLResponse, error) {\n\treturn c.ModProxyComSetSSLWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ModProxyComSetSSLWithContext(ctx context.Context, req *ModProxyComSetSSLRequest) (*ModProxyComSetSSLResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/mod/proxy/com/set_ssl\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ModProxyComSetSSLResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/api_site_set_ssl.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SiteSetSSLRequest struct {\n\tType string `json:\"type\"`\n\tSiteName string `json:\"siteName\"`\n\tPrivateKey string `json:\"key\"`\n\tCertificate string `json:\"csr\"`\n}\n\ntype SiteSetSSLResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SiteSetSSL(req *SiteSetSSLRequest) (*SiteSetSSLResponse, error) {\n\treturn c.SiteSetSSLWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SiteSetSSLWithContext(ctx context.Context, req *SiteSetSSLRequest) (*SiteSetSSLResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/site?action=SetSSL\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SiteSetSSLResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/api_ssl_cert_save_cert.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SSLCertSaveCertRequest struct {\n\tPrivateKey string `json:\"key\"`\n\tCertificate string `json:\"csr\"`\n}\n\ntype SSLCertSaveCertResponse struct {\n\tsdkResponseBase\n\n\tSSLHash string `json:\"ssl_hash\"`\n}\n\nfunc (c *Client) SSLCertSaveCert(req *SSLCertSaveCertRequest) (*SSLCertSaveCertResponse, error) {\n\treturn c.SSLCertSaveCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SSLCertSaveCertWithContext(ctx context.Context, req *SSLCertSaveCertRequest) (*SSLCertSaveCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/ssl/cert/save_cert\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SSLCertSaveCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/api_ssl_set_batch_cert_to_site.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SSLSetBatchCertToSiteRequest struct {\n\tBatchInfo []*SSLSetBatchCertToSiteRequestBatchInfo `json:\"BatchInfo\"`\n}\n\ntype SSLSetBatchCertToSiteRequestBatchInfo struct {\n\tSSLHash string `json:\"ssl_hash\"`\n\tSiteName string `json:\"siteName\"`\n\tCertName string `json:\"certName\"`\n}\n\ntype SSLSetBatchCertToSiteResponse struct {\n\tsdkResponseBase\n\n\tTotalCount int32 `json:\"total\"`\n\tSuccessCount int32 `json:\"success\"`\n\tFailedCount int32 `json:\"faild\"`\n}\n\nfunc (c *Client) SSLSetBatchCertToSite(req *SSLSetBatchCertToSiteRequest) (*SSLSetBatchCertToSiteResponse, error) {\n\treturn c.SSLSetBatchCertToSiteWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SSLSetBatchCertToSiteWithContext(ctx context.Context, req *SSLSetBatchCertToSiteRequest) (*SSLSetBatchCertToSiteResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/ssl?action=SetBatchCertToSite\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SSLSetBatchCertToSiteResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/api_system_service_admin.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SystemServiceAdminRequest struct {\n\tName string `json:\"name\"`\n\tType string `json:\"type\"`\n}\n\ntype SystemServiceAdminResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SystemServiceAdmin(req *SystemServiceAdminRequest) (*SystemServiceAdminResponse, error) {\n\treturn c.SystemServiceAdminWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SystemServiceAdminWithContext(ctx context.Context, req *SystemServiceAdminRequest) (*SystemServiceAdminResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/system?action=ServiceAdmin\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SystemServiceAdminResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/client.go",
"content": "package btpanel\n\nimport (\n\t\"crypto/md5\"\n\t\"crypto/tls\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"reflect\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tapiKey string\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")).\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/x-www-form-urlencoded\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{\n\t\tapiKey: apiKey,\n\t\tclient: client,\n\t}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string, params any) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\tdata := make(map[string]string)\n\tif params != nil {\n\t\ttemp := make(map[string]any)\n\t\tjsonb, _ := json.Marshal(params)\n\t\tjson.Unmarshal(jsonb, &temp)\n\t\tfor k, v := range temp {\n\t\t\tif v == nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tswitch reflect.Indirect(reflect.ValueOf(v)).Kind() {\n\t\t\tcase reflect.String:\n\t\t\t\tdata[k] = v.(string)\n\n\t\t\tcase reflect.Bool, reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64:\n\t\t\t\tdata[k] = fmt.Sprintf(\"%v\", v)\n\n\t\t\tdefault:\n\t\t\t\tif t, ok := v.(time.Time); ok {\n\t\t\t\t\tdata[k] = t.Format(time.RFC3339)\n\t\t\t\t} else {\n\t\t\t\t\tjsonb, _ := json.Marshal(v)\n\t\t\t\t\tdata[k] = string(jsonb)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\ttimestamp := time.Now().Unix()\n\tdata[\"request_time\"] = fmt.Sprintf(\"%d\", timestamp)\n\tdata[\"request_token\"] = generateSignature(fmt.Sprintf(\"%d\", timestamp), c.apiKey)\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treq.SetFormData(data)\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetBody` or `req.SetFormData` HERE! USE `newRequest` INSTEAD.\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tstatus := res.GetStatus(); tstatus != nil && !*tstatus {\n\t\t\t\tif res.GetMessage() == nil {\n\t\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: unknown error\")\n\t\t\t\t} else {\n\t\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: message='%s'\", *res.GetMessage())\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc generateSignature(timestamp string, apiKey string) string {\n\tkeyMd5 := md5.Sum([]byte(apiKey))\n\tkeyMd5Hex := strings.ToLower(hex.EncodeToString(keyMd5[:]))\n\n\tsignMd5 := md5.Sum([]byte(timestamp + keyMd5Hex))\n\tsignMd5Hex := strings.ToLower(hex.EncodeToString(signMd5[:]))\n\treturn signMd5Hex\n}\n"
},
{
"path": "pkg/sdk3rd/btpanel/types.go",
"content": "package btpanel\n\ntype sdkResponse interface {\n\tGetStatus() *bool\n\tGetMessage() *string\n}\n\ntype sdkResponseBase struct {\n\tStatus *bool `json:\"status,omitempty\"`\n\tMessage *string `json:\"msg,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatus() *bool {\n\treturn r.Status\n}\n\nfunc (r *sdkResponseBase) GetMessage() *string {\n\treturn r.Message\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/api_config_set_panel_ssl.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ConfigSetPanelSSLRequest struct {\n\tSSLStatus *int32 `json:\"ssl_status,omitempty\"`\n\tSSLKey *string `json:\"ssl_key,omitempty\"`\n\tSSLPem *string `json:\"ssl_pem,omitempty\"`\n}\n\ntype ConfigSetPanelSSLResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) ConfigSetPanelSSL(req *ConfigSetPanelSSLRequest) (*ConfigSetPanelSSLResponse, error) {\n\treturn c.ConfigSetPanelSSLWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ConfigSetPanelSSLWithContext(ctx context.Context, req *ConfigSetPanelSSLRequest) (*ConfigSetPanelSSLResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/config/set_panel_ssl\", req, false)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ConfigSetPanelSSLResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/api_datalist_get_data_list.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype DatalistGetDataListRequest struct {\n\tTable *string `json:\"table,omitempty\"`\n\tSearchType *string `json:\"search_type,omitempty\"`\n\tSearchString *string `json:\"search,omitempty\"`\n\tPage *int32 `json:\"p,omitempty\"`\n\tLimit *int32 `json:\"limit,omitempty\"`\n\tOrder *string `json:\"order,omitempty\"`\n\tType *int32 `json:\"type,omitempty\"`\n}\n\ntype DatalistGetDataListResponse struct {\n\tsdkResponseBase\n\tData []*SiteData `json:\"data,omitempty\"`\n\tPage *PageData `json:\"page,omitempty\"`\n}\n\nfunc (c *Client) DatalistGetDataList(req *DatalistGetDataListRequest) (*DatalistGetDataListResponse, error) {\n\treturn c.DatalistGetDataListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) DatalistGetDataListWithContext(ctx context.Context, req *DatalistGetDataListRequest) (*DatalistGetDataListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/datalist/get_data_list\", req, false)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DatalistGetDataListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/api_files_upload.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype FilesUploadRequest struct {\n\tPath *string `json:\"path,omitempty\"`\n\tName *string `json:\"filename,omitempty\"`\n\tStart *int32 `json:\"start,omitempty\"`\n\tSize *int32 `json:\"size,omitempty\"`\n\tBlob []byte `json:\"-\" form:\"blob\"`\n\tForce *bool `json:\"force,omitempty\"`\n}\n\ntype FilesUploadResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) FilesUpload(req *FilesUploadRequest) (*FilesUploadResponse, error) {\n\treturn c.FilesUploadWithContext(context.Background(), req)\n}\n\nfunc (c *Client) FilesUploadWithContext(ctx context.Context, req *FilesUploadRequest) (*FilesUploadResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/files/upload\", req, true)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &FilesUploadResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/api_panel_get_config.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype PanelGetConfigRequest struct{}\n\ntype PanelGetConfigResponse struct {\n\tsdkResponseBase\n\n\tPaths *struct {\n\t\tPanel string `json:\"panel,omitempty\"`\n\t\tSoft string `json:\"soft,omitempty\"`\n\t} `json:\"paths,omitempty\"`\n\tSite *struct {\n\t\tWebServer string `json:\"webserver,omitempty\"`\n\t\tSitesPath string `json:\"sites_path,omitempty\"`\n\t\tBackupPath string `json:\"backup_path,omitempty\"`\n\t} `json:\"site,omitempty\"`\n}\n\nfunc (c *Client) PanelGetConfig(req *PanelGetConfigRequest) (*PanelGetConfigResponse, error) {\n\treturn c.PanelGetConfigWithContext(context.Background(), req)\n}\n\nfunc (c *Client) PanelGetConfigWithContext(ctx context.Context, req *PanelGetConfigRequest) (*PanelGetConfigResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/panel/get_config\", req, false)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &PanelGetConfigResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/api_site_get_project_list.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SiteGetProjectListRequest struct {\n\tSearchType *string `json:\"search_type,omitempty\"`\n\tSearchString *string `json:\"search,omitempty\"`\n\tPage *int32 `json:\"p,omitempty\"`\n\tLimit *int32 `json:\"limit,omitempty\"`\n\tOrder *string `json:\"order,omitempty\"`\n}\n\ntype SiteGetProjectListResponse struct {\n\tsdkResponseBase\n\tData []*SiteData `json:\"data,omitempty\"`\n\tPage *PageData `json:\"page,omitempty\"`\n}\n\nfunc (c *Client) SiteGetProjectList(req *SiteGetProjectListRequest) (*SiteGetProjectListResponse, error) {\n\treturn c.SiteGetProjectListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SiteGetProjectListWithContext(ctx context.Context, req *SiteGetProjectListRequest) (*SiteGetProjectListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/site/get_project_list\", req, false)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SiteGetProjectListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/api_site_set_site_pfx_ssl.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SiteSetSitePFXSSLRequest struct {\n\tSiteId *int32 `json:\"siteid,omitempty\"`\n\tPFX *string `json:\"pfx,omitempty\"`\n\tPassword *string `json:\"password,omitempty\"`\n}\n\ntype SiteSetSitePFXSSLResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SiteSetSitePFXSSL(req *SiteSetSitePFXSSLRequest) (*SiteSetSitePFXSSLResponse, error) {\n\treturn c.SiteSetSitePFXSSLWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SiteSetSitePFXSSLWithContext(ctx context.Context, req *SiteSetSitePFXSSLRequest) (*SiteSetSitePFXSSLResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/site/set_site_pfx_ssl\", req, false)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SiteSetSitePFXSSLResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/api_site_set_site_ssl.go",
"content": "package btpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SiteSetSiteSSLRequest struct {\n\tSiteId *int32 `json:\"siteid,omitempty\"`\n\tStatus *bool `json:\"status,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n\tCert *string `json:\"cert,omitempty\"`\n}\n\ntype SiteSetSiteSSLResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SiteSetSiteSSL(req *SiteSetSiteSSLRequest) (*SiteSetSiteSSLResponse, error) {\n\treturn c.SiteSetSiteSSLWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SiteSetSiteSSLWithContext(ctx context.Context, req *SiteSetSiteSSLRequest) (*SiteSetSiteSSLResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/site/set_site_ssl\", req, false)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SiteSetSiteSSLResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/client.go",
"content": "package btpanel\n\nimport (\n\t\"bytes\"\n\t\"crypto/md5\"\n\t\"crypto/tls\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"reflect\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tapiKey string\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")).\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/x-www-form-urlencoded\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{\n\t\tapiKey: apiKey,\n\t\tclient: client,\n\t}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string, params any, multipart bool) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\tdata := make(map[string]string)\n\tif params != nil {\n\t\ttemp := make(map[string]any)\n\t\tjsonb, _ := json.Marshal(params)\n\t\tjson.Unmarshal(jsonb, &temp)\n\t\tfor k, v := range temp {\n\t\t\tif v == nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tswitch reflect.Indirect(reflect.ValueOf(v)).Kind() {\n\t\t\tcase reflect.String:\n\t\t\t\tdata[k] = v.(string)\n\n\t\t\tcase reflect.Bool, reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64:\n\t\t\t\tdata[k] = fmt.Sprintf(\"%v\", v)\n\n\t\t\tdefault:\n\t\t\t\tif t, ok := v.(time.Time); ok {\n\t\t\t\t\tdata[k] = t.Format(time.RFC3339)\n\t\t\t\t} else {\n\t\t\t\t\tjsonb, _ := json.Marshal(v)\n\t\t\t\t\tdata[k] = string(jsonb)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\ttimestamp := time.Now().Unix()\n\tdata[\"request_time\"] = fmt.Sprintf(\"%d\", timestamp)\n\tdata[\"request_token\"] = generateSignature(fmt.Sprintf(\"%d\", timestamp), c.apiKey)\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\tif multipart {\n\t\treq.SetMultipartFormData(data)\n\n\t\tif params != nil {\n\t\t\tvparams := reflect.ValueOf(params)\n\t\t\tif vparams.Kind() == reflect.Ptr {\n\t\t\t\tvparams = vparams.Elem()\n\t\t\t}\n\t\t\tif vparams.Kind() == reflect.Struct {\n\t\t\t\tvparamsTyp := vparams.Type()\n\t\t\t\tfor i := 0; i < vparams.NumField(); i++ {\n\t\t\t\t\tfield := vparamsTyp.Field(i)\n\t\t\t\t\tfieldVal := vparams.Field(i)\n\t\t\t\t\tif fieldVal.Kind() == reflect.Ptr && fieldVal.IsNil() {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tformTag := field.Tag.Get(\"form\")\n\t\t\t\t\tif formTag == \"\" {\n\t\t\t\t\t\tcontinue\n\t\t\t\t\t}\n\n\t\t\t\t\tswitch v := fieldVal.Interface().(type) {\n\t\t\t\t\tcase []byte:\n\t\t\t\t\t\treq.SetMultipartField(formTag, formTag, \"\", bytes.NewReader(v))\n\t\t\t\t\tdefault:\n\t\t\t\t\t\tpanic(\"unreachable\")\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tpanic(\"unreachable\")\n\t\t\t}\n\t\t}\n\t} else {\n\t\treq.SetFormData(data)\n\t}\n\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetBody` or `req.SetFormData` HERE! USE `newRequest` INSTEAD.\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tstatus := res.GetStatus(); tstatus != nil {\n\t\t\t\tvar errored bool\n\n\t\t\t\tvar bstatus bool\n\t\t\t\tif err := json.Unmarshal(tstatus, &bstatus); err == nil {\n\t\t\t\t\terrored = !bstatus\n\t\t\t\t}\n\n\t\t\t\tvar istatus int\n\t\t\t\tif err := json.Unmarshal(tstatus, &istatus); err == nil {\n\t\t\t\t\terrored = istatus != 0\n\t\t\t\t}\n\n\t\t\t\tif errored {\n\t\t\t\t\tif res.GetMessage() == nil {\n\t\t\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: unknown error\")\n\t\t\t\t\t} else {\n\t\t\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: message='%s'\", *res.GetMessage())\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc generateSignature(timestamp string, apiKey string) string {\n\tkeyMd5 := md5.Sum([]byte(apiKey))\n\tkeyMd5Hex := strings.ToLower(hex.EncodeToString(keyMd5[:]))\n\n\tsignMd5 := md5.Sum([]byte(timestamp + keyMd5Hex))\n\tsignMd5Hex := strings.ToLower(hex.EncodeToString(signMd5[:]))\n\treturn signMd5Hex\n}\n"
},
{
"path": "pkg/sdk3rd/btpanelgo/types.go",
"content": "package btpanel\n\nimport (\n\t\"encoding/json\"\n)\n\ntype sdkResponse interface {\n\tGetStatus() json.RawMessage\n\tGetMessage() *string\n}\n\ntype sdkResponseBase struct {\n\tStatus json.RawMessage `json:\"status,omitempty\"`\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"msg,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatus() json.RawMessage {\n\treturn r.Status\n}\n\nfunc (r *sdkResponseBase) GetMessage() *string {\n\treturn r.Message\n}\n\ntype SiteData struct {\n\tId int32 `json:\"id\"`\n\tProjectType string `json:\"project_type\"`\n\tName string `json:\"name\"`\n\tNote string `json:\"ps\"`\n\tStatus string `json:\"status\"`\n\tSSLInfo []*struct {\n\t\tName string `json:\"name\"`\n\t\tStatus bool `json:\"status\"`\n\t} `json:\"ssl_info\"`\n\tAddTime string `json:\"addtime\"`\n}\n\ntype PageData struct {\n\tPage int32 `json:\"page\"`\n\tLimit int32 `json:\"limit\"`\n\tTotal int32 `json:\"total\"`\n\tStart int32 `json:\"start\"`\n\tEnd int32 `json:\"end\"`\n\tMaxPage int32 `json:\"maxPage\"`\n}\n"
},
{
"path": "pkg/sdk3rd/btwaf/api_config_set_cert.go",
"content": "package btwaf\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ConfigSetCertRequest struct {\n\tCertContent *string `json:\"certContent,omitempty\"`\n\tKeyContent *string `json:\"keyContent,omitempty\"`\n}\n\ntype ConfigSetCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) ConfigSetCert(req *ConfigSetCertRequest) (*ConfigSetCertResponse, error) {\n\treturn c.ConfigSetCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ConfigSetCertWithContext(ctx context.Context, req *ConfigSetCertRequest) (*ConfigSetCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/config/set_cert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ConfigSetCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btwaf/api_get_site_list.go",
"content": "package btwaf\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype GetSiteListRequest struct {\n\tSiteName *string `json:\"site_name,omitempty\"`\n\tPage *int32 `json:\"p,omitempty\"`\n\tPageSize *int32 `json:\"p_size,omitempty\"`\n}\n\ntype GetSiteListResponse struct {\n\tsdkResponseBase\n\n\tResult *struct {\n\t\tList []*SiteRecord `json:\"list\"`\n\t\tTotal int32 `json:\"total\"`\n\t} `json:\"res,omitempty\"`\n}\n\nfunc (c *Client) GetSiteList(req *GetSiteListRequest) (*GetSiteListResponse, error) {\n\treturn c.GetSiteListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) GetSiteListWithContext(ctx context.Context, req *GetSiteListRequest) (*GetSiteListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/wafmastersite/get_site_list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetSiteListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btwaf/api_modify_site.go",
"content": "package btwaf\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ModifySiteRequest struct {\n\tSiteId *string `json:\"site_id,omitempty\"`\n\tType *string `json:\"types,omitempty\"`\n\tServer *SiteServerInfoMod `json:\"server,omitempty\"`\n}\n\ntype ModifySiteResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) ModifySite(req *ModifySiteRequest) (*ModifySiteResponse, error) {\n\treturn c.ModifySiteWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ModifySiteWithContext(ctx context.Context, req *ModifySiteRequest) (*ModifySiteResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/wafmastersite/modify_site\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ModifySiteResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btwaf/client.go",
"content": "package btwaf\n\nimport (\n\t\"crypto/md5\"\n\t\"crypto/tls\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\ttimestamp := fmt.Sprintf(\"%d\", time.Now().Unix())\n\t\t\tkeyMd5 := md5.Sum([]byte(apiKey))\n\t\t\tkeyMd5Hex := strings.ToLower(hex.EncodeToString(keyMd5[:]))\n\t\t\tsignMd5 := md5.Sum([]byte(timestamp + keyMd5Hex))\n\t\t\tsignMd5Hex := strings.ToLower(hex.EncodeToString(signMd5[:]))\n\t\t\treq.Header.Set(\"waf_request_time\", timestamp)\n\t\t\treq.Header.Set(\"waf_request_token\", signMd5Hex)\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif code := res.GetCode(); code != 0 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%d'\", code)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/btwaf/types.go",
"content": "package btwaf\n\ntype sdkResponse interface {\n\tGetCode() int\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype SiteRecord struct {\n\tSiteId string `json:\"site_id\"`\n\tSiteName string `json:\"site_name\"`\n\tType string `json:\"types\"`\n\tStatus int32 `json:\"status\"`\n\tServerNames []string `json:\"server_name\"`\n\tCreateTime int64 `json:\"create_time\"`\n\tUpdateTime int64 `json:\"update_time\"`\n}\n\n// type SiteServerInfo struct {\n// \tListenSSLPorts *[]int32 `json:\"listen_ssl_port,omitempty\"`\n// \tSSL *SiteServerSSLInfo `json:\"ssl,omitempty\"`\n// }\n\ntype SiteServerInfoMod struct {\n\tListenSSLPorts *[]string `json:\"listen_ssl_port,omitempty\"`\n\tSSL *SiteServerSSLInfo `json:\"ssl,omitempty\"`\n}\n\ntype SiteServerSSLInfo struct {\n\tIsSSL *int32 `json:\"is_ssl,omitempty\"`\n\tFullChain *string `json:\"full_chain,omitempty\"`\n\tPrivateKey *string `json:\"private_key,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/bunny/api_add_custom_certificate.go",
"content": "package bunny\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype AddCustomCertificateRequest struct {\n\tHostname string `json:\"Hostname\"`\n\tCertificate string `json:\"Certificate\"`\n\tCertificateKey string `json:\"CertificateKey\"`\n}\n\nfunc (c *Client) AddCustomCertificate(pullZoneId string, req *AddCustomCertificateRequest) error {\n\treturn c.AddCustomCertificateWithContext(context.Background(), pullZoneId, req)\n}\n\nfunc (c *Client) AddCustomCertificateWithContext(ctx context.Context, pullZoneId string, req *AddCustomCertificateRequest) error {\n\tif pullZoneId == \"\" {\n\t\treturn fmt.Errorf(\"sdkerr: unset pullZoneId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/pullzone/%s/addCertificate\", url.PathEscape(pullZoneId)))\n\tif err != nil {\n\t\treturn err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tif _, err := c.doRequest(httpreq); err != nil {\n\t\treturn err\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/bunny/client.go",
"content": "package bunny\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(apiToken string) (*Client, error) {\n\tif apiToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.bunny.net\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetHeader(\"AccessKey\", apiToken)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cachefly/api_create_certificate.go",
"content": "package cachefly\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertificateRequest struct {\n\tCertificate *string `json:\"certificate,omitempty\"`\n\tCertificateKey *string `json:\"certificateKey,omitempty\"`\n\tPassword *string `json:\"password,omitempty\"`\n}\n\ntype CreateCertificateResponse struct {\n\tsdkResponseBase\n\n\tId string `json:\"_id\"`\n\tSubjectCommonName string `json:\"subjectCommonName\"`\n\tSubjectNames []string `json:\"subjectNames\"`\n\tExpired bool `json:\"expired\"`\n\tExpiring bool `json:\"expiring\"`\n\tInUse bool `json:\"inUse\"`\n\tManaged bool `json:\"managed\"`\n\tServices []string `json:\"services\"`\n\tDomains []string `json:\"domains\"`\n\tNotBefore string `json:\"notBefore\"`\n\tNotAfter string `json:\"notAfter\"`\n\tCreatedAt string `json:\"createdAt\"`\n}\n\nfunc (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\treturn c.CreateCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertificateWithContext(ctx context.Context, req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/certificates\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cachefly/client.go",
"content": "package cachefly\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(apiToken string) (*Client, error) {\n\tif apiToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.cachefly.com/api/2.5\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetHeader(\"X-CF-Authorization\", \"Bearer \"+apiToken)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cachefly/types.go",
"content": "package cachefly\n\ntype sdkResponse interface {\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/cdnfly/api_create_cert.go",
"content": "package cdnfly\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tDescription *string `json:\"des,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tCert *string `json:\"cert,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n}\n\ntype CreateCertResponse struct {\n\tsdkResponseBase\n\n\tData string `json:\"data\"`\n}\n\nfunc (c *Client) CreateCert(req *CreateCertRequest) (*CreateCertResponse, error) {\n\treturn c.CreateCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertWithContext(ctx context.Context, req *CreateCertRequest) (*CreateCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/certs\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cdnfly/api_get_site.go",
"content": "package cdnfly\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype GetSiteResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tId int64 `json:\"id\"`\n\t\tName string `json:\"name\"`\n\t\tDomain string `json:\"domain\"`\n\t\tHttpsListen string `json:\"https_listen\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) GetSite(siteId string) (*GetSiteResponse, error) {\n\treturn c.GetSiteWithContext(context.Background(), siteId)\n}\n\nfunc (c *Client) GetSiteWithContext(ctx context.Context, siteId string) (*GetSiteResponse, error) {\n\tif siteId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset siteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/sites/%s\", url.PathEscape(siteId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetSiteResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cdnfly/api_update_cert.go",
"content": "package cdnfly\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype UpdateCertRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tDescription *string `json:\"des,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tCert *string `json:\"cert,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n\tEnable *bool `json:\"enable,omitempty\"`\n}\n\ntype UpdateCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateCert(certId string, req *UpdateCertRequest) (*UpdateCertResponse, error) {\n\treturn c.UpdateCertWithContext(context.Background(), certId, req)\n}\n\nfunc (c *Client) UpdateCertWithContext(ctx context.Context, certId string, req *UpdateCertRequest) (*UpdateCertResponse, error) {\n\tif certId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/certs/%s\", url.PathEscape(certId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cdnfly/api_update_site.go",
"content": "package cdnfly\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype UpdateSiteRequest struct {\n\tHttpsListen *string `json:\"https_listen,omitempty\"`\n\tEnable *bool `json:\"enable,omitempty\"`\n}\n\ntype UpdateSiteResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateSite(siteId string, req *UpdateSiteRequest) (*UpdateSiteResponse, error) {\n\treturn c.UpdateSiteWithContext(context.Background(), siteId, req)\n}\n\nfunc (c *Client) UpdateSiteWithContext(ctx context.Context, siteId string, req *UpdateSiteRequest) (*UpdateSiteResponse, error) {\n\tif siteId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset siteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/sites/%s\", url.PathEscape(siteId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateSiteResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cdnfly/client.go",
"content": "package cdnfly\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiKey, apiSecret string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\tif apiSecret == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiSecret\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/v1\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetHeader(\"API-Key\", apiKey).\n\t\tSetHeader(\"API-Secret\", apiSecret)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != \"\" && tcode != \"0\" {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%s', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cdnfly/types.go",
"content": "package cdnfly\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetCode() string\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode json.RawMessage `json:\"code\"`\n\tMessage string `json:\"msg\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() string {\n\tif r.Code == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.Code))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\treturn r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/cpanel/api_ssl_install_ssl.go",
"content": "package baishan\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype SSLInstallSSLRequest struct {\n\tDomain *string `url:\"domain,omitempty\"`\n\tCert *string `url:\"cert,omitempty\"`\n\tKey *string `url:\"key,omitempty\"`\n\tCABundle *string `url:\"cabundle,omitempty\"`\n}\n\ntype SSLInstallSSLResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tUser string `json:\"user\"`\n\t\tDomain string `json:\"domain\"`\n\t\tExtraCertificateDomains []string `json:\"extra_certificate_domains,omitempty\"`\n\t\tWarningDomains []string `json:\"warning_domains,omitempty\"`\n\t\tWorkingDomains []string `json:\"working_domains,omitempty\"`\n\t\tCertId string `json:\"cert_id\"`\n\t\tKeyId string `json:\"key_id\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) SSLInstallSSL(req *SSLInstallSSLRequest) (*SSLInstallSSLResponse, error) {\n\treturn c.SSLInstallSSLWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SSLInstallSSLWithContext(ctx context.Context, req *SSLInstallSSLRequest) (*SSLInstallSSLResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/SSL/install_ssl\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SSLInstallSSLResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cpanel/client.go",
"content": "package baishan\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl string, username, apiToken string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif username == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset username\")\n\t}\n\tif apiToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/execute\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Authorization\", fmt.Sprintf(\"cpanel %s:%s\", username, apiToken)).\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tstatus := res.GetStatus(); tstatus == 0 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: status='%d', messages='%s', warnings='%s', errors='%s'\", tstatus, strings.Join(res.GetMessages(), \", \"), strings.Join(res.GetWarnings(), \", \"), strings.Join(res.GetErrors(), \", \"))\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/cpanel/types.go",
"content": "package baishan\n\ntype sdkResponse interface {\n\tGetStatus() int\n\tGetMessages() []string\n\tGetWarnings() []string\n\tGetErrors() []string\n}\n\ntype sdkResponseBase struct {\n\tMetadata struct {\n\t\tTransformed int `json:\"transformed,omitempty\"`\n\t} `json:\"metadata\"`\n\tStatus int `json:\"status,omitempty\"`\n\tMessages []string `json:\"messages,omitempty\"`\n\tWarnings []string `json:\"warnings,omitempty\"`\n\tErrors []string `json:\"errors,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatus() int {\n\treturn r.Status\n}\n\nfunc (r *sdkResponseBase) GetMessages() []string {\n\treturn r.Messages\n}\n\nfunc (r *sdkResponseBase) GetWarnings() []string {\n\treturn r.Warnings\n}\n\nfunc (r *sdkResponseBase) GetErrors() []string {\n\treturn r.Errors\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/api_create_cert.go",
"content": "package ao\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tCerts *string `json:\"certs,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n}\n\ntype CreateCertResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tId int64 `json:\"id\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) CreateCert(req *CreateCertRequest) (*CreateCertResponse, error) {\n\treturn c.CreateCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertWithContext(ctx context.Context, req *CreateCertRequest) (*CreateCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/ctapi/v1/accessone/cert/create\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/api_get_domain_config.go",
"content": "package ao\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype GetDomainConfigRequest struct {\n\tDomain *string `json:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\"`\n}\n\ntype GetDomainConfigResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tDomain string `json:\"domain\"`\n\t\tProductCode string `json:\"product_code\"`\n\t\tStatus int32 `json:\"status\"`\n\t\tAreaScope int32 `json:\"area_scope\"`\n\t\tCname string `json:\"cname\"`\n\t\tOrigin []*DomainOriginConfigWithWeight `json:\"origin,omitempty\"`\n\t\tHttpsStatus string `json:\"https_status\"`\n\t\tHttpsBasic *DomainHttpsBasicConfig `json:\"https_basic,omitempty\"`\n\t\tCertName string `json:\"cert_name\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) GetDomainConfig(req *GetDomainConfigRequest) (*GetDomainConfigResponse, error) {\n\treturn c.GetDomainConfigWithContext(context.Background(), req)\n}\n\nfunc (c *Client) GetDomainConfigWithContext(ctx context.Context, req *GetDomainConfigRequest) (*GetDomainConfigResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/ctapi/v1/accessone/domain/config\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetDomainConfigResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/api_list_certs.go",
"content": "package ao\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype ListCertsRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPerPage *int32 `json:\"per_page,omitempty\" url:\"per_page,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype ListCertsResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*CertRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPerPage int32 `json:\"per_page,omitempty\"`\n\t\tTotalPage int32 `json:\"total_page,omitempty\"`\n\t\tTotalRecords int32 `json:\"total_records,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) ListCerts(req *ListCertsRequest) (*ListCertsResponse, error) {\n\treturn c.ListCertsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ListCertsWithContext(ctx context.Context, req *ListCertsRequest) (*ListCertsResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/ctapi/v1/accessone/cert/list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListCertsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/api_modify_domain_config.go",
"content": "package ao\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ModifyDomainConfigRequest struct {\n\tDomain *string `json:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\"`\n\tOrigin []*DomainOriginConfig `json:\"origin,omitempty\"`\n\tHttpsStatus *string `json:\"https_status,omitempty\"`\n\tHttpsBasic *DomainHttpsBasicConfig `json:\"https_basic,omitempty\"`\n\tCertName *string `json:\"cert_name,omitempty\"`\n}\n\ntype ModifyDomainConfigResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) ModifyDomainConfig(req *ModifyDomainConfigRequest) (*ModifyDomainConfigResponse, error) {\n\treturn c.ModifyDomainConfigWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ModifyDomainConfigWithContext(ctx context.Context, req *ModifyDomainConfigRequest) (*ModifyDomainConfigResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/ctapi/v1/scdn/domain/modify_config\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ModifyDomainConfigResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/api_query_cert.go",
"content": "package ao\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryCertRequest struct {\n\tId *int64 `json:\"id,omitempty\" url:\"id,omitempty\"`\n\tName *string `json:\"name,omitempty\" url:\"name,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype QueryCertResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResult *CertDetail `json:\"result,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryCert(req *QueryCertRequest) (*QueryCertResponse, error) {\n\treturn c.QueryCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryCertWithContext(ctx context.Context, req *QueryCertRequest) (*QueryCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/ctapi/v1/accessone/cert/query\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/api_query_domains.go",
"content": "package ao\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryDomainsRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPageSize *int32 `json:\"page_size,omitempty\" url:\"page_size,omitempty\"`\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\" url:\"product_code,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\" url:\"status,omitempty\"`\n\tAreaScope *int32 `json:\"area_scope,omitempty\" url:\"area_scope,omitempty\"`\n}\n\ntype QueryDomainsResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*DomainRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPageSize int32 `json:\"page_size,omitempty\"`\n\t\tPageCount int32 `json:\"page_count,omitempty\"`\n\t\tTotal int32 `json:\"total,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryDomains(req *QueryDomainsRequest) (*QueryDomainsResponse, error) {\n\treturn c.QueryDomainsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryDomainsWithContext(ctx context.Context, req *QueryDomainsRequest) (*QueryDomainsResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/ctapi/v2/domain/query\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryDomainsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/client.go",
"content": "package ao\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://accessone-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tif tcode := res.GetStatusCode(); tcode != \"\" && tcode != \"100000\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', errorMessage='%s'\", tcode, res.GetMessage(), res.GetMessage(), res.GetErrorMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/ao/types.go",
"content": "package ao\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetErrorMessage() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tErrorMessage *string `json:\"errorMessage,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.ErrorMessage == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrorMessage\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype CertRecord struct {\n\tId int64 `json:\"id\"`\n\tName string `json:\"name\"`\n\tCN string `json:\"cn\"`\n\tSANs []string `json:\"sans\"`\n\tUsageMode int32 `json:\"usage_mode\"`\n\tState int32 `json:\"state\"`\n\tExpiresTime int64 `json:\"expires\"`\n\tIssueTime int64 `json:\"issue\"`\n\tIssuer string `json:\"issuer\"`\n\tCreatedTime int64 `json:\"created\"`\n}\n\ntype CertDetail struct {\n\tCertRecord\n\tCerts string `json:\"certs\"`\n\tKey string `json:\"key\"`\n}\n\ntype DomainRecord struct {\n\tDomain string `json:\"domain\"`\n\tCname string `json:\"cname\"`\n\tProductCode string `json:\"product_code\"`\n\tProductName string `json:\"product_name\"`\n\tStatus int32 `json:\"status\"`\n\tAreaScope int32 `json:\"area_scope\"`\n}\n\ntype DomainOriginConfig struct {\n\tOrigin string `json:\"origin\"`\n\tRole string `json:\"role\"`\n\tWeight string `json:\"weight\"`\n}\n\ntype DomainOriginConfigWithWeight struct {\n\tOrigin string `json:\"origin\"`\n\tRole string `json:\"role\"`\n\tWeight int32 `json:\"weight\"`\n}\n\ntype DomainHttpsBasicConfig struct {\n\tHttpsForce string `json:\"https_force,omitempty\"`\n\tForceStatus string `json:\"force_status,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/api_create_cert.go",
"content": "package cdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tCerts *string `json:\"certs,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n}\n\ntype CreateCertResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tId int64 `json:\"id\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) CreateCert(req *CreateCertRequest) (*CreateCertResponse, error) {\n\treturn c.CreateCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertWithContext(ctx context.Context, req *CreateCertRequest) (*CreateCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/cert/creat-cert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/api_query_cert_detail.go",
"content": "package cdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryCertDetailRequest struct {\n\tId *int64 `json:\"id,omitempty\" url:\"id,omitempty\"`\n\tName *string `json:\"name,omitempty\" url:\"name,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype QueryCertDetailResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResult *CertDetail `json:\"result,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryCertDetail(req *QueryCertDetailRequest) (*QueryCertDetailResponse, error) {\n\treturn c.QueryCertDetailWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryCertDetailWithContext(ctx context.Context, req *QueryCertDetailRequest) (*QueryCertDetailResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/cert/query-cert-detail\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryCertDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/api_query_cert_list.go",
"content": "package cdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryCertListRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPerPage *int32 `json:\"per_page,omitempty\" url:\"per_page,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype QueryCertListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*CertRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPerPage int32 `json:\"per_page,omitempty\"`\n\t\tTotalPage int32 `json:\"total_page,omitempty\"`\n\t\tTotalRecords int32 `json:\"total_records,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryCertList(req *QueryCertListRequest) (*QueryCertListResponse, error) {\n\treturn c.QueryCertListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryCertListWithContext(ctx context.Context, req *QueryCertListRequest) (*QueryCertListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/cert/query-cert-list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryCertListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/api_query_domain_detail.go",
"content": "package cdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryDomainDetailRequest struct {\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\" url:\"product_code,omitempty\"`\n\tFunctionNames *string `json:\"function_names,omitempty\" url:\"function_names,omitempty\"`\n}\n\ntype QueryDomainDetailResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *DomainDetail `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryDomainDetail(req *QueryDomainDetailRequest) (*QueryDomainDetailResponse, error) {\n\treturn c.QueryDomainDetailWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryDomainDetailWithContext(ctx context.Context, req *QueryDomainDetailRequest) (*QueryDomainDetailResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/domain/query-domain-detail\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryDomainDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/api_query_domain_list.go",
"content": "package cdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryDomainListRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPageSize *int32 `json:\"page_size,omitempty\" url:\"page_size,omitempty\"`\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\" url:\"product_code,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\" url:\"status,omitempty\"`\n\tAreaScope *int32 `json:\"area_scope,omitempty\" url:\"area_scope,omitempty\"`\n}\n\ntype QueryDomainListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*DomainRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPageSize int32 `json:\"page_size,omitempty\"`\n\t\tPageCount int32 `json:\"page_count,omitempty\"`\n\t\tTotal int32 `json:\"total,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryDomainList(req *QueryDomainListRequest) (*QueryDomainListResponse, error) {\n\treturn c.QueryDomainListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryDomainListWithContext(ctx context.Context, req *QueryDomainListRequest) (*QueryDomainListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/domain/query-domain-list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryDomainListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/api_update_domain.go",
"content": "package cdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateDomainRequest struct {\n\tDomain *string `json:\"domain,omitempty\"`\n\tHttpsStatus *string `json:\"https_status,omitempty\"`\n\tCertName *string `json:\"cert_name,omitempty\"`\n}\n\ntype UpdateDomainResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateDomain(req *UpdateDomainRequest) (*UpdateDomainResponse, error) {\n\treturn c.UpdateDomainWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateDomainWithContext(ctx context.Context, req *UpdateDomainRequest) (*UpdateDomainResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/domain/update-domain\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateDomainResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/client.go",
"content": "package cdn\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://ctcdn-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tif tcode := res.GetStatusCode(); tcode != \"\" && tcode != \"100000\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', errorMessage='%s'\", tcode, res.GetMessage(), res.GetMessage(), res.GetErrorMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cdn/types.go",
"content": "package cdn\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetErrorMessage() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tErrorMessage *string `json:\"errorMessage,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.ErrorMessage == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrorMessage\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DomainRecord struct {\n\tDomain string `json:\"domain\"`\n\tCname string `json:\"cname\"`\n\tProductCode string `json:\"product_code\"`\n\tProductName string `json:\"product_name\"`\n\tAreaScope int32 `json:\"area_scope\"`\n\tStatus int32 `json:\"status\"`\n}\n\ntype DomainDetail struct {\n\tDomainRecord\n\tHttpsStatus string `json:\"https_status\"`\n\tHttpsBasic *DomainHttpsBasicConfig `json:\"https_basic,omitempty\"`\n\tCertName string `json:\"cert_name\"`\n\tSsl string `json:\"ssl\"`\n\tSslStapling string `json:\"ssl_stapling\"`\n}\n\ntype DomainHttpsBasicConfig struct {\n\tHttpsForce string `json:\"https_force\"`\n\tHttpForce string `json:\"http_force\"`\n\tForceStatus string `json:\"force_status\"`\n\tOriginProtocol string `json:\"origin_protocol\"`\n}\n\ntype CertRecord struct {\n\tId int64 `json:\"id\"`\n\tName string `json:\"name\"`\n\tCN string `json:\"cn\"`\n\tSANs []string `json:\"sans\"`\n\tUsageMode int32 `json:\"usage_mode\"`\n\tState int32 `json:\"state\"`\n\tExpiresTime int64 `json:\"expires\"`\n\tIssueTime int64 `json:\"issue\"`\n\tIssuer string `json:\"issuer\"`\n\tCreatedTime int64 `json:\"created\"`\n}\n\ntype CertDetail struct {\n\tCertRecord\n\tCerts string `json:\"certs\"`\n\tKey string `json:\"key\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cms/api_get_certificate_list.go",
"content": "package cms\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype GetCertificateListRequest struct {\n\tStatus *string `json:\"status,omitempty\"`\n\tKeyword *string `json:\"keyword,omitempty\"`\n\tPageNum *int32 `json:\"pageNum,omitempty\"`\n\tPageSize *int32 `json:\"pageSize,omitempty\"`\n\tOrigin *string `json:\"origin,omitempty\"`\n}\n\ntype GetCertificateListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tList []*CertificateRecord `json:\"list,omitempty\"`\n\t\tTotalSize int32 `json:\"totalSize,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) GetCertificateList(req *GetCertificateListRequest) (*GetCertificateListResponse, error) {\n\treturn c.GetCertificateListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) GetCertificateListWithContext(ctx context.Context, req *GetCertificateListRequest) (*GetCertificateListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/certificate/list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetCertificateListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cms/api_upload_certificate.go",
"content": "package cms\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UploadCertificateRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tCertificate *string `json:\"certificate,omitempty\"`\n\tCertificateChain *string `json:\"certificateChain,omitempty\"`\n\tPrivateKey *string `json:\"privateKey,omitempty\"`\n\tEncryptionStandard *string `json:\"encryptionStandard,omitempty\"`\n\tEncCertificate *string `json:\"encCertificate,omitempty\"`\n\tEncPrivateKey *string `json:\"encPrivateKey,omitempty\"`\n}\n\ntype UploadCertificateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UploadCertificate(req *UploadCertificateRequest) (*UploadCertificateResponse, error) {\n\treturn c.UploadCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UploadCertificateWithContext(ctx context.Context, req *UploadCertificateRequest) (*UploadCertificateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/certificate/upload\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UploadCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cms/client.go",
"content": "package cms\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://ccms-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tstatusCode := res.GetStatusCode()\n\t\terrorCode := res.GetError()\n\t\tif (statusCode != \"\" && statusCode != \"200\") || errorCode != \"\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', errorMessage='%s'\", statusCode, res.GetMessage(), res.GetMessage(), res.GetErrorMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/cms/types.go",
"content": "package cms\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetErrorMessage() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tErrorMessage *string `json:\"errorMessage,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.ErrorMessage == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrorMessage\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype CertificateRecord struct {\n\tId string `json:\"id\"`\n\tOrigin string `json:\"origin\"`\n\tType string `json:\"type\"`\n\tResourceId string `json:\"resourceId\"`\n\tResourceType string `json:\"resourceType\"`\n\tCertificateId string `json:\"certificateId\"`\n\tCertificateMode string `json:\"certificateMode\"`\n\tName string `json:\"name\"`\n\tStatus string `json:\"status\"`\n\tDetailStatus string `json:\"detailStatus\"`\n\tManagedStatus string `json:\"managedStatus\"`\n\tFingerprint string `json:\"fingerprint\"`\n\tIssueTime string `json:\"issueTime\"`\n\tExpireTime string `json:\"expireTime\"`\n\tDomainType string `json:\"domainType\"`\n\tDomainName string `json:\"domainName\"`\n\tEncryptionStandard string `json:\"encryptionStandard\"`\n\tEncryptionAlgorithm string `json:\"encryptionAlgorithm\"`\n\tCreateTime string `json:\"createTime\"`\n\tUpdateTime string `json:\"updateTime\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/dns/api_add_record.go",
"content": "package dns\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype AddRecordRequest struct {\n\tDomain *string `json:\"domain,omitempty\"`\n\tHost *string `json:\"host,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tLineCode *string `json:\"lineCode,omitempty\"`\n\tValue *string `json:\"value,omitempty\"`\n\tTTL *int32 `json:\"ttl,omitempty\"`\n\tState *int32 `json:\"state,omitempty\"`\n\tRemark *string `json:\"remark\"`\n}\n\ntype AddRecordResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tRecordId int32 `json:\"recordId\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) AddRecord(req *AddRecordRequest) (*AddRecordResponse, error) {\n\treturn c.AddRecordWithContext(context.Background(), req)\n}\n\nfunc (c *Client) AddRecordWithContext(ctx context.Context, req *AddRecordRequest) (*AddRecordResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v2/addRecord\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &AddRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/dns/api_delete_record.go",
"content": "package dns\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype DeleteRecordRequest struct {\n\tRecordId *int32 `json:\"recordId,omitempty\"`\n}\n\ntype DeleteRecordResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) DeleteRecord(req *DeleteRecordRequest) (*DeleteRecordResponse, error) {\n\treturn c.DeleteRecordWithContext(context.Background(), req)\n}\n\nfunc (c *Client) DeleteRecordWithContext(ctx context.Context, req *DeleteRecordRequest) (*DeleteRecordResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v2/deleteRecord\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DeleteRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/dns/api_query_record_list.go",
"content": "package dns\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryRecordListRequest struct {\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tHost *string `json:\"host,omitempty\" url:\"host,omitempty\"`\n\tType *string `json:\"type,omitempty\" url:\"type,omitempty\"`\n\tLineCode *string `json:\"lineCode,omitempty\" url:\"lineCode,omitempty\"`\n\tValue *string `json:\"value,omitempty\" url:\"value,omitempty\"`\n\tState *int32 `json:\"state,omitempty\" url:\"state,omitempty\"`\n}\n\ntype QueryRecordListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tRecords []*DnsRecord `json:\"records,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryRecordList(req *QueryRecordListRequest) (*QueryRecordListResponse, error) {\n\treturn c.QueryRecordListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryRecordListWithContext(ctx context.Context, req *QueryRecordListRequest) (*QueryRecordListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v2/queryRecordList\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryRecordListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/dns/api_update_record.go",
"content": "package dns\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateRecordRequest struct {\n\tRecordId *int32 `json:\"recordId,omitempty\"`\n\tDomain *string `json:\"domain,omitempty\"`\n\tHost *string `json:\"host,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tLineCode *string `json:\"lineCode,omitempty\"`\n\tValue *string `json:\"value,omitempty\"`\n\tTTL *int32 `json:\"ttl,omitempty\"`\n\tState *int32 `json:\"state,omitempty\"`\n\tRemark *string `json:\"remark\"`\n}\n\ntype UpdateRecordResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tRecordId int32 `json:\"recordId\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) UpdateRecord(req *UpdateRecordRequest) (*UpdateRecordResponse, error) {\n\treturn c.UpdateRecordWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateRecordWithContext(ctx context.Context, req *UpdateRecordRequest) (*UpdateRecordResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v2/updateRecord\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/dns/client.go",
"content": "package dns\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://smartdns-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tstatusCode := res.GetStatusCode()\n\t\terrorCode := res.GetError()\n\t\tif (statusCode != \"\" && statusCode != \"200\") || errorCode != \"\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', errorMessage='%s'\", statusCode, res.GetMessage(), res.GetMessage(), res.GetErrorMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/dns/types.go",
"content": "package dns\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetErrorMessage() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tErrorMessage *string `json:\"errorMessage,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.ErrorMessage == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrorMessage\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DnsRecord struct {\n\tRecordId int32 `json:\"recordId\"`\n\tHost string `json:\"host\"`\n\tType string `json:\"type\"`\n\tLineCode string `json:\"lineCode\"`\n\tValue string `json:\"value\"`\n\tTTL int32 `json:\"ttl\"`\n\tState int32 `json:\"state\"`\n\tRemark string `json:\"remark\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/elb/api_create_certificate.go",
"content": "package elb\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertificateRequest struct {\n\tClientToken *string `json:\"clientToken,omitempty\"`\n\tRegionID *string `json:\"regionID,omitempty\"`\n\tName *string `json:\"name,omitempty\"`\n\tDescription *string `json:\"description,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tCertificate *string `json:\"certificate,omitempty\"`\n\tPrivateKey *string `json:\"privateKey,omitempty\"`\n}\n\ntype CreateCertificateResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tID string `json:\"id\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\treturn c.CreateCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertificateWithContext(ctx context.Context, req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v4/elb/create-certificate\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/elb/api_list_certificates.go",
"content": "package elb\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype ListCertificatesRequest struct {\n\tClientToken *string `json:\"clientToken,omitempty\" url:\"clientToken,omitempty\"`\n\tRegionID *string `json:\"regionID,omitempty\" url:\"regionID,omitempty\"`\n\tIDs *string `json:\"IDs,omitempty\" url:\"IDs,omitempty\"`\n\tName *string `json:\"name,omitempty\" url:\"name,omitempty\"`\n\tType *string `json:\"type,omitempty\" url:\"type,omitempty\"`\n}\n\ntype ListCertificatesResponse struct {\n\tsdkResponseBase\n\n\tReturnObj []*CertificateRecord `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) ListCertificates(req *ListCertificatesRequest) (*ListCertificatesResponse, error) {\n\treturn c.ListCertificatesWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ListCertificatesWithContext(ctx context.Context, req *ListCertificatesRequest) (*ListCertificatesResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v4/elb/list-certificate\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListCertificatesResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/elb/api_list_listeners.go",
"content": "package elb\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype ListListenersRequest struct {\n\tClientToken *string `json:\"clientToken,omitempty\" url:\"clientToken,omitempty\"`\n\tRegionID *string `json:\"regionID,omitempty\" url:\"regionID,omitempty\"`\n\tProjectID *string `json:\"projectID,omitempty\" url:\"projectID,omitempty\"`\n\tIDs *string `json:\"IDs,omitempty\" url:\"IDs,omitempty\"`\n\tName *string `json:\"name,omitempty\" url:\"name,omitempty\"`\n\tLoadBalancerID *string `json:\"loadBalancerID,omitempty\" url:\"loadBalancerID,omitempty\"`\n\tAccessControlID *string `json:\"accessControlID,omitempty\" url:\"accessControlID,omitempty\"`\n}\n\ntype ListListenersResponse struct {\n\tsdkResponseBase\n\n\tReturnObj []*ListenerRecord `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) ListListeners(req *ListListenersRequest) (*ListListenersResponse, error) {\n\treturn c.ListListenersWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ListListenersWithContext(ctx context.Context, req *ListListenersRequest) (*ListListenersResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v4/elb/list-listener\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListListenersResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/elb/api_show_listener.go",
"content": "package elb\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype ShowListenerRequest struct {\n\tClientToken *string `json:\"clientToken,omitempty\" url:\"clientToken,omitempty\"`\n\tRegionID *string `json:\"regionID,omitempty\" url:\"regionID,omitempty\"`\n\tListenerID *string `json:\"listenerID,omitempty\" url:\"listenerID,omitempty\"`\n}\n\ntype ShowListenerResponse struct {\n\tsdkResponseBase\n\n\tReturnObj []*ListenerRecord `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) ShowListener(req *ShowListenerRequest) (*ShowListenerResponse, error) {\n\treturn c.ShowListenerWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ShowListenerWithContext(ctx context.Context, req *ShowListenerRequest) (*ShowListenerResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v4/elb/show-listener\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ShowListenerResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/elb/api_update_listener.go",
"content": "package elb\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateListenerRequest struct {\n\tClientToken *string `json:\"clientToken,omitempty\"`\n\tRegionID *string `json:\"regionID,omitempty\"`\n\tListenerID *string `json:\"listenerID,omitempty\"`\n\tName *string `json:\"name,omitempty\"`\n\tDescription *string `json:\"description,omitempty\"`\n\tCertificateID *string `json:\"certificateID,omitempty\"`\n\tCaEnabled *bool `json:\"caEnabled,omitempty\"`\n\tClientCertificateID *string `json:\"clientCertificateID,omitempty\"`\n}\n\ntype UpdateListenerResponse struct {\n\tsdkResponseBase\n\n\tReturnObj []*ListenerRecord `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) UpdateListener(req *UpdateListenerRequest) (*UpdateListenerResponse, error) {\n\treturn c.UpdateListenerWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateListenerWithContext(ctx context.Context, req *UpdateListenerRequest) (*UpdateListenerResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v4/elb/update-listener\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateListenerResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/elb/client.go",
"content": "package elb\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://ctelb-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tstatusCode := res.GetStatusCode()\n\t\terrorCode := res.GetError()\n\t\tif (statusCode != \"\" && statusCode != \"200\" && statusCode != \"800\") || (errorCode != \"\" && errorCode != \"SUCCESS\") {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', description='%s'\", statusCode, res.GetMessage(), res.GetMessage(), res.GetDescription())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/elb/types.go",
"content": "package elb\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetDescription() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tDescription *string `json:\"description,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetDescription() string {\n\tif r.Description == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Description\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype CertificateRecord struct {\n\tID string `json:\"ID\"`\n\tRegionID string `json:\"regionID\"`\n\tAzName string `json:\"azName\"`\n\tProjectID string `json:\"projectID\"`\n\tName string `json:\"name\"`\n\tDescription string `json:\"description\"`\n\tType string `json:\"type\"`\n\tCertificate string `json:\"certificate\"`\n\tPrivateKey string `json:\"privateKey\"`\n\tStatus string `json:\"status\"`\n\tCreatedTime string `json:\"createdTime\"`\n\tUpdatedTime string `json:\"updatedTime\"`\n}\n\ntype ListenerRecord struct {\n\tID string `json:\"ID\"`\n\tRegionID string `json:\"regionID\"`\n\tAzName string `json:\"azName\"`\n\tProjectID string `json:\"projectID\"`\n\tName string `json:\"name\"`\n\tDescription string `json:\"description\"`\n\tLoadBalancerID string `json:\"loadBalancerID\"`\n\tProtocol string `json:\"protocol\"`\n\tProtocolPort int32 `json:\"protocolPort\"`\n\tCertificateID string `json:\"certificateID,omitempty\"`\n\tCaEnabled bool `json:\"caEnabled\"`\n\tClientCertificateID string `json:\"clientCertificateID,omitempty\"`\n\tStatus string `json:\"status\"`\n\tCreatedTime string `json:\"createdTime\"`\n\tUpdatedTime string `json:\"updatedTime\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/faas/api_get_custom_domain.go",
"content": "package faas\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype GetCustomDomainRequest struct {\n\tRegionId *string `json:\"-\" url:\"-\"`\n\tDomainName *string `json:\"domainName,omitempty\" url:\"-\"`\n\tCnameCheck *bool `json:\"cnameCheck,omitempty\" url:\"cnameCheck,omitempty\"`\n}\n\ntype GetCustomDomainResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *CustomDomainRecord `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) GetCustomDomain(req *GetCustomDomainRequest) (*GetCustomDomainResponse, error) {\n\treturn c.GetCustomDomainWithContext(context.Background(), req)\n}\n\nfunc (c *Client) GetCustomDomainWithContext(ctx context.Context, req *GetCustomDomainRequest) (*GetCustomDomainResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/openapi/v1/domains/customdomains/%s\", url.PathEscape(*req.DomainName)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tif req.RegionId != nil {\n\t\t\thttpreq.SetHeader(\"regionId\", *req.RegionId)\n\t\t}\n\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetCustomDomainResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/faas/api_update_custom_domain.go",
"content": "package faas\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype UpdateCustomDomainRequest struct {\n\tRegionId *string `json:\"-\"`\n\tDomainName *string `json:\"domainName,omitempty\"`\n\tProtocol *string `json:\"protocol,omitempty\"`\n\tAuthConfig *CustomDomainAuthConfig `json:\"authConfig,omitempty\"`\n\tCertConfig *CustomDomainCertConfig `json:\"certConfig,omitempty\"`\n\tRouteConfig *CustomDomainRouteConfig `json:\"routeConfig,omitempty\"`\n}\n\ntype UpdateCustomDomainResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *CustomDomainRecord `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) UpdateCustomDomain(req *UpdateCustomDomainRequest) (*UpdateCustomDomainResponse, error) {\n\treturn c.UpdateCustomDomainWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateCustomDomainWithContext(ctx context.Context, req *UpdateCustomDomainRequest) (*UpdateCustomDomainResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/openapi/v1/domains/customdomains/%s\", url.PathEscape(*req.DomainName)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tif req.RegionId != nil {\n\t\t\thttpreq.SetHeader(\"regionId\", *req.RegionId)\n\t\t}\n\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateCustomDomainResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/faas/client.go",
"content": "package faas\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://cf-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tif tcode := res.GetStatusCode(); tcode != \"\" && tcode != \"0\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', errorMessage='%s'\", tcode, res.GetMessage(), res.GetMessage(), res.GetErrorMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/faas/types.go",
"content": "package faas\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetErrorMessage() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tErrorMessage *string `json:\"errorMessage,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.ErrorMessage == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrorMessage\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype CustomDomainRecord struct {\n\tDomainName string `json:\"domainName\"`\n\tProtocol string `json:\"protocol\"`\n\tAuthConfig *CustomDomainAuthConfig `json:\"authConfig,omitempty\"`\n\tCertConfig *CustomDomainCertConfig `json:\"certConfig,omitempty\"`\n\tRouteConfig *CustomDomainRouteConfig `json:\"routeConfig,omitempty\"`\n\tDomainStatus string `json:\"domainStatus\"`\n\tCnameValid bool `json:\"cnameValid\"`\n\tCreatedAt string `json:\"createdAt\"`\n\tUpdatedAt string `json:\"updatedAt\"`\n}\n\ntype CustomDomainAuthConfig struct {\n\tAuthType string `json:\"authType\"`\n\tJwtConfig *CustomDomainAuthJwtConfig `json:\"jwtConfig,omitempty\"`\n}\n\ntype CustomDomainAuthJwtConfig struct {\n\tJwks string `json:\"jwks\"`\n\tTokenConfig *CustomDomainAuthJwtTokenConfig `json:\"tokenConfig,omitempty\"`\n\tClaimTrans []*CustomDomainAuthJwtClaimTran `json:\"claimTrans,omitempty\"`\n\tMatchMode *CustomDomainAuthJwtMatchModeConfig `json:\"matchMode,omitempty\"`\n}\n\ntype CustomDomainAuthJwtClaimTran struct {\n\tClaimName string `json:\"claimName\"`\n\tTargetName string `json:\"targetName\"`\n\tTransLocation string `json:\"transLocation\"`\n}\n\ntype CustomDomainAuthJwtTokenConfig struct {\n\tLocation string `json:\"location\"`\n\tName string `json:\"name\"`\n\tRemovePrefix *string `json:\"removePrefix,omitempty\"`\n}\n\ntype CustomDomainAuthJwtMatchModeConfig struct {\n\tMode string `json:\"mode\"`\n\tPath []string `json:\"path\"`\n}\n\ntype CustomDomainCertConfig struct {\n\tCertName string `json:\"certName\"`\n\tCertificate string `json:\"certificate\"`\n\tPrivateKey string `json:\"privateKey\"`\n}\n\ntype CustomDomainRouteConfig struct {\n\tRoutes []*CustomDomainRoutePathConfig `json:\"routes\"`\n}\n\ntype CustomDomainRoutePathConfig struct {\n\tEnableJwt int32 `json:\"enableJwt\"`\n\tFunctionId int64 `json:\"functionId\"`\n\tFunctionName string `json:\"functionName\"`\n\tFunctionUniqueName string `json:\"functionUniqueName\"`\n\tMethods []string `json:\"methods\"`\n\tPath string `json:\"path\"`\n\tQualifier string `json:\"qualifier,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/api_create_cert.go",
"content": "package icdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tCerts *string `json:\"certs,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n}\n\ntype CreateCertResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tId int64 `json:\"id\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) CreateCert(req *CreateCertRequest) (*CreateCertResponse, error) {\n\treturn c.CreateCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertWithContext(ctx context.Context, req *CreateCertRequest) (*CreateCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/cert/creat-cert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/api_query_cert_detail.go",
"content": "package icdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryCertDetailRequest struct {\n\tId *int64 `json:\"id,omitempty\" url:\"id,omitempty\"`\n\tName *string `json:\"name,omitempty\" url:\"name,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype QueryCertDetailResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResult *CertDetail `json:\"result,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryCertDetail(req *QueryCertDetailRequest) (*QueryCertDetailResponse, error) {\n\treturn c.QueryCertDetailWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryCertDetailWithContext(ctx context.Context, req *QueryCertDetailRequest) (*QueryCertDetailResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/cert/query-cert-detail\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryCertDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/api_query_cert_list.go",
"content": "package icdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryCertListRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPerPage *int32 `json:\"per_page,omitempty\" url:\"per_page,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype QueryCertListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*CertRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPerPage int32 `json:\"per_page,omitempty\"`\n\t\tTotalPage int32 `json:\"total_page,omitempty\"`\n\t\tTotalRecords int32 `json:\"total_records,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryCertList(req *QueryCertListRequest) (*QueryCertListResponse, error) {\n\treturn c.QueryCertListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryCertListWithContext(ctx context.Context, req *QueryCertListRequest) (*QueryCertListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/cert/query-cert-list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryCertListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/api_query_domain_detail.go",
"content": "package icdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryDomainDetailRequest struct {\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\" url:\"product_code,omitempty\"`\n\tFunctionNames *string `json:\"function_names,omitempty\" url:\"function_names,omitempty\"`\n}\n\ntype QueryDomainDetailResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *DomainDetail `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryDomainDetail(req *QueryDomainDetailRequest) (*QueryDomainDetailResponse, error) {\n\treturn c.QueryDomainDetailWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryDomainDetailWithContext(ctx context.Context, req *QueryDomainDetailRequest) (*QueryDomainDetailResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/domain/query-domain-detail\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryDomainDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/api_query_domain_list.go",
"content": "package icdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryDomainListRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPageSize *int32 `json:\"page_size,omitempty\" url:\"page_size,omitempty\"`\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\" url:\"product_code,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\" url:\"status,omitempty\"`\n\tAreaScope *int32 `json:\"area_scope,omitempty\" url:\"area_scope,omitempty\"`\n}\n\ntype QueryDomainListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*DomainRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPageSize int32 `json:\"page_size,omitempty\"`\n\t\tPageCount int32 `json:\"page_count,omitempty\"`\n\t\tTotal int32 `json:\"total,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryDomainList(req *QueryDomainListRequest) (*QueryDomainListResponse, error) {\n\treturn c.QueryDomainListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryDomainListWithContext(ctx context.Context, req *QueryDomainListRequest) (*QueryDomainListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/domain/query-domain-list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryDomainListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/api_update_domain.go",
"content": "package icdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateDomainRequest struct {\n\tDomain *string `json:\"domain,omitempty\"`\n\tHttpsStatus *string `json:\"https_status,omitempty\"`\n\tCertName *string `json:\"cert_name,omitempty\"`\n}\n\ntype UpdateDomainResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateDomain(req *UpdateDomainRequest) (*UpdateDomainResponse, error) {\n\treturn c.UpdateDomainWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateDomainWithContext(ctx context.Context, req *UpdateDomainRequest) (*UpdateDomainResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/domain/update-domain\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateDomainResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/client.go",
"content": "package icdn\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://icdn-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tif tcode := res.GetStatusCode(); tcode != \"\" && tcode != \"100000\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', errorMessage='%s'\", tcode, res.GetMessage(), res.GetMessage(), res.GetErrorMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/icdn/types.go",
"content": "package icdn\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetErrorMessage() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tErrorMessage *string `json:\"errorMessage,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.ErrorMessage == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrorMessage\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DomainRecord struct {\n\tDomain string `json:\"domain\"`\n\tCname string `json:\"cname\"`\n\tProductCode string `json:\"product_code\"`\n\tProductName string `json:\"product_name\"`\n\tAreaScope int32 `json:\"area_scope\"`\n\tStatus int32 `json:\"status\"`\n}\n\ntype DomainDetail struct {\n\tDomainRecord\n\tHttpsStatus string `json:\"https_status\"`\n\tHttpsBasic *DomainHttpsBasicConfig `json:\"https_basic,omitempty\"`\n\tCertName string `json:\"cert_name\"`\n\tSsl string `json:\"ssl\"`\n\tSslStapling string `json:\"ssl_stapling\"`\n}\n\ntype DomainHttpsBasicConfig struct {\n\tHttpsForce string `json:\"https_force\"`\n\tHttpForce string `json:\"http_force\"`\n\tForceStatus string `json:\"force_status\"`\n\tOriginProtocol string `json:\"origin_protocol\"`\n}\n\ntype CertRecord struct {\n\tId int64 `json:\"id\"`\n\tName string `json:\"name\"`\n\tCN string `json:\"cn\"`\n\tSANs []string `json:\"sans\"`\n\tUsageMode int32 `json:\"usage_mode\"`\n\tState int32 `json:\"state\"`\n\tExpiresTime int64 `json:\"expires\"`\n\tIssueTime int64 `json:\"issue\"`\n\tIssuer string `json:\"issuer\"`\n\tCreatedTime int64 `json:\"created\"`\n}\n\ntype CertDetail struct {\n\tCertRecord\n\tCerts string `json:\"certs\"`\n\tKey string `json:\"key\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/api_create_cert.go",
"content": "package lvdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tCerts *string `json:\"certs,omitempty\"`\n\tKey *string `json:\"key,omitempty\"`\n}\n\ntype CreateCertResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tId int64 `json:\"id\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) CreateCert(req *CreateCertRequest) (*CreateCertResponse, error) {\n\treturn c.CreateCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertWithContext(ctx context.Context, req *CreateCertRequest) (*CreateCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/cert/creat-cert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/api_query_cert_detail.go",
"content": "package lvdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryCertDetailRequest struct {\n\tId *int64 `json:\"id,omitempty\" url:\"id,omitempty\"`\n\tName *string `json:\"name,omitempty\" url:\"name,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype QueryCertDetailResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResult *CertDetail `json:\"result,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryCertDetail(req *QueryCertDetailRequest) (*QueryCertDetailResponse, error) {\n\treturn c.QueryCertDetailWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryCertDetailWithContext(ctx context.Context, req *QueryCertDetailRequest) (*QueryCertDetailResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/cert/query-cert-detail\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryCertDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/api_query_cert_list.go",
"content": "package lvdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryCertListRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPerPage *int32 `json:\"per_page,omitempty\" url:\"per_page,omitempty\"`\n\tUsageMode *int32 `json:\"usage_mode,omitempty\" url:\"usage_mode,omitempty\"`\n}\n\ntype QueryCertListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*CertRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPerPage int32 `json:\"per_page,omitempty\"`\n\t\tTotalPage int32 `json:\"total_page,omitempty\"`\n\t\tTotalRecords int32 `json:\"total_records,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryCertList(req *QueryCertListRequest) (*QueryCertListResponse, error) {\n\treturn c.QueryCertListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryCertListWithContext(ctx context.Context, req *QueryCertListRequest) (*QueryCertListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/cert/query-cert-list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryCertListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/api_query_domain_detail.go",
"content": "package lvdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryDomainDetailRequest struct {\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\" url:\"product_code,omitempty\"`\n}\n\ntype QueryDomainDetailResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *DomainDetail `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryDomainDetail(req *QueryDomainDetailRequest) (*QueryDomainDetailResponse, error) {\n\treturn c.QueryDomainDetailWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryDomainDetailWithContext(ctx context.Context, req *QueryDomainDetailRequest) (*QueryDomainDetailResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/live/domain/query-domain-detail\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryDomainDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/api_query_domain_list.go",
"content": "package lvdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryDomainListRequest struct {\n\tPage *int32 `json:\"page,omitempty\" url:\"page,omitempty\"`\n\tPageSize *int32 `json:\"page_size,omitempty\" url:\"page_size,omitempty\"`\n\tDomain *string `json:\"domain,omitempty\" url:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\" url:\"product_code,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\" url:\"status,omitempty\"`\n\tAreaScope *int32 `json:\"area_scope,omitempty\" url:\"area_scope,omitempty\"`\n}\n\ntype QueryDomainListResponse struct {\n\tsdkResponseBase\n\n\tReturnObj *struct {\n\t\tResults []*DomainRecord `json:\"result,omitempty\"`\n\t\tPage int32 `json:\"page,omitempty\"`\n\t\tPageSize int32 `json:\"page_size,omitempty\"`\n\t\tPageCount int32 `json:\"page_count,omitempty\"`\n\t\tTotal int32 `json:\"total,omitempty\"`\n\t} `json:\"returnObj,omitempty\"`\n}\n\nfunc (c *Client) QueryDomainList(req *QueryDomainListRequest) (*QueryDomainListResponse, error) {\n\treturn c.QueryDomainListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) QueryDomainListWithContext(ctx context.Context, req *QueryDomainListRequest) (*QueryDomainListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/v1/domain/query-domain-list\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &QueryDomainListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/api_update_domain.go",
"content": "package lvdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateDomainRequest struct {\n\tDomain *string `json:\"domain,omitempty\"`\n\tProductCode *string `json:\"product_code,omitempty\"`\n\tHttpsSwitch *int32 `json:\"https_switch,omitempty\"`\n\tCertName *string `json:\"cert_name,omitempty\"`\n}\n\ntype UpdateDomainResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateDomain(req *UpdateDomainRequest) (*UpdateDomainResponse, error) {\n\treturn c.UpdateDomainWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateDomainWithContext(ctx context.Context, req *UpdateDomainRequest) (*UpdateDomainResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/live/domain/update-domain\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateDomainResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/client.go",
"content": "package lvdn\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/ctyun/openapi\"\n\t\"github.com/go-resty/resty/v2\"\n)\n\nconst endpoint = \"https://ctlvdn-global.ctapi.ctyun.cn\"\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(endpoint, accessKeyId, secretAccessKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tif tcode := res.GetStatusCode(); tcode != \"\" && tcode != \"100000\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s', errorCode='%s', errorMessage='%s'\", tcode, res.GetMessage(), res.GetMessage(), res.GetErrorMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/lvdn/types.go",
"content": "package lvdn\n\nimport (\n\t\"bytes\"\n\t\"encoding/json\"\n\t\"strconv\"\n)\n\ntype sdkResponse interface {\n\tGetStatusCode() string\n\tGetMessage() string\n\tGetError() string\n\tGetErrorMessage() string\n}\n\ntype sdkResponseBase struct {\n\tStatusCode json.RawMessage `json:\"statusCode,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tErrorMessage *string `json:\"errorMessage,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetStatusCode() string {\n\tif r.StatusCode == nil {\n\t\treturn \"\"\n\t}\n\n\tdecoder := json.NewDecoder(bytes.NewReader(r.StatusCode))\n\ttoken, err := decoder.Token()\n\tif err != nil {\n\t\treturn \"\"\n\t}\n\n\tswitch t := token.(type) {\n\tcase string:\n\t\treturn t\n\tcase float64:\n\t\treturn strconv.FormatFloat(t, 'f', -1, 64)\n\tcase json.Number:\n\t\treturn t.String()\n\tdefault:\n\t\treturn \"\"\n\t}\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.ErrorMessage == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrorMessage\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DomainRecord struct {\n\tDomain string `json:\"domain\"`\n\tCname string `json:\"cname\"`\n\tProductCode string `json:\"product_code\"`\n\tProductName string `json:\"product_name\"`\n\tAreaScope int32 `json:\"area_scope\"`\n\tStatus int32 `json:\"status\"`\n}\n\ntype DomainDetail struct {\n\tDomainRecord\n\tHttpsSwitch int32 `json:\"https_switch\"`\n\tCertName string `json:\"cert_name\"`\n}\n\ntype CertRecord struct {\n\tId int64 `json:\"id\"`\n\tName string `json:\"name\"`\n\tCN string `json:\"cn\"`\n\tSANs []string `json:\"sans\"`\n\tUsageMode int32 `json:\"usage_mode\"`\n\tState int32 `json:\"state\"`\n\tExpiresTime int64 `json:\"expires\"`\n\tIssueTime int64 `json:\"issue\"`\n\tIssuer string `json:\"issuer\"`\n\tCreatedTime int64 `json:\"created\"`\n}\n\ntype CertDetail struct {\n\tCertRecord\n\tCerts string `json:\"certs\"`\n\tKey string `json:\"key\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ctyun/openapi/client.go",
"content": "package openapi\n\nimport (\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"encoding/base64\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\t\"github.com/pocketbase/pocketbase/tools/security\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(endpoint, accessKeyId, secretAccessKey string) (*Client, error) {\n\tif endpoint == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset endpoint\")\n\t}\n\tif _, err := url.Parse(endpoint); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid endpoint: %w\", err)\n\t}\n\tif accessKeyId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKeyId\")\n\t}\n\tif secretAccessKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset secretAccessKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(endpoint).\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\t// 生成时间戳及流水号\n\t\t\tnow := time.Now()\n\t\t\teopDate := now.Format(\"20060102T150405Z\")\n\t\t\teopReqId := security.RandomString(32)\n\n\t\t\t// 获取查询参数\n\t\t\tqueryStr := \"\"\n\t\t\tif req.URL != nil {\n\t\t\t\tqueryStr = req.URL.Query().Encode()\n\t\t\t}\n\n\t\t\t// 获取请求正文\n\t\t\tpayloadStr := \"\"\n\t\t\tif req.Body != nil {\n\t\t\t\treader, err := req.GetBody()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdefer reader.Close()\n\t\t\t\tpayload, err := io.ReadAll(reader)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tpayloadStr = string(payload)\n\t\t\t}\n\n\t\t\t// 构造代签字符串\n\t\t\tpayloadHash := sha256.Sum256([]byte(payloadStr))\n\t\t\tpayloadHashHex := hex.EncodeToString(payloadHash[:])\n\t\t\tdataToSign := fmt.Sprintf(\"ctyun-eop-request-id:%s\\neop-date:%s\\n\\n%s\\n%s\", eopReqId, eopDate, queryStr, payloadHashHex)\n\n\t\t\t// 生成 ktime\n\t\t\thasher := hmac.New(sha256.New, []byte(secretAccessKey))\n\t\t\thasher.Write([]byte(eopDate))\n\t\t\tktime := hasher.Sum(nil)\n\n\t\t\t// 生成 kak\n\t\t\thasher = hmac.New(sha256.New, ktime)\n\t\t\thasher.Write([]byte(accessKeyId))\n\t\t\tkak := hasher.Sum(nil)\n\n\t\t\t// 生成 kdate\n\t\t\thasher = hmac.New(sha256.New, kak)\n\t\t\thasher.Write([]byte(now.Format(\"20060102\")))\n\t\t\tkdate := hasher.Sum(nil)\n\n\t\t\t// 构造签名\n\t\t\thasher = hmac.New(sha256.New, kdate)\n\t\t\thasher.Write([]byte(dataToSign))\n\t\t\tsign := hasher.Sum(nil)\n\t\t\tsignStr := base64.StdEncoding.EncodeToString(sign)\n\n\t\t\t// 设置请求头\n\t\t\treq.Header.Set(\"ctyun-eop-request-id\", eopReqId)\n\t\t\treq.Header.Set(\"eop-date\", eopDate)\n\t\t\treq.Header.Set(\"eop-authorization\", fmt.Sprintf(\"%s Headers=ctyun-eop-request-id;eop-date Signature=%s\", accessKeyId, signStr))\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) NewRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) DoRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) DoRequestWithResult(req *resty.Request, res interface{}) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.DoRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dcloud/unicloud/api_create_domain_with_cert.go",
"content": "package unicloud\n\nimport (\n\t\"net/http\"\n)\n\ntype CreateDomainWithCertRequest struct {\n\tProvider string `json:\"provider\"`\n\tSpaceId string `json:\"spaceId\"`\n\tDomain string `json:\"domain\"`\n\tCert string `json:\"cert\"`\n\tKey string `json:\"key\"`\n}\n\ntype CreateDomainWithCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) CreateDomainWithCert(req *CreateDomainWithCertRequest) (*CreateDomainWithCertResponse, error) {\n\tif err := c.ensureApiUserTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\tresp := &CreateDomainWithCertResponse{}\n\terr := c.sendRequestWithResult(http.MethodPost, \"/host/create-domain-with-cert\", req, resp)\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/dcloud/unicloud/client.go",
"content": "package unicloud\n\nimport (\n\t\"crypto/hmac\"\n\t\"crypto/md5\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"regexp\"\n\t\"runtime\"\n\t\"sort\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tusername string\n\tpassword string\n\n\tserverlessJwtToken string\n\tserverlessJwtTokenExp time.Time\n\tserverlessJwtTokenMtx sync.Mutex\n\n\tserverlessClient *resty.Client\n\n\tapiUserToken string\n\tapiUserTokenMtx sync.Mutex\n\n\tapiClient *resty.Client\n}\n\nconst (\n\tuniIdentityEndpoint = \"https://account.dcloud.net.cn/client\"\n\tuniIdentityClientSecret = \"ba461799-fde8-429f-8cc4-4b6d306e2339\"\n\tuniIdentityAppId = \"__UNI__uniid_server\"\n\tuniIdentitySpaceId = \"uni-id-server\"\n\tuniConsoleEndpoint = \"https://unicloud.dcloud.net.cn/client\"\n\tuniConsoleClientSecret = \"4c1f7fbf-c732-42b0-ab10-4634a8bbe834\"\n\tuniConsoleAppId = \"__UNI__unicloud_console\"\n\tuniConsoleSpaceId = \"dc-6nfabcn6ada8d3dd\"\n)\n\nfunc NewClient(username, password string) (*Client, error) {\n\tif username == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset username\")\n\t}\n\tif password == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset password\")\n\t}\n\n\tclient := &Client{\n\t\tusername: username,\n\t\tpassword: password,\n\t}\n\tclient.serverlessClient = resty.New().\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\tclient.apiClient = resty.New().\n\t\tSetBaseURL(\"https://unicloud-api.dcloud.net.cn/unicloud/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.apiUserToken != \"\" {\n\t\t\t\treq.Header.Set(\"Token\", client.apiUserToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.serverlessClient.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) buildServerlessClientInfo(appId string) (_clientInfo map[string]any, _err error) {\n\treturn map[string]any{\n\t\t\"PLATFORM\": \"web\",\n\t\t\"OS\": strings.ToUpper(runtime.GOOS),\n\t\t\"APPID\": appId,\n\t\t\"DEVICEID\": app.AppName,\n\t\t\"LOCALE\": \"zh-Hans\",\n\t\t\"osName\": runtime.GOOS,\n\t\t\"appId\": appId,\n\t\t\"appName\": \"uniCloud\",\n\t\t\"deviceId\": app.AppName,\n\t\t\"deviceType\": \"pc\",\n\t\t\"uniPlatform\": \"web\",\n\t\t\"uniCompilerVersion\": \"4.45\",\n\t\t\"uniRuntimeVersion\": \"4.45\",\n\t}, nil\n}\n\nfunc (c *Client) buildServerlessPayloadInfo(appId, spaceId, target, method, action string, params, data interface{}) (map[string]any, error) {\n\tclientInfo, err := c.buildServerlessClientInfo(appId)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tfunctionArgsParams := make([]any, 0)\n\tif params != nil {\n\t\tfunctionArgsParams = append(functionArgsParams, params)\n\t}\n\n\tfunctionArgs := map[string]any{\n\t\t\"clientInfo\": clientInfo,\n\t\t\"uniIdToken\": c.serverlessJwtToken,\n\t}\n\tif method != \"\" {\n\t\tfunctionArgs[\"method\"] = method\n\t\tfunctionArgs[\"params\"] = make([]any, 0)\n\t}\n\tif action != \"\" {\n\t\ttype _obj struct{}\n\t\tfunctionArgs[\"action\"] = action\n\t\tfunctionArgs[\"data\"] = &_obj{}\n\t}\n\tif params != nil {\n\t\tfunctionArgs[\"params\"] = []any{params}\n\t}\n\tif data != nil {\n\t\tfunctionArgs[\"data\"] = data\n\t}\n\n\tjsonb, err := json.Marshal(map[string]any{\n\t\t\"functionTarget\": target,\n\t\t\"functionArgs\": functionArgs,\n\t})\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tpayload := map[string]any{\n\t\t\"method\": \"serverless.function.runtime.invoke\",\n\t\t\"params\": string(jsonb),\n\t\t\"spaceId\": spaceId,\n\t\t\"timestamp\": time.Now().UnixMilli(),\n\t}\n\n\treturn payload, nil\n}\n\nfunc (c *Client) invokeServerless(endpoint, clientSecret, appId, spaceId, target, method, action string, params, data interface{}) (*resty.Response, error) {\n\tif endpoint == \"\" {\n\t\treturn nil, fmt.Errorf(\"unicloud api error: endpoint cannot be empty\")\n\t}\n\n\tpayload, err := c.buildServerlessPayloadInfo(appId, spaceId, target, method, action, params, data)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"unicloud api error: failed to build request: %w\", err)\n\t}\n\n\tclientInfo, _ := c.buildServerlessClientInfo(appId)\n\tclientInfoJsonb, _ := json.Marshal(clientInfo)\n\n\tsign := generateSignature(payload, clientSecret)\n\n\treq := c.serverlessClient.R().\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"Origin\", \"https://unicloud.dcloud.net.cn\").\n\t\tSetHeader(\"Referer\", \"https://unicloud.dcloud.net.cn\").\n\t\tSetHeader(\"X-Client-Info\", string(clientInfoJsonb)).\n\t\tSetHeader(\"X-Client-Token\", c.serverlessJwtToken).\n\t\tSetHeader(\"X-Serverless-Sign\", sign).\n\t\tSetBody(payload)\n\tresp, err := req.Post(endpoint)\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"unicloud api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"unicloud api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) invokeServerlessWithResult(endpoint, clientSecret, appId, spaceId, target, method, action string, params, data interface{}, result sdkResponse) error {\n\tresp, err := c.invokeServerless(endpoint, clientSecret, appId, spaceId, target, method, action, params, data)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &result)\n\t\t}\n\t\treturn err\n\t}\n\n\tif err := json.Unmarshal(resp.Body(), &result); err != nil {\n\t\treturn fmt.Errorf(\"unicloud api error: failed to unmarshal response: %w\", err)\n\t} else if success := result.GetSuccess(); !success {\n\t\treturn fmt.Errorf(\"unicloud api error: code='%s', message='%s'\", result.GetErrorCode(), result.GetErrorMessage())\n\t}\n\n\treturn nil\n}\n\nfunc (c *Client) sendRequest(method string, path string, params interface{}) (*resty.Response, error) {\n\treq := c.apiClient.R()\n\tif strings.EqualFold(method, http.MethodGet) {\n\t\tqs := make(map[string]string)\n\t\tif params != nil {\n\t\t\ttemp := make(map[string]any)\n\t\t\tjsonb, _ := json.Marshal(params)\n\t\t\tjson.Unmarshal(jsonb, &temp)\n\t\t\tfor k, v := range temp {\n\t\t\t\tif v != nil {\n\t\t\t\t\tqs[k] = fmt.Sprintf(\"%v\", v)\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treq = req.SetQueryParams(qs)\n\t} else {\n\t\treq = req.SetHeader(\"Content-Type\", \"application/json\").SetBody(params)\n\t}\n\n\tresp, err := req.Execute(method, path)\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"unicloud api error: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"unicloud api error: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) sendRequestWithResult(method string, path string, params interface{}, result sdkResponse) error {\n\tresp, err := c.sendRequest(method, path, params)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &result)\n\t\t}\n\t\treturn err\n\t}\n\n\tif err := json.Unmarshal(resp.Body(), &result); err != nil {\n\t\treturn fmt.Errorf(\"unicloud api error: failed to unmarshal response: %w\", err)\n\t} else if retcode := result.GetReturnCode(); retcode != 0 {\n\t\treturn fmt.Errorf(\"unicloud api error: ret='%d', desc='%s'\", retcode, result.GetReturnDesc())\n\t}\n\n\treturn nil\n}\n\nfunc (c *Client) ensureServerlessJwtTokenExists() error {\n\tc.serverlessJwtTokenMtx.Lock()\n\tdefer c.serverlessJwtTokenMtx.Unlock()\n\tif c.serverlessJwtToken != \"\" && c.serverlessJwtTokenExp.After(time.Now()) {\n\t\treturn nil\n\t}\n\n\tparams := map[string]string{\n\t\t\"password\": \"password\",\n\t}\n\tif regexp.MustCompile(`^1\\d{10}$`).MatchString(c.username) {\n\t\tparams[\"mobile\"] = c.username\n\t} else if regexp.MustCompile(`^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$`).MatchString(c.username) {\n\t\tparams[\"email\"] = c.username\n\t} else {\n\t\tparams[\"username\"] = c.username\n\t}\n\n\ttype loginResponse struct {\n\t\tsdkResponseBase\n\t\tData *struct {\n\t\t\tCode int32 `json:\"errCode\"`\n\t\t\tUID string `json:\"uid\"`\n\t\t\tNewToken *struct {\n\t\t\t\tToken string `json:\"token\"`\n\t\t\t\tTokenExpired int64 `json:\"tokenExpired\"`\n\t\t\t} `json:\"newToken,omitempty\"`\n\t\t} `json:\"data,omitempty\"`\n\t}\n\n\tresp := &loginResponse{}\n\tif err := c.invokeServerlessWithResult(\n\t\tuniIdentityEndpoint, uniIdentityClientSecret, uniIdentityAppId, uniIdentitySpaceId,\n\t\t\"uni-id-co\", \"login\", \"\", params, nil,\n\t\tresp); err != nil {\n\t\treturn err\n\t} else if resp.Data == nil || resp.Data.NewToken == nil || resp.Data.NewToken.Token == \"\" {\n\t\treturn fmt.Errorf(\"unicloud api error: received empty token\")\n\t}\n\n\tc.serverlessJwtToken = resp.Data.NewToken.Token\n\tc.serverlessJwtTokenExp = time.UnixMilli(resp.Data.NewToken.TokenExpired)\n\n\treturn nil\n}\n\nfunc (c *Client) ensureApiUserTokenExists() error {\n\tif err := c.ensureServerlessJwtTokenExists(); err != nil {\n\t\treturn err\n\t}\n\n\tc.apiUserTokenMtx.Lock()\n\tdefer c.apiUserTokenMtx.Unlock()\n\tif c.apiUserToken != \"\" {\n\t\treturn nil\n\t}\n\n\ttype getUserTokenResponse struct {\n\t\tsdkResponseBase\n\t\tData *struct {\n\t\t\tCode int32 `json:\"code\"`\n\t\t\tData *struct {\n\t\t\t\tResult int32 `json:\"ret\"`\n\t\t\t\tDescription string `json:\"desc\"`\n\t\t\t\tData *struct {\n\t\t\t\t\tEmail string `json:\"email\"`\n\t\t\t\t\tToken string `json:\"token\"`\n\t\t\t\t} `json:\"data,omitempty\"`\n\t\t\t} `json:\"data,omitempty\"`\n\t\t} `json:\"data,omitempty\"`\n\t}\n\n\tresp := &getUserTokenResponse{}\n\tif err := c.invokeServerlessWithResult(\n\t\tuniConsoleEndpoint, uniConsoleClientSecret, uniConsoleAppId, uniConsoleSpaceId,\n\t\t\"uni-cloud-kernel\", \"\", \"user/getUserToken\", nil, map[string]any{\"isLogin\": true},\n\t\tresp); err != nil {\n\t\treturn err\n\t} else if resp.Data == nil || resp.Data.Data == nil || resp.Data.Data.Data == nil || resp.Data.Data.Data.Token == \"\" {\n\t\treturn fmt.Errorf(\"unicloud api error: received empty user token\")\n\t}\n\n\tc.apiUserToken = resp.Data.Data.Data.Token\n\n\treturn nil\n}\n\nfunc generateSignature(params map[string]any, secret string) string {\n\tkeys := make([]string, 0, len(params))\n\tfor k := range params {\n\t\tkeys = append(keys, k)\n\t}\n\tsort.Strings(keys)\n\n\tcanonicalStr := \"\"\n\tfor i, k := range keys {\n\t\tif i > 0 {\n\t\t\tcanonicalStr += \"&\"\n\t\t}\n\t\tcanonicalStr += k + \"=\" + fmt.Sprintf(\"%v\", params[k])\n\t}\n\n\tmac := hmac.New(md5.New, []byte(secret))\n\tmac.Write([]byte(canonicalStr))\n\tsign := mac.Sum(nil)\n\tsignHex := hex.EncodeToString(sign)\n\n\treturn signHex\n}\n"
},
{
"path": "pkg/sdk3rd/dcloud/unicloud/types.go",
"content": "package unicloud\n\ntype sdkResponse interface {\n\tGetSuccess() bool\n\tGetErrorCode() string\n\tGetErrorMessage() string\n\tGetReturnCode() int\n\tGetReturnDesc() string\n}\n\ntype sdkResponseBase struct {\n\tSuccess *bool `json:\"success,omitempty\"`\n\tHeader *map[string]string `json:\"header,omitempty\"`\n\tError *struct {\n\t\tCode string `json:\"code\"`\n\t\tMessage string `json:\"message\"`\n\t} `json:\"error,omitempty\"`\n\tReturnCode *int `json:\"ret,omitempty\"`\n\tReturnDesc *string `json:\"desc,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetReturnCode() int {\n\tif r.ReturnCode == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.ReturnCode\n}\n\nfunc (r *sdkResponseBase) GetReturnDesc() string {\n\tif r.ReturnDesc == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ReturnDesc\n}\n\nfunc (r *sdkResponseBase) GetSuccess() bool {\n\tif r.Success == nil {\n\t\treturn false\n\t}\n\n\treturn *r.Success\n}\n\nfunc (r *sdkResponseBase) GetErrorCode() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn r.Error.Code\n}\n\nfunc (r *sdkResponseBase) GetErrorMessage() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn r.Error.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/dnsla/api_create_record.go",
"content": "package dnsla\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateRecordRequest struct {\n\tDomainId *string `json:\"domainId\"`\n\tGroupId *string `json:\"groupId,omitempty\"`\n\tLineId *string `json:\"lineId,omitempty\"`\n\tType *int32 `json:\"type\"`\n\tHost *string `json:\"host\"`\n\tData *string `json:\"data\"`\n\tTtl *int32 `json:\"ttl\"`\n\tWeight *int32 `json:\"weight,omitempty\"`\n\tPreference *int32 `json:\"preference,omitempty\"`\n}\n\ntype CreateRecordResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tId string `json:\"id\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) CreateRecord(req *CreateRecordRequest) (*CreateRecordResponse, error) {\n\treturn c.CreateRecordWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateRecordWithContext(ctx context.Context, req *CreateRecordRequest) (*CreateRecordResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/record\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dnsla/api_delete_record.go",
"content": "package dnsla\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype DeleteRecordResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) DeleteRecord(recordId string) (*DeleteRecordResponse, error) {\n\treturn c.DeleteRecordWithContext(context.Background(), recordId)\n}\n\nfunc (c *Client) DeleteRecordWithContext(ctx context.Context, recordId string) (*DeleteRecordResponse, error) {\n\tif recordId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset recordId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodDelete, \"/record\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetQueryParam(\"id\", recordId)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DeleteRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dnsla/api_list_domains.go",
"content": "package dnsla\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype ListDomainsRequest struct {\n\tGroupId *string `json:\"groupId,omitempty\" url:\"groupId,omitempty\"`\n\tPageIndex *int32 `json:\"pageIndex,omitempty\" url:\"pageIndex,omitempty\"`\n\tPageSize *int32 `json:\"pageSize,omitempty\" url:\"pageSize,omitempty\"`\n}\n\ntype ListDomainsResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tTotal int32 `json:\"total\"`\n\t\tResults []*DomainRecord `json:\"results\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) ListDomains(req *ListDomainsRequest) (*ListDomainsResponse, error) {\n\treturn c.ListDomainsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ListDomainsWithContext(ctx context.Context, req *ListDomainsRequest) (*ListDomainsResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/domainList\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListDomainsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dnsla/api_list_records.go",
"content": "package dnsla\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype ListRecordsRequest struct {\n\tDomainId *string `json:\"domainId,omitempty\" url:\"domainId,omitempty\"`\n\tGroupId *string `json:\"groupId,omitempty\" url:\"groupId,omitempty\"`\n\tLineId *string `json:\"lineId,omitempty\" url:\"lineId,omitempty\"`\n\tType *int32 `json:\"type,omitempty\" url:\"type,omitempty\"`\n\tHost *string `json:\"host,omitempty\" url:\"host,omitempty\"`\n\tData *string `json:\"data,omitempty\" url:\"data,omitempty\"`\n\tPageIndex *int32 `json:\"pageIndex,omitempty\" url:\"pageIndex,omitempty\"`\n\tPageSize *int32 `json:\"pageSize,omitempty\" url:\"pageSize,omitempty\"`\n}\n\ntype ListRecordsResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tTotal int32 `json:\"total\"`\n\t\tResults []*DnsRecord `json:\"results\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) ListRecords(req *ListRecordsRequest) (*ListRecordsResponse, error) {\n\treturn c.ListRecordsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ListRecordsWithContext(ctx context.Context, req *ListRecordsRequest) (*ListRecordsResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/recordList\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListRecordsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dnsla/api_update_record.go",
"content": "package dnsla\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateRecordRequest struct {\n\tId *string `json:\"id\"`\n\tGroupId *string `json:\"groupId,omitempty\"`\n\tLineId *string `json:\"lineId,omitempty\"`\n\tType *int32 `json:\"type,omitempty\"`\n\tHost *string `json:\"host,omitempty\"`\n\tData *string `json:\"data,omitempty\"`\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\tWeight *int32 `json:\"weight,omitempty\"`\n\tPreference *int32 `json:\"preference,omitempty\"`\n}\n\ntype UpdateRecordResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateRecord(req *UpdateRecordRequest) (*UpdateRecordResponse, error) {\n\treturn c.UpdateRecordWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateRecordWithContext(ctx context.Context, req *UpdateRecordRequest) (*UpdateRecordResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPut, \"/record\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dnsla/client.go",
"content": "package dnsla\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(apiId, apiSecret string) (*Client, error) {\n\tif apiId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiId\")\n\t}\n\tif apiSecret == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiSecret\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.dns.la/api\").\n\t\tSetBasicAuth(apiId, apiSecret).\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode/100 != 2 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dnsla/types.go",
"content": "package dnsla\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DomainRecord struct {\n\tId string `json:\"id\"`\n\tGroupId string `json:\"groupId\"`\n\tGroupName string `json:\"groupName\"`\n\tDomain string `json:\"domain\"`\n\tDisplayDomain string `json:\"displayDomain\"`\n\tCreatedAt int64 `json:\"createdAt\"`\n\tUpdatedAt int64 `json:\"updatedAt\"`\n}\n\ntype DnsRecord struct {\n\tId string `json:\"id\"`\n\tDomainId string `json:\"domainId\"`\n\tGroupId string `json:\"groupId\"`\n\tGroupName string `json:\"groupName\"`\n\tLineId string `json:\"lineId\"`\n\tLineCode string `json:\"lineCode\"`\n\tLineName string `json:\"lineName\"`\n\tType int32 `json:\"type\"`\n\tHost string `json:\"host\"`\n\tDisplayHost string `json:\"displayHost\"`\n\tData string `json:\"data\"`\n\tDisplayData string `json:\"displayData\"`\n\tTtl int32 `json:\"ttl\"`\n\tWeight int32 `json:\"weight\"`\n\tPreference int32 `json:\"preference\"`\n\tCreatedAt int64 `json:\"createdAt\"`\n\tUpdatedAt int64 `json:\"updatedAt\"`\n}\n"
},
{
"path": "pkg/sdk3rd/dogecloud/api_bind_cdn_cert.go",
"content": "package dogecloud\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype BindCdnCertRequest struct {\n\tCertId int64 `json:\"id\"`\n\tDomain string `json:\"domain\"`\n}\n\ntype BindCdnCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) BindCdnCert(req *BindCdnCertRequest) (*BindCdnCertResponse, error) {\n\treturn c.BindCdnCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) BindCdnCertWithContext(ctx context.Context, req *BindCdnCertRequest) (*BindCdnCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/cdn/cert/bind.json\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &BindCdnCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dogecloud/api_list_cdn_domain.go",
"content": "package dogecloud\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n)\n\ntype ListCdnDomainResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tDomains []*struct {\n\t\t\tId int64 `json:\"id\"`\n\t\t\tName string `json:\"name\"`\n\t\t\tCname string `json:\"cname\"`\n\t\t\tServiceType string `json:\"service_type\"`\n\t\t\tStatus string `json:\"status\"`\n\t\t\tSource json.RawMessage `json:\"source\"`\n\t\t\tCreateTime string `json:\"ctime\"`\n\t\t\tCertId int64 `json:\"cert_id\"`\n\t\t} `json:\"domains\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) ListCdnDomain() (*ListCdnDomainResponse, error) {\n\treturn c.ListCdnDomainWithContext(context.Background())\n}\n\nfunc (c *Client) ListCdnDomainWithContext(ctx context.Context) (*ListCdnDomainResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/cdn/domain/list.json\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListCdnDomainResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dogecloud/api_upload_cdn_cert.go",
"content": "package dogecloud\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UploadCdnCertRequest struct {\n\tNote string `json:\"note\"`\n\tCertificate string `json:\"cert\"`\n\tPrivateKey string `json:\"private\"`\n}\n\ntype UploadCdnCertResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tId int64 `json:\"id\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) UploadCdnCert(req *UploadCdnCertRequest) (*UploadCdnCertResponse, error) {\n\treturn c.UploadCdnCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UploadCdnCertWithContext(ctx context.Context, req *UploadCdnCertRequest) (*UploadCdnCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/cdn/cert/upload.json\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UploadCdnCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dogecloud/client.go",
"content": "package dogecloud\n\nimport (\n\t\"crypto/hmac\"\n\t\"crypto/sha1\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(accessKey, secretKey string) (*Client, error) {\n\tif accessKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKey\")\n\t}\n\tif secretKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset secretKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.dogecloud.com\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(ctx *resty.Client, req *http.Request) error {\n\t\t\trequestUrl := req.URL.Path\n\t\t\trequestQuery := req.URL.Query().Encode()\n\t\t\tif requestQuery != \"\" {\n\t\t\t\trequestUrl += \"?\" + requestQuery\n\t\t\t}\n\n\t\t\tpayload := \"\"\n\t\t\tif req.Body != nil {\n\t\t\t\treader, err := req.GetBody()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdefer reader.Close()\n\n\t\t\t\tpayloadb, err := io.ReadAll(reader)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tpayload = string(payloadb)\n\t\t\t}\n\n\t\t\tstringToSign := fmt.Sprintf(\"%s\\n%s\", requestUrl, payload)\n\t\t\tmac := hmac.New(sha1.New, []byte(secretKey))\n\t\t\tmac.Write([]byte(stringToSign))\n\t\t\tsign := hex.EncodeToString(mac.Sum(nil))\n\n\t\t\treq.Header.Set(\"Authorization\", fmt.Sprintf(\"TOKEN %s:%s\", accessKey, sign))\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 0 && tcode != 200 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', msg='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dogecloud/types.go",
"content": "package dogecloud\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"msg,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/dokploy/api_certificates_all.go",
"content": "package dokploy\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CertificatesAllRequest struct{}\n\ntype CertificatesAllResponse = []*Certificate\n\nfunc (c *Client) CertificatesAll(req *CertificatesAllRequest) (*CertificatesAllResponse, error) {\n\treturn c.CertificatesAllWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CertificatesAllWithContext(ctx context.Context, req *CertificatesAllRequest) (*CertificatesAllResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/certificates.all\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CertificatesAllResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dokploy/api_certificates_create.go",
"content": "package dokploy\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CertificatesCreateRequest struct {\n\tCertificateId *string `json:\"certificateId,omitempty\"`\n\tName *string `json:\"name,omitempty\"`\n\tCertificateData *string `json:\"certificateData,omitempty\"`\n\tPrivateKey *string `json:\"privateKey,omitempty\"`\n\tOrganizationId *string `json:\"organizationId,omitempty\"`\n\tServerId *string `json:\"serverId,omitempty\"`\n}\n\ntype CertificatesCreateResponse = Certificate\n\nfunc (c *Client) CertificatesCreate(req *CertificatesCreateRequest) (*CertificatesCreateResponse, error) {\n\treturn c.CertificatesCreateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CertificatesCreateWithContext(ctx context.Context, req *CertificatesCreateRequest) (*CertificatesCreateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/certificates.create\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CertificatesCreateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dokploy/api_user_get.go",
"content": "package dokploy\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UserGetRequest struct{}\n\ntype UserGetResponse struct {\n\tId string `json:\"id\"`\n\tOrganizationId string `json:\"organizationId\"`\n\tUserId string `json:\"userId\"`\n\tRole string `json:\"role\"`\n\tCreatedAt string `json:\"createdAt\"`\n\tTeamId string `json:\"teamId,omitempty\"`\n\tIsDefault bool `json:\"isDefault\"`\n\tUser *struct {\n\t\tId string `json:\"id\"`\n\t\tFirstName string `json:\"firstName\"`\n\t\tLastName string `json:\"lastName\"`\n\t\tEmail string `json:\"email\"`\n\t\tEmailVerified bool `json:\"emailVerified\"`\n\t\tRole string `json:\"role\"`\n\t\tCreatedAt string `json:\"createdAt\"`\n\t} `json:\"user,omitempty\"`\n}\n\nfunc (c *Client) UserGet(req *UserGetRequest) (*UserGetResponse, error) {\n\treturn c.UserGetWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UserGetWithContext(ctx context.Context, req *UserGetRequest) (*UserGetResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/user.get\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UserGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dokploy/client.go",
"content": "package dokploy\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl string, apiKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetHeader(\"X-Api-Key\", apiKey)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res interface{}) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dokploy/types.go",
"content": "package dokploy\n\ntype Certificate struct {\n\tCertificateId string `json:\"certificateId\"`\n\tName string `json:\"name\"`\n\tCertificateData string `json:\"certificateData\"`\n\tPrivateKey string `json:\"privateKey\"`\n\tCertificatePath string `json:\"certificatePath,omitempty\"`\n\tOrganizationId string `json:\"organizationId,omitempty\"`\n\tServerId string `json:\"serverId,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/dynv6/api_add_record.go",
"content": "package dynv6\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype AddRecordRequest struct {\n\tType *string `json:\"type,omitempty\"`\n\tName *string `json:\"name,omitempty\"`\n\tPort *int `json:\"port,omitempty\"`\n\tWeight *int `json:\"weight,omitempty\"`\n\tPriority *int `json:\"priority,omitempty\"`\n\tData *string `json:\"data,omitempty\"`\n\tFlags *int `json:\"flags,omitempty\"`\n\tTag *string `json:\"tag,omitempty\"`\n}\n\ntype AddRecordResponse DNSRecord\n\nfunc (c *Client) AddRecord(zoneID int64, req *AddRecordRequest) (*AddRecordResponse, error) {\n\treturn c.AddRecordWithContext(context.Background(), zoneID, req)\n}\n\nfunc (c *Client) AddRecordWithContext(ctx context.Context, zoneID int64, req *AddRecordRequest) (*AddRecordResponse, error) {\n\tif zoneID == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset zoneID\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/zones/%d/records\", zoneID))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &AddRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dynv6/api_delete_record.go",
"content": "package dynv6\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype DeleteRecordResponse DNSRecord\n\nfunc (c *Client) DeleteRecord(zoneID int64, recordID int64) (*DeleteRecordResponse, error) {\n\treturn c.DeleteRecordWithContext(context.Background(), zoneID, recordID)\n}\n\nfunc (c *Client) DeleteRecordWithContext(ctx context.Context, zoneID int64, recordID int64) (*DeleteRecordResponse, error) {\n\tif zoneID == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset zoneID\")\n\t}\n\tif recordID == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset recordID\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodDelete, fmt.Sprintf(\"/zones/%d/records/%d\", zoneID, recordID))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DeleteRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dynv6/api_list_records.go",
"content": "package dynv6\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype ListRecordsResponse []*DNSRecord\n\nfunc (c *Client) ListRecords(zoneID int64) (*ListRecordsResponse, error) {\n\treturn c.ListRecordsWithContext(context.Background(), zoneID)\n}\n\nfunc (c *Client) ListRecordsWithContext(ctx context.Context, zoneID int64) (*ListRecordsResponse, error) {\n\tif zoneID == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset zoneID\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/zones/%d/records\", zoneID))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListRecordsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dynv6/api_list_zones.go",
"content": "package dynv6\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ListZonesResponse []*ZoneRecord\n\nfunc (c *Client) ListZones() (*ListZonesResponse, error) {\n\treturn c.ListZonesWithContext(context.Background())\n}\n\nfunc (c *Client) ListZonesWithContext(ctx context.Context) (*ListZonesResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/zones\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListZonesResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dynv6/client.go",
"content": "package dynv6\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(httpToken string) (*Client, error) {\n\tif httpToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset httpToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://dynv6.com/api/v2\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Authorization\", \"Bearer \"+httpToken).\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res interface{}) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/dynv6/types.go",
"content": "package dynv6\n\ntype ZoneRecord struct {\n\tID int64 `json:\"id\"`\n\tName string `json:\"name\"`\n\tIPv4Address string `json:\"ipv4address\"`\n\tIPv6Prefix string `json:\"ipv6prefix\"`\n\tCreatedAt string `json:\"createdAt\"`\n\tUpdatedAt string `json:\"updatedAt\"`\n}\n\ntype DNSRecord struct {\n\tID int64 `json:\"id\"`\n\tZoneID int64 `json:\"zoneID\"`\n\tType string `json:\"type\"`\n\tName string `json:\"name\"`\n\tPort int `json:\"port\"`\n\tWeight int `json:\"weight\"`\n\tPriority int `json:\"priority\"`\n\tData string `json:\"data\"`\n\tExpandedData string `json:\"expandedData\"`\n\tFlags int `json:\"flags,omitempty\"`\n\tTag string `json:\"tag,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/flexcdn/api_update_ssl_cert.go",
"content": "package flexcdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateSSLCertRequest struct {\n\tSSLCertId int64 `json:\"sslCertId\"`\n\tIsOn bool `json:\"isOn\"`\n\tName string `json:\"name\"`\n\tDescription string `json:\"description\"`\n\tServerName string `json:\"serverName\"`\n\tIsCA bool `json:\"isCA\"`\n\tCertData string `json:\"certData\"`\n\tKeyData string `json:\"keyData\"`\n\tTimeBeginAt int64 `json:\"timeBeginAt\"`\n\tTimeEndAt int64 `json:\"timeEndAt\"`\n\tDNSNames []string `json:\"dnsNames\"`\n\tCommonNames []string `json:\"commonNames\"`\n}\n\ntype UpdateSSLCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateSSLCert(req *UpdateSSLCertRequest) (*UpdateSSLCertResponse, error) {\n\treturn c.UpdateSSLCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateSSLCertWithContext(ctx context.Context, req *UpdateSSLCertRequest) (*UpdateSSLCertResponse, error) {\n\tif err := c.ensureAccessTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/SSLCertService/updateSSLCert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateSSLCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/flexcdn/client.go",
"content": "package flexcdn\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tapiRole string\n\taccessKeyId string\n\taccessKey string\n\n\taccessToken string\n\taccessTokenExp time.Time\n\taccessTokenMtx sync.Mutex\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiRole, accessKeyId, accessKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiRole == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiRole\")\n\t}\n\tif apiRole != \"user\" && apiRole != \"admin\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid apiRole\")\n\t}\n\tif accessKeyId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKeyId\")\n\t}\n\tif accessKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKey\")\n\t}\n\n\tclient := &Client{\n\t\tapiRole: apiRole,\n\t\taccessKeyId: accessKeyId,\n\t\taccessKey: accessKey,\n\t}\n\tclient.client = resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")).\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.accessToken != \"\" {\n\t\t\t\treq.Header.Set(\"X-Cloud-Access-Token\", client.accessToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 200 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) ensureAccessTokenExists() error {\n\tc.accessTokenMtx.Lock()\n\tdefer c.accessTokenMtx.Unlock()\n\tif c.accessToken != \"\" && c.accessTokenExp.After(time.Now()) {\n\t\treturn nil\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/APIAccessTokenService/getAPIAccessToken\")\n\tif err != nil {\n\t\treturn err\n\t} else {\n\t\thttpreq.SetBody(map[string]string{\n\t\t\t\"type\": c.apiRole,\n\t\t\t\"accessKeyId\": c.accessKeyId,\n\t\t\t\"accessKey\": c.accessKey,\n\t\t})\n\t}\n\n\ttype getAPIAccessTokenResponse struct {\n\t\tsdkResponseBase\n\t\tData *struct {\n\t\t\tToken string `json:\"token\"`\n\t\t\tExpiresAt int64 `json:\"expiresAt\"`\n\t\t} `json:\"data,omitempty\"`\n\t}\n\n\tresult := &getAPIAccessTokenResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn err\n\t} else if code := result.GetCode(); code != 200 {\n\t\treturn fmt.Errorf(\"sdkerr: failed to get flexcdn access token: code='%d', message='%s'\", code, result.GetMessage())\n\t} else {\n\t\tc.accessToken = result.Data.Token\n\t\tc.accessTokenExp = time.Unix(result.Data.ExpiresAt, 0)\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/flexcdn/types.go",
"content": "package flexcdn\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode int `json:\"code\"`\n\tMessage string `json:\"message\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\treturn r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\treturn r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/flyio/api_import_custom_certificate.go",
"content": "package flyio\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype ImportCustomCertificateRequest struct {\n\tAppName string `json:\"-\"`\n\tHostname string `json:\"hostname\"`\n\tFullchain string `json:\"fullchain\"`\n\tPrivateKey string `json:\"private_key\"`\n}\n\ntype ImportCustomCertificateResponse struct {\n\tsdkResponseBase\n\n\tHostname string `json:\"hostname\"`\n\tConfigured bool `json:\"configured\"`\n\tStatus string `json:\"status\"`\n\tCertificates []*struct {\n\t\tSource string `json:\"source\"`\n\t\tStatus string `json:\"status\"`\n\t\tCreatedAt string `json:\"created_at\"`\n\t\tExpiresAt string `json:\"expires_at\"`\n\t\tIssuer string `json:\"issuer\"`\n\t} `json:\"certificates\"`\n}\n\nfunc (c *Client) ImportCustomCertificate(req *ImportCustomCertificateRequest) (*ImportCustomCertificateResponse, error) {\n\treturn c.ImportCustomCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ImportCustomCertificateWithContext(ctx context.Context, req *ImportCustomCertificateRequest) (*ImportCustomCertificateResponse, error) {\n\tif req.AppName == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset appName\")\n\t}\n\n\tpath := fmt.Sprintf(\"/apps/%s/certificates/custom\", url.PathEscape(req.AppName))\n\thttpreq, err := c.newRequest(http.MethodPost, path)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ImportCustomCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/flyio/client.go",
"content": "package flyio\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(apiToken string) (*Client, error) {\n\tif apiToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.machines.dev/v1\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Authorization\", \"Bearer \"+apiToken).\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/flyio/types.go",
"content": "package flyio\n\ntype sdkResponse interface {\n\tGetError() string\n}\n\ntype sdkResponseBase struct {\n\tError *string `json:\"error,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif r.Error == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Error\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/gcore/endpoint.go",
"content": "package common\n\nconst BASE_URL = \"https://api.gcore.com\"\n"
},
{
"path": "pkg/sdk3rd/gcore/signer.go",
"content": "package common\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/G-Core/gcorelabscdn-go/gcore\"\n)\n\ntype AuthRequestSigner struct {\n\tapiToken string\n}\n\nvar _ gcore.RequestSigner = (*AuthRequestSigner)(nil)\n\nfunc NewAuthRequestSigner(apiToken string) *AuthRequestSigner {\n\treturn &AuthRequestSigner{\n\t\tapiToken: apiToken,\n\t}\n}\n\nfunc (s *AuthRequestSigner) Sign(req *http.Request) error {\n\treq.Header.Set(\"Authorization\", \"APIKey \"+s.apiToken)\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/gname/api_add_domain_resolution.go",
"content": "package gname\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n)\n\ntype AddDomainResolutionRequest struct {\n\tZoneName *string `json:\"ym,omitempty\"`\n\tRecordType *string `json:\"lx,omitempty\"`\n\tRecordName *string `json:\"zj,omitempty\"`\n\tRecordValue *string `json:\"jlz,omitempty\"`\n\tMX *int32 `json:\"mx,omitempty\"`\n\tTTL *int32 `json:\"ttl,omitempty\"`\n}\n\ntype AddDomainResolutionResponse struct {\n\tsdkResponseBase\n\n\tData json.Number `json:\"data\"`\n}\n\nfunc (c *Client) AddDomainResolution(req *AddDomainResolutionRequest) (*AddDomainResolutionResponse, error) {\n\treturn c.AddDomainResolutionWithContext(context.Background(), req)\n}\n\nfunc (c *Client) AddDomainResolutionWithContext(ctx context.Context, req *AddDomainResolutionRequest) (*AddDomainResolutionResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/resolution/add\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &AddDomainResolutionResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/gname/api_delete_domain_resolution.go",
"content": "package gname\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype DeleteDomainResolutionRequest struct {\n\tZoneName *string `json:\"ym,omitempty\"`\n\tRecordID *int64 `json:\"jxid,omitempty\"`\n}\n\ntype DeleteDomainResolutionResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) DeleteDomainResolution(req *DeleteDomainResolutionRequest) (*DeleteDomainResolutionResponse, error) {\n\treturn c.DeleteDomainResolutionWithContext(context.Background(), req)\n}\n\nfunc (c *Client) DeleteDomainResolutionWithContext(ctx context.Context, req *DeleteDomainResolutionRequest) (*DeleteDomainResolutionResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/resolution/delete\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DeleteDomainResolutionResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/gname/api_list_domain_resolution.go",
"content": "package gname\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ListDomainResolutionRequest struct {\n\tZoneName *string `json:\"ym,omitempty\"`\n\tPage *int32 `json:\"page,omitempty\"`\n\tPageSize *int32 `json:\"limit,omitempty\"`\n}\n\ntype ListDomainResolutionResponse struct {\n\tsdkResponseBase\n\n\tCount int32 `json:\"count\"`\n\tData []*DomainResolutionRecordord `json:\"data\"`\n\tPage int32 `json:\"page\"`\n\tPageSize int32 `json:\"pagesize\"`\n}\n\nfunc (c *Client) ListDomainResolution(req *ListDomainResolutionRequest) (*ListDomainResolutionResponse, error) {\n\treturn c.ListDomainResolutionWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ListDomainResolutionWithContext(ctx context.Context, req *ListDomainResolutionRequest) (*ListDomainResolutionResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/resolution/list\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListDomainResolutionResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/gname/api_modify_domain_resolution.go",
"content": "package gname\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ModifyDomainResolutionRequest struct {\n\tID *int64 `json:\"jxid,omitempty\"`\n\tZoneName *string `json:\"ym,omitempty\"`\n\tRecordType *string `json:\"lx,omitempty\"`\n\tRecordName *string `json:\"zj,omitempty\"`\n\tRecordValue *string `json:\"jlz,omitempty\"`\n\tMX *int32 `json:\"mx,omitempty\"`\n\tTTL *int32 `json:\"ttl,omitempty\"`\n}\n\ntype ModifyDomainResolutionResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) ModifyDomainResolution(req *ModifyDomainResolutionRequest) (*ModifyDomainResolutionResponse, error) {\n\treturn c.ModifyDomainResolutionWithContext(context.Background(), req)\n}\n\nfunc (c *Client) ModifyDomainResolutionWithContext(ctx context.Context, req *ModifyDomainResolutionRequest) (*ModifyDomainResolutionResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/resolution/edit\", req)\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ModifyDomainResolutionResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/gname/client.go",
"content": "package gname\n\nimport (\n\t\"crypto/md5\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"sort\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tappId string\n\tappKey string\n\n\tclient *resty.Client\n}\n\nfunc NewClient(appId, appKey string) (*Client, error) {\n\tif appId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset appId\")\n\t}\n\tif appKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset appKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.gname.com\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/x-www-form-urlencoded\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{\n\t\tappId: appId,\n\t\tappKey: appKey,\n\t\tclient: client,\n\t}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string, params any) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\tdata := make(map[string]string)\n\tif params != nil {\n\t\ttemp := make(map[string]any)\n\t\tjsonb, _ := json.Marshal(params)\n\t\tjson.Unmarshal(jsonb, &temp)\n\t\tfor k, v := range temp {\n\t\t\tif v == nil {\n\t\t\t\tcontinue\n\t\t\t}\n\n\t\t\tdata[k] = fmt.Sprintf(\"%v\", v)\n\t\t}\n\t}\n\n\tdata[\"appid\"] = c.appId\n\tdata[\"gntime\"] = fmt.Sprintf(\"%d\", time.Now().Unix())\n\tdata[\"gntoken\"] = generateSignature(data, c.appKey)\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treq.SetFormData(data)\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetBody` or `req.SetFormData` HERE! USE `newRequest` INSTEAD.\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 1 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc generateSignature(params map[string]string, appKey string) string {\n\t// Step 1: Sort parameters by ASCII order\n\tvar keys []string\n\tfor k := range params {\n\t\tkeys = append(keys, k)\n\t}\n\tsort.Strings(keys)\n\n\t// Step 2: Create string A with URL-encoded values\n\tvar pairs []string\n\tfor _, k := range keys {\n\t\tencodedValue := url.QueryEscape(params[k])\n\t\tpairs = append(pairs, fmt.Sprintf(\"%s=%s\", k, encodedValue))\n\t}\n\tstringA := strings.Join(pairs, \"&\")\n\n\t// Step 3: Append appkey to create string B\n\tstringB := stringA + appKey\n\n\t// Step 4: Calculate MD5 and convert to uppercase\n\thash := md5.Sum([]byte(stringB))\n\treturn strings.ToUpper(fmt.Sprintf(\"%x\", hash))\n}\n"
},
{
"path": "pkg/sdk3rd/gname/types.go",
"content": "package gname\n\nimport \"encoding/json\"\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode int `json:\"code\"`\n\tMessage string `json:\"msg\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\treturn r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\treturn r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DomainResolutionRecordord struct {\n\tID json.Number `json:\"id\"`\n\tZoneName string `json:\"ym\"`\n\tRecordType string `json:\"lx\"`\n\tRecordName string `json:\"zjt\"`\n\tRecordValue string `json:\"jxz\"`\n\tMX int32 `json:\"mx\"`\n}\n"
},
{
"path": "pkg/sdk3rd/goedge/api_update_ssl_cert.go",
"content": "package goedge\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateSSLCertRequest struct {\n\tSSLCertId int64 `json:\"sslCertId\"`\n\tIsOn bool `json:\"isOn\"`\n\tName string `json:\"name\"`\n\tDescription string `json:\"description\"`\n\tServerName string `json:\"serverName\"`\n\tIsCA bool `json:\"isCA\"`\n\tCertData string `json:\"certData\"`\n\tKeyData string `json:\"keyData\"`\n\tTimeBeginAt int64 `json:\"timeBeginAt\"`\n\tTimeEndAt int64 `json:\"timeEndAt\"`\n\tDNSNames []string `json:\"dnsNames\"`\n\tCommonNames []string `json:\"commonNames\"`\n}\n\ntype UpdateSSLCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateSSLCert(req *UpdateSSLCertRequest) (*UpdateSSLCertResponse, error) {\n\treturn c.UpdateSSLCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateSSLCertWithContext(ctx context.Context, req *UpdateSSLCertRequest) (*UpdateSSLCertResponse, error) {\n\tif err := c.ensureAccessTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/SSLCertService/updateSSLCert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateSSLCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/goedge/client.go",
"content": "package goedge\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tapiRole string\n\taccessKeyId string\n\taccessKey string\n\n\taccessToken string\n\taccessTokenExp time.Time\n\taccessTokenMtx sync.Mutex\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiRole, accessKeyId, accessKey string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiRole == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiRole\")\n\t}\n\tif apiRole != \"user\" && apiRole != \"admin\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid apiRole\")\n\t}\n\tif accessKeyId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKeyId\")\n\t}\n\tif accessKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKey\")\n\t}\n\n\tclient := &Client{\n\t\tapiRole: apiRole,\n\t\taccessKeyId: accessKeyId,\n\t\taccessKey: accessKey,\n\t}\n\tclient.client = resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")).\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.accessToken != \"\" {\n\t\t\t\treq.Header.Set(\"X-Edge-Access-Token\", client.accessToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 200 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) ensureAccessTokenExists() error {\n\tc.accessTokenMtx.Lock()\n\tdefer c.accessTokenMtx.Unlock()\n\tif c.accessToken != \"\" && c.accessTokenExp.After(time.Now()) {\n\t\treturn nil\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/APIAccessTokenService/getAPIAccessToken\")\n\tif err != nil {\n\t\treturn err\n\t} else {\n\t\thttpreq.SetBody(map[string]string{\n\t\t\t\"type\": c.apiRole,\n\t\t\t\"accessKeyId\": c.accessKeyId,\n\t\t\t\"accessKey\": c.accessKey,\n\t\t})\n\t}\n\n\ttype getAPIAccessTokenResponse struct {\n\t\tsdkResponseBase\n\t\tData *struct {\n\t\t\tToken string `json:\"token\"`\n\t\t\tExpiresAt int64 `json:\"expiresAt\"`\n\t\t} `json:\"data,omitempty\"`\n\t}\n\n\tresult := &getAPIAccessTokenResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn err\n\t} else if code := result.GetCode(); code != 200 {\n\t\treturn fmt.Errorf(\"sdkerr: failed to get goedge access token: code='%d', message='%s'\", code, result.GetMessage())\n\t} else {\n\t\tc.accessToken = result.Data.Token\n\t\tc.accessTokenExp = time.Unix(result.Data.ExpiresAt, 0)\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/goedge/types.go",
"content": "package goedge\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode int `json:\"code\"`\n\tMessage string `json:\"message\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\treturn r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\treturn r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/lecdn/v3/client/api_update_certificate.go",
"content": "package client\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype UpdateCertificateRequest struct {\n\tName string `json:\"name\"`\n\tDescription string `json:\"description\"`\n\tType string `json:\"type\"`\n\tSSLPEM string `json:\"ssl_pem\"`\n\tSSLKey string `json:\"ssl_key\"`\n\tAutoRenewal bool `json:\"auto_renewal\"`\n}\n\ntype UpdateCertificateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateCertificate(certId int64, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\treturn c.UpdateCertificateWithContext(context.Background(), certId, req)\n}\n\nfunc (c *Client) UpdateCertificateWithContext(ctx context.Context, certId int64, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\tif certId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certId\")\n\t}\n\n\tif err := c.ensureAccessTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/certificate/%d\", certId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/lecdn/v3/client/client.go",
"content": "package client\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tusername string\n\tpassword string\n\n\taccessToken string\n\taccessTokenMtx sync.Mutex\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, username, password string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif username == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset username\")\n\t}\n\tif password == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset password\")\n\t}\n\n\tclient := &Client{\n\t\tusername: username,\n\t\tpassword: password,\n\t}\n\tclient.client = resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/prod-api\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.accessToken != \"\" {\n\t\t\t\treq.Header.Set(\"Authorization\", \"Bearer \"+client.accessToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 200 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) ensureAccessTokenExists() error {\n\tc.accessTokenMtx.Lock()\n\tdefer c.accessTokenMtx.Unlock()\n\tif c.accessToken != \"\" {\n\t\treturn nil\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/auth/login\")\n\tif err != nil {\n\t\treturn err\n\t} else {\n\t\thttpreq.SetBody(map[string]string{\n\t\t\t\"email\": c.username,\n\t\t\t\"username\": c.username,\n\t\t\t\"password\": c.password,\n\t\t})\n\t}\n\n\ttype loginResponse struct {\n\t\tsdkResponseBase\n\t\tData *struct {\n\t\t\tUserId int64 `json:\"user_id\"`\n\t\t\tUsername string `json:\"username\"`\n\t\t\tToken string `json:\"token\"`\n\t\t} `json:\"data,omitempty\"`\n\t}\n\n\tresult := &loginResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn err\n\t} else {\n\t\tc.accessToken = result.Data.Token\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/lecdn/v3/client/types.go",
"content": "package client\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode int `json:\"code\"`\n\tMessage string `json:\"msg\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\treturn r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\treturn r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/lecdn/v3/master/api_update_certificate.go",
"content": "package master\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype UpdateCertificateRequest struct {\n\tClientId int64 `json:\"client_id\"`\n\tName string `json:\"name\"`\n\tDescription string `json:\"description\"`\n\tType string `json:\"type\"`\n\tSSLPEM string `json:\"ssl_pem\"`\n\tSSLKey string `json:\"ssl_key\"`\n\tAutoRenewal bool `json:\"auto_renewal\"`\n}\n\ntype UpdateCertificateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateCertificate(certId int64, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\treturn c.UpdateCertificateWithContext(context.Background(), certId, req)\n}\n\nfunc (c *Client) UpdateCertificateWithContext(ctx context.Context, certId int64, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\tif certId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certId\")\n\t}\n\n\tif err := c.ensureAccessTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/certificate/%d\", certId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/lecdn/v3/master/client.go",
"content": "package master\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tusername string\n\tpassword string\n\n\taccessToken string\n\taccessTokenMtx sync.Mutex\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, username, password string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif username == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset username\")\n\t}\n\tif password == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset password\")\n\t}\n\n\tclient := &Client{\n\t\tusername: username,\n\t\tpassword: password,\n\t}\n\tclient.client = resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/prod-api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.accessToken != \"\" {\n\t\t\t\treq.Header.Set(\"Authorization\", \"Bearer \"+client.accessToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 200 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) ensureAccessTokenExists() error {\n\tc.accessTokenMtx.Lock()\n\tdefer c.accessTokenMtx.Unlock()\n\tif c.accessToken != \"\" {\n\t\treturn nil\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/auth/login\")\n\tif err != nil {\n\t\treturn err\n\t} else {\n\t\thttpreq.SetBody(map[string]string{\n\t\t\t\"username\": c.username,\n\t\t\t\"password\": c.password,\n\t\t})\n\t}\n\n\ttype loginResponse struct {\n\t\tsdkResponseBase\n\t\tData *struct {\n\t\t\tUserId int64 `json:\"user_id\"`\n\t\t\tUsername string `json:\"username\"`\n\t\t\tToken string `json:\"token\"`\n\t\t} `json:\"data,omitempty\"`\n\t}\n\n\tresult := &loginResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn err\n\t} else {\n\t\tc.accessToken = result.Data.Token\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/lecdn/v3/master/types.go",
"content": "package master\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode int `json:\"code\"`\n\tMessage string `json:\"message\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\treturn r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\treturn r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/netlify/api_provision_site_tls_certificate.go",
"content": "package netlify\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype ProvisionSiteTLSCertificateParams struct {\n\tCertificate string `json:\"certificate\"`\n\tCACertificates string `json:\"ca_certificates\"`\n\tKey string `json:\"key\"`\n}\n\ntype ProvisionSiteTLSCertificateResponse struct {\n\tsdkResponseBase\n\tDomains []string `json:\"domains,omitempty\"`\n\tState string `json:\"state,omitempty\"`\n\tExpiresAt string `json:\"expires_at,omitempty\"`\n\tCreatedAt string `json:\"created_at,omitempty\"`\n\tUpdatedAt string `json:\"updated_at,omitempty\"`\n}\n\nfunc (c *Client) ProvisionSiteTLSCertificate(siteId string, req *ProvisionSiteTLSCertificateParams) (*ProvisionSiteTLSCertificateResponse, error) {\n\treturn c.ProvisionSiteTLSCertificateWithContext(context.Background(), siteId, req)\n}\n\nfunc (c *Client) ProvisionSiteTLSCertificateWithContext(ctx context.Context, siteId string, req *ProvisionSiteTLSCertificateParams) (*ProvisionSiteTLSCertificateResponse, error) {\n\tif siteId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset siteId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/sites/%s/ssl\", url.PathEscape(siteId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetQueryParams(map[string]string{\n\t\t\t\"certificate\": req.Certificate,\n\t\t\t\"ca_certificates\": req.CACertificates,\n\t\t\t\"key\": req.Key,\n\t\t})\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ProvisionSiteTLSCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/netlify/client.go",
"content": "package netlify\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(apiToken string) (*Client, error) {\n\tif apiToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.netlify.com/api/v1\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Authorization\", \"Bearer \"+apiToken).\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 0 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/netlify/types.go",
"content": "package netlify\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_create_certificate.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype NginxCreateCertificateRequest struct {\n\tProvider string `json:\"provider\"`\n\tNiceName string `json:\"nice_name\"`\n}\n\ntype NginxCreateCertificateResponse struct {\n\tCertificateRecord\n}\n\nfunc (c *Client) NginxCreateCertificate(req *NginxCreateCertificateRequest) (*NginxCreateCertificateResponse, error) {\n\treturn c.NginxCreateCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) NginxCreateCertificateWithContext(ctx context.Context, req *NginxCreateCertificateRequest) (*NginxCreateCertificateResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/nginx/certificates\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxCreateCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_list_certificates.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype NginxListCertificatesRequest struct {\n\tExpand *string `json:\"expand,omitempty\" url:\"expand,omitempty\"`\n}\n\ntype NginxListCertificatesResponse = []*CertificateRecord\n\nfunc (c *Client) NginxListCertificates(req *NginxListCertificatesRequest) (*NginxListCertificatesResponse, error) {\n\treturn c.NginxListCertificatesWithContext(context.Background(), req)\n}\n\nfunc (c *Client) NginxListCertificatesWithContext(ctx context.Context, req *NginxListCertificatesRequest) (*NginxListCertificatesResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/nginx/certificates\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxListCertificatesResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_list_dead_hosts.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype NginxListDeadHostsRequest struct {\n\tExpand *string `json:\"expand,omitempty\" url:\"expand,omitempty\"`\n}\n\ntype NginxListDeadHostsResponse = []*DeadHostRecord\n\nfunc (c *Client) NginxListDeadHosts(req *NginxListDeadHostsRequest) (*NginxListDeadHostsResponse, error) {\n\treturn c.NginxListDeadHostsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) NginxListDeadHostsWithContext(ctx context.Context, req *NginxListDeadHostsRequest) (*NginxListDeadHostsResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/nginx/dead-hosts\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxListDeadHostsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_list_proxy_hosts.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype NginxListProxyHostsRequest struct {\n\tExpand *string `json:\"expand,omitempty\" url:\"expand,omitempty\"`\n}\n\ntype NginxListProxyHostsResponse = []*ProxyHostRecord\n\nfunc (c *Client) NginxListProxyHosts(req *NginxListProxyHostsRequest) (*NginxListProxyHostsResponse, error) {\n\treturn c.NginxListProxyHostsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) NginxListProxyHostsWithContext(ctx context.Context, req *NginxListProxyHostsRequest) (*NginxListProxyHostsResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/nginx/proxy-hosts\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxListProxyHostsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_list_redirection_hosts.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype NginxListRedirectionHostsRequest struct {\n\tExpand *string `json:\"expand,omitempty\" url:\"expand,omitempty\"`\n}\n\ntype NginxListRedirectionHostsResponse = []*RedirectionHostRecord\n\nfunc (c *Client) NginxListRedirectionHosts(req *NginxListRedirectionHostsRequest) (*NginxListRedirectionHostsResponse, error) {\n\treturn c.NginxListRedirectionHostsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) NginxListRedirectionHostsWithContext(ctx context.Context, req *NginxListRedirectionHostsRequest) (*NginxListRedirectionHostsResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/nginx/redirection-hosts\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxListRedirectionHostsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_list_streams.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype NginxListStreamsRequest struct {\n\tExpand *string `json:\"expand,omitempty\" url:\"expand,omitempty\"`\n}\n\ntype NginxListStreamsResponse = []*StreamHostRecord\n\nfunc (c *Client) NginxListStreams(req *NginxListStreamsRequest) (*NginxListStreamsResponse, error) {\n\treturn c.NginxListStreamsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) NginxListStreamsWithContext(ctx context.Context, req *NginxListStreamsRequest) (*NginxListStreamsResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/nginx/streams\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxListStreamsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_update_dead_host.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype NginxUpdateDeadHostRequest struct {\n\tCertificateId *int64 `json:\"certificate_id,omitempty\"`\n}\n\ntype NginxUpdateDeadHostResponse struct {\n\tDeadHostRecord\n}\n\nfunc (c *Client) NginxUpdateDeadHost(hostId int64, req *NginxUpdateDeadHostRequest) (*NginxUpdateDeadHostResponse, error) {\n\treturn c.NginxUpdateDeadHostWithContext(context.Background(), hostId, req)\n}\n\nfunc (c *Client) NginxUpdateDeadHostWithContext(ctx context.Context, hostId int64, req *NginxUpdateDeadHostRequest) (*NginxUpdateDeadHostResponse, error) {\n\tif hostId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset hostId\")\n\t}\n\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/nginx/dead-hosts/%d\", hostId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxUpdateDeadHostResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_update_proxy_host.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype NginxUpdateProxyHostRequest struct {\n\tCertificateId *int64 `json:\"certificate_id,omitempty\"`\n}\n\ntype NginxUpdateProxyHostResponse struct {\n\tProxyHostRecord\n}\n\nfunc (c *Client) NginxUpdateProxyHost(hostId int64, req *NginxUpdateProxyHostRequest) (*NginxUpdateProxyHostResponse, error) {\n\treturn c.NginxUpdateProxyHostWithContext(context.Background(), hostId, req)\n}\n\nfunc (c *Client) NginxUpdateProxyHostWithContext(ctx context.Context, hostId int64, req *NginxUpdateProxyHostRequest) (*NginxUpdateProxyHostResponse, error) {\n\tif hostId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset hostId\")\n\t}\n\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/nginx/proxy-hosts/%d\", hostId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxUpdateProxyHostResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_update_redirection_host.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype NginxUpdateRedirectionHostRequest struct {\n\tCertificateId *int64 `json:\"certificate_id,omitempty\"`\n}\n\ntype NginxUpdateRedirectionHostResponse struct {\n\tRedirectionHostRecord\n}\n\nfunc (c *Client) NginxUpdateRedirectionHost(hostId int64, req *NginxUpdateRedirectionHostRequest) (*NginxUpdateRedirectionHostResponse, error) {\n\treturn c.NginxUpdateRedirectionHostWithContext(context.Background(), hostId, req)\n}\n\nfunc (c *Client) NginxUpdateRedirectionHostWithContext(ctx context.Context, hostId int64, req *NginxUpdateRedirectionHostRequest) (*NginxUpdateRedirectionHostResponse, error) {\n\tif hostId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset hostId\")\n\t}\n\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/nginx/redirection-hosts/%d\", hostId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxUpdateRedirectionHostResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_update_stream.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype NginxUpdateStreamRequest struct {\n\tCertificateId *int64 `json:\"certificate_id,omitempty\"`\n}\n\ntype NginxUpdateStreamResponse struct {\n\tStreamHostRecord\n}\n\nfunc (c *Client) NginxUpdateStream(hostId int64, req *NginxUpdateStreamRequest) (*NginxUpdateStreamResponse, error) {\n\treturn c.NginxUpdateStreamWithContext(context.Background(), hostId, req)\n}\n\nfunc (c *Client) NginxUpdateStreamWithContext(ctx context.Context, hostId int64, req *NginxUpdateStreamRequest) (*NginxUpdateStreamResponse, error) {\n\tif hostId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset hostId\")\n\t}\n\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/nginx/streams/%d\", hostId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxUpdateStreamResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_nginx_upload_certificate.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"strings\"\n)\n\ntype NginxUploadCertificateRequest struct {\n\tCertificateMeta\n}\n\ntype NginxUploadCertificateResponse struct {\n\tCertificateMeta\n}\n\nfunc (c *Client) NginxUploadCertificate(certId int64, req *NginxUploadCertificateRequest) (*NginxUploadCertificateResponse, error) {\n\treturn c.NginxUploadCertificateWithContext(context.Background(), certId, req)\n}\n\nfunc (c *Client) NginxUploadCertificateWithContext(ctx context.Context, certId int64, req *NginxUploadCertificateRequest) (*NginxUploadCertificateResponse, error) {\n\tif certId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certId\")\n\t}\n\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/nginx/certificates/%d/upload\", certId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetFileReader(\"certificate\", \"certificate.pem\", strings.NewReader(req.Certificate))\n\t\thttpreq.SetFileReader(\"certificate_key\", \"privkey.pem\", strings.NewReader(req.CertificateKey))\n\t\thttpreq.SetFileReader(\"intermediate_certificate\", \"cabundle.pem\", strings.NewReader(req.IntermediateCertificate))\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &NginxUploadCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_settings_get_default_site.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SettingsGetDefaultSiteRequest struct{}\n\ntype SettingsGetDefaultSiteResponse struct {\n\tId string `json:\"id\"`\n\tName string `json:\"name\"`\n\tDescription string `json:\"description\"`\n\tValue string `json:\"value\"`\n\tMeta struct {\n\t\tRedirect string `json:\"redirect\"`\n\t\tHtml string `json:\"urhtmll\"`\n\t} `json:\"meta\"`\n}\n\nfunc (c *Client) SettingsGetDefaultSite(req *SettingsGetDefaultSiteRequest) (*SettingsGetDefaultSiteResponse, error) {\n\treturn c.SettingsGetDefaultSiteWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SettingsGetDefaultSiteWithContext(ctx context.Context, req *SettingsGetDefaultSiteRequest) (*SettingsGetDefaultSiteResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/settings/default-site\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SettingsGetDefaultSiteResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/api_settings_set_default_site.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SettingsSetDefaultSiteRequest struct {\n\tValue string `json:\"value\"`\n\tMeta struct {\n\t\tRedirect string `json:\"redirect\"`\n\t\tHtml string `json:\"html\"`\n\t} `json:\"meta\"`\n}\n\ntype SettingsSetDefaultSiteResponse struct{}\n\nfunc (c *Client) SettingsSetDefaultSite(req *SettingsSetDefaultSiteRequest) (*SettingsSetDefaultSiteResponse, error) {\n\treturn c.SettingsSetDefaultSiteWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SettingsSetDefaultSiteWithContext(ctx context.Context, req *SettingsSetDefaultSiteRequest) (*SettingsSetDefaultSiteResponse, error) {\n\tif err := c.ensureJwtTokenExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, \"/settings/default-site\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SettingsSetDefaultSiteResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/client.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tidentity string\n\tsecret string\n\n\tjwtToken string\n\tjwtTokenMtx sync.Mutex\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, identity, secret string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif identity == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset identity\")\n\t}\n\tif secret == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset secret\")\n\t}\n\n\tclient := &Client{\n\t\tidentity: identity,\n\t\tsecret: secret,\n\t}\n\tclient.client = resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.jwtToken != \"\" {\n\t\t\t\treq.Header.Set(\"Authorization\", \"Bearer \"+client.jwtToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc NewClientWithJwtToken(serverUrl, jwtToken string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif jwtToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset jwtToken\")\n\t}\n\n\tclient := &Client{\n\t\tjwtToken: jwtToken,\n\t}\n\tclient.client = resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.jwtToken != \"\" {\n\t\t\t\treq.Header.Set(\"Authorization\", \"Bearer \"+client.jwtToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res interface{}) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tvar errRes *sdkResponseBase\n\t\tif err := json.Unmarshal(resp.Body(), &errRes); err == nil {\n\t\t\tif terror := errRes.GetError(); terror != \"\" {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: error='%s'\", terror)\n\t\t\t}\n\t\t}\n\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) ensureJwtTokenExists() error {\n\tc.jwtTokenMtx.Lock()\n\tdefer c.jwtTokenMtx.Unlock()\n\tif c.jwtToken != \"\" {\n\t\treturn nil\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/tokens\")\n\tif err != nil {\n\t\treturn err\n\t} else {\n\t\thttpreq.SetBody(map[string]string{\n\t\t\t\"identity\": c.identity,\n\t\t\t\"secret\": c.secret,\n\t\t})\n\t}\n\n\ttype tokensResponse struct {\n\t\tsdkResponseBase\n\t\tToken string `json:\"token\"`\n\t\tExpires string `json:\"expires\"`\n\t}\n\n\tresult := &tokensResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn err\n\t} else if terror := result.GetError(); terror != \"\" {\n\t\treturn fmt.Errorf(\"sdkerr: failed to create npm token: error='%s'\", terror)\n\t} else {\n\t\tc.jwtToken = result.Token\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/nginxproxymanager/types.go",
"content": "package nginxproxymanager\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n)\n\ntype sdkResponse interface {\n\tGetError() string\n}\n\ntype sdkResponseBase struct {\n\tError json.RawMessage `json:\"error\"`\n}\n\nfunc (r *sdkResponseBase) GetError() string {\n\tif len(r.Error) == 0 {\n\t\treturn \"\"\n\t}\n\n\tvar errStr string\n\tif err := json.Unmarshal(r.Error, &errStr); err == nil {\n\t\treturn errStr\n\t}\n\n\ttype errObjType struct {\n\t\tCode int `json:\"code\"`\n\t\tMessage string `json:\"message\"`\n\t}\n\tvar errObj errObjType\n\tif err := json.Unmarshal(r.Error, &errObj); err == nil && errObj.Message != \"\" {\n\t\tif errObj.Code != 0 {\n\t\t\treturn fmt.Sprintf(\"%d %s\", errObj.Code, errObj.Message)\n\t\t}\n\t\treturn errObj.Message\n\t}\n\n\tvar errMap map[string]interface{}\n\tif err := json.Unmarshal(r.Error, &errMap); err == nil {\n\t\tif message, ok := errMap[\"message\"].(string); ok {\n\t\t\treturn message\n\t\t}\n\t}\n\n\treturn \"\"\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype CertificateRecord struct {\n\tId int64 `json:\"id\"`\n\tCreatedOn string `json:\"created_on\"`\n\tModifiedOn string `json:\"modified_on\"`\n\tProvider string `json:\"provider\"`\n\tNiceName string `json:\"nice_name\"`\n\tDomainNames []string `json:\"domain_names\"`\n\tExpiresOn string `json:\"expires_on\"`\n\tMeta CertificateMeta `json:\"meta\"`\n}\n\ntype CertificateMeta struct {\n\tCertificate string `json:\"certificate\"`\n\tCertificateKey string `json:\"certificate_key\"`\n\tIntermediateCertificate string `json:\"intermediate_certificate\"`\n}\n\ntype HostRecord struct {\n\tId int64 `json:\"id\"`\n\tCreatedOn string `json:\"created_on\"`\n\tModifiedOn string `json:\"modified_on\"`\n\tDomainNames []string `json:\"domain_names\"`\n\tCertificateId int64 `json:\"certificate_id\"`\n\tMeta HostMeta `json:\"meta\"`\n\tEnabled bool `json:\"enabled\"`\n}\n\ntype HostMeta struct {\n\tNginxOnline bool `json:\"nginx_online\"`\n\tNginxErr any `json:\"nginx_err\"`\n}\n\ntype ProxyHostRecord struct {\n\tHostRecord\n\tForwardScheme string `json:\"forward_scheme\"`\n\tForwardHost string `json:\"forward_host\"`\n\tForwardPort int32 `json:\"forward_port\"`\n\tSslForced bool `json:\"ssl_forced\"`\n\tHttp2Support bool `json:\"http2_support\"`\n\tHstsEnabled bool `json:\"hsts_enabled\"`\n\tHstsSubdomains bool `json:\"hsts_subdomains\"`\n}\n\ntype RedirectionHostRecord struct {\n\tHostRecord\n\tForwardScheme string `json:\"forward_scheme\"`\n\tForwardDomainName string `json:\"forward_domain_name\"`\n\tForwardHttpCode int32 `json:\"forward_http_code\"`\n\tSslForced bool `json:\"ssl_forced\"`\n\tHttp2Support bool `json:\"http2_support\"`\n\tHstsEnabled bool `json:\"hsts_enabled\"`\n\tHstsSubdomains bool `json:\"hsts_subdomains\"`\n}\n\ntype StreamHostRecord struct {\n\tHostRecord\n\tForwardingHost string `json:\"forwarding_host\"`\n\tForwardingPort int32 `json:\"forwarding_port\"`\n\tIncomingPort int32 `json:\"incoming_port\"`\n\tTcpForwarding bool `json:\"tcp_forwarding\"`\n\tUdpForwarding bool `json:\"udp_forwarding\"`\n}\n\ntype DeadHostRecord struct {\n\tHostRecord\n\tSslForced bool `json:\"ssl_forced\"`\n\tHttp2Support bool `json:\"http2_support\"`\n\tHstsEnabled bool `json:\"hsts_enabled\"`\n\tHstsSubdomains bool `json:\"hsts_subdomains\"`\n}\n"
},
{
"path": "pkg/sdk3rd/qingcloud/dns/api_create_record.go",
"content": "package dns\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateRecordRequest struct {\n\tZoneName *string `json:\"zone_name,omitempty\"`\n\tDomainName *string `json:\"domain_name,omitempty\"`\n\tViewId *int32 `json:\"view_id,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tRecords []*CreateRecordRequestRecord `json:\"record,omitempty\"`\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\tMode *int32 `json:\"mode,omitempty\"`\n\tAutoMerge *int32 `json:\"auto_merge,omitempty\"`\n}\n\ntype CreateRecordRequestRecord struct {\n\tValues []*CreateRecordRequestRecordValue `json:\"values,omitempty\"`\n\tWeight *int32 `json:\"weight,omitempty\"`\n}\n\ntype CreateRecordRequestRecordValue struct {\n\tValue *string `json:\"value,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\"`\n}\n\ntype CreateRecordResponse struct {\n\tsdkResponseBase\n\tDomainName *string `json:\"domain_name,omitempty\"`\n\tDomainRecordId *int64 `json:\"domain_record_id,omitempty\"`\n\tViewId *int64 `json:\"view_id,omitempty\"`\n\tRecords []*CreateRecordResponseRecord `json:\"records,omitempty\"`\n}\n\ntype CreateRecordResponseRecord struct {\n\tGroupId *int64 `json:\"group_id,omitempty\"`\n\tGroupStatus *int32 `json:\"group_status,omitempty\"`\n\tValues []*CreateRecordResponseRecordValue `json:\"value,omitempty\"`\n\tWeight *int32 `json:\"weight,omitempty\"`\n}\n\ntype CreateRecordResponseRecordValue struct {\n\tValueId *int64 `json:\"id,omitempty\"`\n\tValue *string `json:\"value,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\"`\n}\n\nfunc (c *Client) CreateRecord(req *CreateRecordRequest) (*CreateRecordResponse, error) {\n\treturn c.CreateRecordWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateRecordWithContext(ctx context.Context, req *CreateRecordRequest) (*CreateRecordResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/record/\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/qingcloud/dns/api_delete_record.go",
"content": "package dns\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype DeleteRecordResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) DeleteRecord(recordIds []*int64) (*DeleteRecordResponse, error) {\n\treturn c.DeleteRecordWithContext(context.Background(), recordIds)\n}\n\nfunc (c *Client) DeleteRecordWithContext(ctx context.Context, recordIds []*int64) (*DeleteRecordResponse, error) {\n\tif len(recordIds) == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset recordIds\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/v1/change_record_status/\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(map[string]any{\n\t\t\t\"ids\": recordIds,\n\t\t\t\"action\": \"delete\",\n\t\t\t\"target\": \"record\",\n\t\t})\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DeleteRecordResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/qingcloud/dns/client.go",
"content": "package dns\n\nimport (\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"encoding/base64\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(accessKeyId, secretAccessKey string) (*Client, error) {\n\tif accessKeyId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKeyId\")\n\t}\n\tif secretAccessKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset secretAccessKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"http://api.routewize.com\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"Host\", \"api.routewize.com\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\t// 生成时间\n\t\t\tdate := time.Now().UTC().Format(time.RFC1123)\n\n\t\t\t// 获取请求谓词\n\t\t\tverb := req.Method\n\n\t\t\t// 获取访问资源\n\t\t\tcanonicalizedResource := \"/\"\n\t\t\tif req.URL != nil {\n\t\t\t\tcanonicalizedResource = req.URL.Path\n\t\t\t\tif req.URL.RawQuery != \"\" {\n\t\t\t\t\tvalues, _ := url.ParseQuery(req.URL.RawQuery)\n\t\t\t\t\tcanonicalizedResource += \"?\" + values.Encode()\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 计算签名\n\t\t\tstringToSign := verb + \"\\n\" +\n\t\t\t\tdate + \"\\n\" +\n\t\t\t\tcanonicalizedResource\n\t\t\th := hmac.New(sha256.New, []byte(secretAccessKey))\n\t\t\th.Write([]byte(stringToSign))\n\t\t\tsign := base64.StdEncoding.EncodeToString(h.Sum(nil))\n\n\t\t\t// 设置请求头\n\t\t\treq.Header.Set(\"Date\", date)\n\t\t\treq.Header.Set(\"Authorization\", fmt.Sprintf(\"QC-HMAC-SHA256 %s:%s\", accessKeyId, sign))\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != 0 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/qingcloud/dns/types.go",
"content": "package dns\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype DnsRecord struct {\n\tGroupId *int64 `json:\"group_id,omitempty\"`\n\tGroupStatus *int32 `json:\"group_status,omitempty\"`\n\tValue []*DnsRecordValue `json:\"value,omitempty\"`\n\tWeight *int32 `json:\"weight,omitempty\"`\n}\n\ntype DnsRecordValue struct {\n\tId *int64 `json:\"id,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tValue *string `json:\"value,omitempty\"`\n\tLine *string `json:\"line,omitempty\"`\n\tTtl *int32 `json:\"ttl,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/qiniu/auth.go",
"content": "package qiniu\n\nimport (\n\t\"net/http\"\n\n\t\"github.com/qiniu/go-sdk/v7/auth\"\n\t\"github.com/qiniu/go-sdk/v7/client\"\n)\n\ntype transport struct {\n\thttp.RoundTripper\n\tmac *auth.Credentials\n}\n\nfunc newTransport(mac *auth.Credentials, tr http.RoundTripper) *transport {\n\tif tr == nil {\n\t\ttr = client.DefaultTransport\n\t}\n\treturn &transport{tr, mac}\n}\n\nfunc (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {\n\ttoken, err := t.mac.SignRequestV2(req)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treq.Header.Set(\"Authorization\", \"Qiniu \"+token)\n\treturn t.RoundTripper.RoundTrip(req)\n}\n"
},
{
"path": "pkg/sdk3rd/qiniu/cdn.go",
"content": "package qiniu\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\n\t\"github.com/qiniu/go-sdk/v7/auth\"\n\t\"github.com/qiniu/go-sdk/v7/client\"\n)\n\ntype CdnManager struct {\n\tclient *client.Client\n}\n\nfunc NewCdnManager(mac *auth.Credentials) *CdnManager {\n\tif mac == nil {\n\t\tmac = auth.Default()\n\t}\n\n\tclient := &client.Client{Client: &http.Client{Transport: newTransport(mac, nil)}}\n\treturn &CdnManager{client: client}\n}\n\ntype GetDomainListResponse struct {\n\tCode *int `json:\"code,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tMarker string `json:\"marker\"`\n\tDomains []*struct {\n\t\tName string `json:\"name\"`\n\t\tType string `json:\"type\"`\n\t\tCName string `json:\"cname\"`\n\t\tOperatingState string `json:\"operatingState\"`\n\t\tOperatingStateDesc string `json:\"operatingStateDesc\"`\n\t\tCreateAt string `json:\"createAt\"`\n\t\tModifyAt string `json:\"modifyAt\"`\n\t} `json:\"domains\"`\n}\n\nfunc (m *CdnManager) GetDomainList(ctx context.Context, marker string, limit int) (*GetDomainListResponse, error) {\n\tquery := url.Values{}\n\tif marker != \"\" {\n\t\tquery.Set(\"marker\", marker)\n\t}\n\tif limit > 0 {\n\t\tquery.Set(\"limit\", fmt.Sprintf(\"%d\", limit))\n\t}\n\n\tresp := new(GetDomainListResponse)\n\tif err := m.client.Call(ctx, resp, http.MethodGet, urlf(\"domain?%s\", query.Encode()), nil); err != nil {\n\t\treturn nil, err\n\t}\n\treturn resp, nil\n}\n\ntype GetDomainInfoResponse struct {\n\tCode *int `json:\"code,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tName string `json:\"name\"`\n\tType string `json:\"type\"`\n\tCName string `json:\"cname\"`\n\tHttps *struct {\n\t\tCertID string `json:\"certId\"`\n\t\tForceHttps bool `json:\"forceHttps\"`\n\t\tHttp2Enable bool `json:\"http2Enable\"`\n\t} `json:\"https\"`\n\tPareDomain string `json:\"pareDomain\"`\n\tOperationType string `json:\"operationType\"`\n\tOperatingState string `json:\"operatingState\"`\n\tOperatingStateDesc string `json:\"operatingStateDesc\"`\n\tCreateAt string `json:\"createAt\"`\n\tModifyAt string `json:\"modifyAt\"`\n}\n\nfunc (m *CdnManager) GetDomainInfo(ctx context.Context, domain string) (*GetDomainInfoResponse, error) {\n\tresp := new(GetDomainInfoResponse)\n\tif err := m.client.Call(ctx, resp, http.MethodGet, urlf(\"domain/%s\", domain), nil); err != nil {\n\t\treturn nil, err\n\t}\n\treturn resp, nil\n}\n\ntype ModifyDomainHttpsConfRequest struct {\n\tCertID string `json:\"certId\"`\n\tForceHttps bool `json:\"forceHttps\"`\n\tHttp2Enable bool `json:\"http2Enable\"`\n}\n\ntype ModifyDomainHttpsConfResponse struct {\n\tCode *int `json:\"code,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n}\n\nfunc (m *CdnManager) ModifyDomainHttpsConf(ctx context.Context, domain string, certId string, forceHttps bool, http2Enable bool) (*ModifyDomainHttpsConfResponse, error) {\n\treq := &ModifyDomainHttpsConfRequest{\n\t\tCertID: certId,\n\t\tForceHttps: forceHttps,\n\t\tHttp2Enable: http2Enable,\n\t}\n\tresp := new(ModifyDomainHttpsConfResponse)\n\tif err := m.client.CallWithJson(ctx, resp, http.MethodPut, urlf(\"domain/%s/httpsconf\", domain), nil, req); err != nil {\n\t\treturn nil, err\n\t}\n\treturn resp, nil\n}\n\ntype EnableDomainHttpsRequest struct {\n\tCertID string `json:\"certId\"`\n\tForceHttps bool `json:\"forceHttps\"`\n\tHttp2Enable bool `json:\"http2Enable\"`\n}\n\ntype EnableDomainHttpsResponse struct {\n\tCode *int `json:\"code,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n}\n\nfunc (m *CdnManager) EnableDomainHttps(ctx context.Context, domain string, certId string, forceHttps bool, http2Enable bool) (*EnableDomainHttpsResponse, error) {\n\treq := &EnableDomainHttpsRequest{\n\t\tCertID: certId,\n\t\tForceHttps: forceHttps,\n\t\tHttp2Enable: http2Enable,\n\t}\n\tresp := new(EnableDomainHttpsResponse)\n\tif err := m.client.CallWithJson(ctx, resp, http.MethodPut, urlf(\"domain/%s/sslize\", domain), nil, req); err != nil {\n\t\treturn nil, err\n\t}\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/qiniu/kodo.go",
"content": "package qiniu\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\t\"github.com/qiniu/go-sdk/v7/auth\"\n\t\"github.com/qiniu/go-sdk/v7/client\"\n)\n\ntype KodoManager struct {\n\tclient *client.Client\n}\n\nfunc NewKodoManager(mac *auth.Credentials) *KodoManager {\n\tif mac == nil {\n\t\tmac = auth.Default()\n\t}\n\n\tclient := &client.Client{Client: &http.Client{Transport: newTransport(mac, nil)}}\n\treturn &KodoManager{client: client}\n}\n\ntype BindBucketCertRequest struct {\n\tCertID string `json:\"certid\"`\n\tDomain string `json:\"domain\"`\n}\n\ntype BindBucketCertResponse struct {\n\tCode *int `json:\"code,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n}\n\nfunc (m *KodoManager) BindBucketCert(ctx context.Context, domain string, certId string) (*BindBucketCertResponse, error) {\n\treq := &BindBucketCertRequest{\n\t\tCertID: certId,\n\t\tDomain: domain,\n\t}\n\tresp := new(BindBucketCertResponse)\n\tif err := m.client.CallWithJson(ctx, resp, http.MethodPut, urlf(\"cert/bind\"), nil, req); err != nil {\n\t\treturn nil, err\n\t}\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/qiniu/sslcert.go",
"content": "package qiniu\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\t\"net/url\"\n\n\t\"github.com/qiniu/go-sdk/v7/auth\"\n\t\"github.com/qiniu/go-sdk/v7/client\"\n)\n\ntype SslCertManager struct {\n\tclient *client.Client\n}\n\nfunc NewSslCertManager(mac *auth.Credentials) *SslCertManager {\n\tif mac == nil {\n\t\tmac = auth.Default()\n\t}\n\n\tclient := &client.Client{Client: &http.Client{Transport: newTransport(mac, nil)}}\n\treturn &SslCertManager{client: client}\n}\n\ntype GetSslCertListResponse struct {\n\tCode *int `json:\"code,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tCerts []*struct {\n\t\tCertID string `json:\"certid\"`\n\t\tName string `json:\"name\"`\n\t\tCommonName string `json:\"common_name\"`\n\t\tDnsNames []string `json:\"dnsnames\"`\n\t\tCreateTime int64 `json:\"create_time\"`\n\t\tNotBefore int64 `json:\"not_before\"`\n\t\tNotAfter int64 `json:\"not_after\"`\n\t\tProductType string `json:\"product_type\"`\n\t\tProductShortName string `json:\"product_short_name,omitempty\"`\n\t\tOrderId string `json:\"orderid,omitempty\"`\n\t\tCertType string `json:\"cert_type\"`\n\t\tEncrypt string `json:\"encrypt\"`\n\t\tEncryptParameter string `json:\"encryptParameter,omitempty\"`\n\t\tEnable bool `json:\"enable\"`\n\t} `json:\"certs\"`\n\tMarker string `json:\"marker\"`\n}\n\nfunc (m *SslCertManager) GetSslCertList(ctx context.Context, marker string, limit int32) (*GetSslCertListResponse, error) {\n\tresp := new(GetSslCertListResponse)\n\tif err := m.client.Call(ctx, resp, http.MethodGet, urlf(\"sslcert?marker=%s&limit=%d\", url.QueryEscape(marker), limit), nil); err != nil {\n\t\treturn nil, err\n\t}\n\treturn resp, nil\n}\n\ntype UploadSslCertRequest struct {\n\tName string `json:\"name\"`\n\tCommonName string `json:\"common_name\"`\n\tCertificate string `json:\"ca\"`\n\tPrivateKey string `json:\"pri\"`\n}\n\ntype UploadSslCertResponse struct {\n\tCode *int `json:\"code,omitempty\"`\n\tError *string `json:\"error,omitempty\"`\n\tCertID string `json:\"certID\"`\n}\n\nfunc (m *SslCertManager) UploadSslCert(ctx context.Context, name string, commonName string, certificate string, privateKey string) (*UploadSslCertResponse, error) {\n\treq := &UploadSslCertRequest{\n\t\tName: name,\n\t\tCommonName: commonName,\n\t\tCertificate: certificate,\n\t\tPrivateKey: privateKey,\n\t}\n\tresp := new(UploadSslCertResponse)\n\tif err := m.client.CallWithJson(ctx, resp, http.MethodPost, urlf(\"sslcert\"), nil, req); err != nil {\n\t\treturn nil, err\n\t}\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/qiniu/util.go",
"content": "package qiniu\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n)\n\nconst qiniuHost = \"https://api.qiniu.com\"\n\nfunc urlf(pathf string, pathargs ...any) string {\n\tpath := fmt.Sprintf(pathf, pathargs...)\n\tpath = strings.TrimPrefix(path, \"/\")\n\treturn qiniuHost + \"/\" + path\n}\n"
},
{
"path": "pkg/sdk3rd/rainyun/api_rcdn_instance_ssl_bind.go",
"content": "package rainyun\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype RcdnInstanceSslBindRequest struct {\n\tCertId int64 `json:\"cert_id\"`\n\tDomains []string `json:\"domains\"`\n}\n\ntype RcdnInstanceSslBindResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) RcdnInstanceSslBind(instanceId int64, req *RcdnInstanceSslBindRequest) (*RcdnInstanceSslBindResponse, error) {\n\treturn c.RcdnInstanceSslBindWithContext(context.Background(), instanceId, req)\n}\n\nfunc (c *Client) RcdnInstanceSslBindWithContext(ctx context.Context, instanceId int64, req *RcdnInstanceSslBindRequest) (*RcdnInstanceSslBindResponse, error) {\n\tif instanceId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset instanceId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/product/rcdn/instance/%d/ssl_bind\", instanceId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &RcdnInstanceSslBindResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/rainyun/api_ssl_center_create.go",
"content": "package rainyun\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SslCenterCreateRequest struct {\n\tCert string `json:\"cert\"`\n\tKey string `json:\"key\"`\n}\n\ntype SslCenterCreateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SslCenterCreate(req *SslCenterCreateRequest) (*SslCenterCreateResponse, error) {\n\treturn c.SslCenterCreateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SslCenterCreateWithContext(ctx context.Context, req *SslCenterCreateRequest) (*SslCenterCreateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/product/sslcenter/\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SslCenterCreateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/rainyun/api_ssl_center_get.go",
"content": "package rainyun\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype SslCenterGetResponse struct {\n\tsdkResponseBase\n\n\tData *SslDetail `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) SslCenterGet(sslId int64) (*SslCenterGetResponse, error) {\n\treturn c.SslCenterGetWithContext(context.Background(), sslId)\n}\n\nfunc (c *Client) SslCenterGetWithContext(ctx context.Context, sslId int64) (*SslCenterGetResponse, error) {\n\tif sslId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset sslId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/product/sslcenter/%d\", sslId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SslCenterGetResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/rainyun/api_ssl_center_list.go",
"content": "package rainyun\n\nimport (\n\t\"context\"\n\t\"encoding/json\"\n\t\"net/http\"\n)\n\ntype SslCenterListFilters struct {\n\tDomain *string `json:\"Domain,omitempty\"`\n}\n\ntype SslCenterListRequest struct {\n\tFilters *SslCenterListFilters `json:\"columnFilters,omitempty\"`\n\tSort []*string `json:\"sort,omitempty\"`\n\tPage *int32 `json:\"page,omitempty\"`\n\tPerPage *int32 `json:\"perPage,omitempty\"`\n}\n\ntype SslCenterListResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tTotalRecords int32 `json:\"TotalRecords\"`\n\t\tRecords []*SslRecord `json:\"Records\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) SslCenterList(req *SslCenterListRequest) (*SslCenterListResponse, error) {\n\treturn c.SslCenterListWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SslCenterListWithContext(ctx context.Context, req *SslCenterListRequest) (*SslCenterListResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/product/sslcenter\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tjsonb, _ := json.Marshal(req)\n\t\thttpreq.SetQueryParam(\"options\", string(jsonb))\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SslCenterListResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/rainyun/api_ssl_center_update.go",
"content": "package rainyun\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype SslCenterUpdateRequest struct {\n\tCert string `json:\"cert\"`\n\tKey string `json:\"key\"`\n}\n\ntype SslCenterUpdateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SslCenterUpdate(certId int64, req *SslCenterUpdateRequest) (*SslCenterUpdateResponse, error) {\n\treturn c.SslCenterUpdateWithContext(context.Background(), certId, req)\n}\n\nfunc (c *Client) SslCenterUpdateWithContext(ctx context.Context, certId int64, req *SslCenterUpdateRequest) (*SslCenterUpdateResponse, error) {\n\tif certId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/product/sslcenter/%d\", certId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SslCenterUpdateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/rainyun/client.go",
"content": "package rainyun\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(apiKey string) (*Client, error) {\n\tif apiKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://api.v2.rainyun.com\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetHeader(\"X-API-Key\", apiKey)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode/100 != 2 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/rainyun/types.go",
"content": "package rainyun\n\ntype sdkResponse interface {\n\tGetCode() int\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *int `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() int {\n\tif r.Code == nil {\n\t\treturn 0\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype SslRecord struct {\n\tID int64 `json:\"ID\"`\n\tUID int64 `json:\"UID\"`\n\tDomain string `json:\"Domain\"`\n\tIssuer string `json:\"Issuer\"`\n\tStartDate int64 `json:\"StartDate\"`\n\tExpireDate int64 `json:\"ExpDate\"`\n\tUploadTime int64 `json:\"UploadTime\"`\n}\n\ntype SslDetail struct {\n\tCert string `json:\"Cert\"`\n\tKey string `json:\"Key\"`\n\tDomain string `json:\"DomainName\"`\n\tIssuer string `json:\"Issuer\"`\n\tStartDate int64 `json:\"StartDate\"`\n\tExpireDate int64 `json:\"ExpDate\"`\n\tRemainDays int64 `json:\"RemainDays\"`\n}\n"
},
{
"path": "pkg/sdk3rd/ratpanel/api_set_cert_update.go",
"content": "package ratpanel\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype CertUpdateRequest struct {\n\tCertId int64 `json:\"id\"`\n\tType string `json:\"type\"`\n\tDomains []string `json:\"domains\"`\n\tCertificate string `json:\"cert\"`\n\tPrivateKey string `json:\"key\"`\n}\n\ntype CertUpdateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) CertUpdate(req *CertUpdateRequest) (*CertUpdateResponse, error) {\n\treturn c.CertUpdateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CertUpdateWithContext(ctx context.Context, req *CertUpdateRequest) (*CertUpdateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/cert/cert/%d\", req.CertId))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CertUpdateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ratpanel/api_set_setting_cert.go",
"content": "package ratpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SetSettingCertRequest struct {\n\tCertificate string `json:\"cert\"`\n\tPrivateKey string `json:\"key\"`\n}\n\ntype SetSettingCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SetSettingCert(req *SetSettingCertRequest) (*SetSettingCertResponse, error) {\n\treturn c.SetSettingCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SetSettingCertWithContext(ctx context.Context, req *SetSettingCertRequest) (*SetSettingCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/setting/cert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SetSettingCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ratpanel/api_set_website_cert.go",
"content": "package ratpanel\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype SetWebsiteCertRequest struct {\n\tSiteName string `json:\"name\"`\n\tCertificate string `json:\"cert\"`\n\tPrivateKey string `json:\"key\"`\n}\n\ntype SetWebsiteCertResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SetWebsiteCert(req *SetWebsiteCertRequest) (*SetWebsiteCertResponse, error) {\n\treturn c.SetWebsiteCertWithContext(context.Background(), req)\n}\n\nfunc (c *Client) SetWebsiteCertWithContext(ctx context.Context, req *SetWebsiteCertRequest) (*SetWebsiteCertResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/website/cert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &SetWebsiteCertResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ratpanel/client.go",
"content": "package ratpanel\n\nimport (\n\t\"bytes\"\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"crypto/tls\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl string, accessTokenId int64, accessToken string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif accessTokenId == 0 {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessTokenId\")\n\t}\n\tif accessToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")+\"/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tvar body []byte\n\t\t\tvar err error\n\n\t\t\tif req.Body != nil {\n\t\t\t\tbody, err = io.ReadAll(req.Body)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\treq.Body = io.NopCloser(bytes.NewReader(body))\n\t\t\t}\n\n\t\t\tcanonicalPath := req.URL.Path\n\t\t\tif !strings.HasPrefix(canonicalPath, \"/api\") {\n\t\t\t\tindex := strings.Index(canonicalPath, \"/api\")\n\t\t\t\tif index != -1 {\n\t\t\t\t\tcanonicalPath = canonicalPath[index:]\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tcanonicalRequest := fmt.Sprintf(\"%s\\n%s\\n%s\\n%s\",\n\t\t\t\treq.Method,\n\t\t\t\tcanonicalPath,\n\t\t\t\treq.URL.Query().Encode(),\n\t\t\t\tsumSha256(string(body)))\n\n\t\t\ttimestamp := time.Now().Unix()\n\t\t\treq.Header.Set(\"X-Timestamp\", fmt.Sprintf(\"%d\", timestamp))\n\n\t\t\tstringToSign := fmt.Sprintf(\"%s\\n%d\\n%s\",\n\t\t\t\t\"HMAC-SHA256\",\n\t\t\t\ttimestamp,\n\t\t\t\tsumSha256(canonicalRequest))\n\t\t\tsignature := sumHmacSha256(stringToSign, accessToken)\n\t\t\treq.Header.Set(\"Authorization\", fmt.Sprintf(\"HMAC-SHA256 Credential=%d, Signature=%s\", accessTokenId, signature))\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tmessage := res.GetMessage(); tmessage != \"success\" {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: message='%s'\", tmessage)\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc sumSha256(str string) string {\n\tsum := sha256.Sum256([]byte(str))\n\tdst := make([]byte, hex.EncodedLen(len(sum)))\n\thex.Encode(dst, sum[:])\n\treturn string(dst)\n}\n\nfunc sumHmacSha256(data string, secret string) string {\n\th := hmac.New(sha256.New, []byte(secret))\n\th.Write([]byte(data))\n\treturn hex.EncodeToString(h.Sum(nil))\n}\n"
},
{
"path": "pkg/sdk3rd/ratpanel/types.go",
"content": "package ratpanel\n\ntype sdkResponse interface {\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tMessage *string `json:\"msg,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/sdk3rd/safeline/api_update_certificate.go",
"content": "package safeline\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateCertificateRequest struct {\n\tId int64 `json:\"id\"`\n\tType int32 `json:\"type\"`\n\tManual *CertificateManul `json:\"manual\"`\n}\n\ntype UpdateCertificateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateCertificate(req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\treturn c.UpdateCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateCertificateWithContext(ctx context.Context, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/open/cert\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/safeline/client.go",
"content": "package safeline\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/url\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl, apiToken string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\tif apiToken == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset apiToken\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")).\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetHeader(\"X-SLCE-API-TOKEN\", apiToken)\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif terrcode := res.GetErrCode(); terrcode != \"\" {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: err='%s', msg='%s'\", terrcode, res.GetErrMsg())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/safeline/types.go",
"content": "package safeline\n\ntype sdkResponse interface {\n\tGetErrCode() string\n\tGetErrMsg() string\n}\n\ntype sdkResponseBase struct {\n\tErrCode *string `json:\"err,omitempty\"`\n\tErrMsg *string `json:\"msg,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetErrCode() string {\n\tif r.ErrCode == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrCode\n}\n\nfunc (r *sdkResponseBase) GetErrMsg() string {\n\tif r.ErrMsg == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.ErrMsg\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype CertificateManul struct {\n\tCrt string `json:\"crt\"`\n\tKey string `json:\"key\"`\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/api_auth_login.go",
"content": "package synologydsm\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype LoginRequest struct {\n\tAccount string `json:\"account\" url:\"account\"`\n\tPassword string `json:\"passwd\" url:\"passwd\"`\n\tOtpCode string `json:\"otp_code,omitempty\" url:\"otp_code,omitempty\"`\n}\n\ntype LoginResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tSid string `json:\"sid\"`\n\t\tSynoToken string `json:\"synotoken\"`\n\t\tDeviceId string `json:\"device_id,omitempty\"`\n\t\tDid string `json:\"did,omitempty\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) Login(req *LoginRequest) (*LoginResponse, error) {\n\tconst AUTH_API_NAME = \"SYNO.API.Auth\"\n\tif c.authApiPath == \"\" || c.authApiVersion == 0 {\n\t\tqueryInfoReq := &QueryAPIInfoRequest{\n\t\t\tQuery: AUTH_API_NAME,\n\t\t}\n\t\tqueryInfoResp, err := c.QueryAPIInfo(queryInfoReq)\n\t\tif err != nil {\n\t\t\treturn nil, fmt.Errorf(\"sdkerr: failed to query API info: %w\", err)\n\t\t} else {\n\t\t\tauthApiInfo, ok := queryInfoResp.Data[AUTH_API_NAME]\n\t\t\tif !ok {\n\t\t\t\treturn nil, fmt.Errorf(\"sdkerr: failed to query API info: \\\"%s\\\" not found\", AUTH_API_NAME)\n\t\t\t}\n\n\t\t\tc.authApiPath = authApiInfo.Path\n\t\t\tc.authApiVersion = authApiInfo.MaxVersion\n\t\t}\n\t}\n\n\tparams := url.Values{\n\t\t\"api\": {AUTH_API_NAME},\n\t\t\"version\": {strconv.Itoa(c.authApiVersion)},\n\t\t\"method\": {\"login\"},\n\t\t\"format\": {\"sid\"},\n\t\t\"enable_syno_token\": {\"yes\"},\n\t\t\"enable_device_token\": {\"yes\"},\n\t\t\"device_name\": {\"Certimate\"},\n\t}\n\n\tvalues, err := qs.Values(req)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tfor k := range values {\n\t\tparams.Set(k, values.Get(k))\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/webapi/%s?%s\", c.authApiPath, params.Encode()))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tresult := &LoginResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\tif result != nil && result.GetErrorCode() > 0 {\n\t\t\terrcode := result.GetErrorCode()\n\t\t\terrdesc := getAuthErrorDescription(errcode)\n\t\t\treturn result, fmt.Errorf(\"sdkerr: code='%d', desc='%s'\", errcode, errdesc)\n\t\t}\n\t\treturn result, err\n\t}\n\n\tif result.Data.Sid == \"\" || result.Data.SynoToken == \"\" {\n\t\treturn result, fmt.Errorf(\"sdkerr: login succeeded but the sid or synotoken is empty\")\n\t}\n\n\tc.synoTokenMtx.Lock()\n\tdefer c.synoTokenMtx.Unlock()\n\tc.sid = result.Data.Sid\n\tc.synoToken = result.Data.SynoToken\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/api_auth_logout.go",
"content": "package synologydsm\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n)\n\ntype LogoutResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) Logout() (*LogoutResponse, error) {\n\tif c.sid == \"\" {\n\t\tresult := &LogoutResponse{}\n\t\tresult.Success = true\n\t\treturn result, nil\n\t}\n\n\tparams := url.Values{\n\t\t\"api\": {\"SYNO.API.Auth\"},\n\t\t\"version\": {strconv.Itoa(c.authApiVersion)},\n\t\t\"method\": {\"logout\"},\n\t\t\"_sid\": {c.sid},\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/webapi/%s?%s\", c.authApiPath, params.Encode()))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tresult := &LogoutResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\tc.synoTokenMtx.Lock()\n\tdefer c.synoTokenMtx.Unlock()\n\tc.sid = \"\"\n\tc.synoToken = \"\"\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/api_core_certificate_crt_list.go",
"content": "package synologydsm\n\nimport (\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype ListCertificatesResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tCertificates []*CertificateInfo `json:\"certificates\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) ListCertificates() (*ListCertificatesResponse, error) {\n\tparams := url.Values{\n\t\t\"api\": {\"SYNO.Core.Certificate.CRT\"},\n\t\t\"method\": {\"list\"},\n\t\t\"version\": {\"1\"},\n\t\t\"_sid\": {c.sid},\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/webapi/entry.cgi\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetHeader(\"Content-Type\", \"application/x-www-form-urlencoded\")\n\t\thttpreq.SetFormDataFromValues(params)\n\t}\n\n\tresult := &ListCertificatesResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/api_core_certificate_import.go",
"content": "package synologydsm\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n)\n\ntype ImportCertificateRequest struct {\n\tID string `json:\"id\" url:\"id\"`\n\tDescription string `json:\"desc\" url:\"desc\"`\n\tKey string `json:\"key\" url:\"key\"`\n\tCert string `json:\"cert\" url:\"cert\"`\n\tInterCert string `json:\"inter_cert\" url:\"inter_cert\"`\n\tAsDefault bool `json:\"as_default\" url:\"as_default\"`\n}\n\ntype ImportCertificateResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tRestartHttpd bool `json:\"restart_httpd\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) ImportCertificate(req *ImportCertificateRequest) (*ImportCertificateResponse, error) {\n\tparams := url.Values{\n\t\t\"api\": {\"SYNO.Core.Certificate\"},\n\t\t\"method\": {\"import\"},\n\t\t\"version\": {\"1\"},\n\t\t\"_sid\": {c.sid},\n\t\t\"SynoToken\": {c.synoToken},\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/webapi/entry.cgi?%s\", params.Encode()))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetMultipartField(\"key\", \"key.pem\", \"text/plain\", strings.NewReader(req.Key))\n\t\thttpreq.SetMultipartField(\"cert\", \"cert.pem\", \"text/plain\", strings.NewReader(req.Cert))\n\t\thttpreq.SetMultipartField(\"inter_cert\", \"chain.pem\", \"text/plain\", strings.NewReader(req.InterCert))\n\t\thttpreq.SetMultipartField(\"id\", \"\", \"\", strings.NewReader(req.ID))\n\t\thttpreq.SetMultipartField(\"desc\", \"\", \"\", strings.NewReader(req.Description))\n\t\tif req.AsDefault {\n\t\t\thttpreq.SetMultipartField(\"as_default\", \"\", \"\", strings.NewReader(\"true\"))\n\t\t}\n\t}\n\n\tresult := &ImportCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/api_core_certificate_service_set.go",
"content": "package synologydsm\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype ServiceCertificateSetting struct {\n\tService *CertificateService `json:\"service\"`\n\tOldCertID string `json:\"old_id\"`\n\tCertID string `json:\"id\"`\n}\n\ntype SetServiceCertificateRequest struct {\n\tSettings []*ServiceCertificateSetting `json:\"settings\"`\n}\n\ntype SetServiceCertificateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) SetServiceCertificate(req *SetServiceCertificateRequest) (*SetServiceCertificateResponse, error) {\n\tbsettings, _ := json.Marshal(req.Settings)\n\tparams := url.Values{\n\t\t\"api\": {\"SYNO.Core.Certificate.Service\"},\n\t\t\"method\": {\"set\"},\n\t\t\"version\": {\"1\"},\n\t\t\"settings\": {string(bsettings)},\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, fmt.Sprintf(\"/webapi/entry.cgi?_sid=%s\", c.sid))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetHeader(\"Content-Type\", \"application/x-www-form-urlencoded\")\n\t\thttpreq.SetFormDataFromValues(params)\n\t}\n\n\tresult := &SetServiceCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/api_info_query.go",
"content": "package synologydsm\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype QueryAPIInfoRequest struct {\n\tQuery string `json:\"query\" url:\"query\"`\n}\n\ntype QueryAPIInfoResponse struct {\n\tsdkResponseBase\n\tData map[string]APIInfo `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) QueryAPIInfo(req *QueryAPIInfoRequest) (*QueryAPIInfoResponse, error) {\n\tparams := url.Values{\n\t\t\"api\": {\"SYNO.API.Info\"},\n\t\t\"version\": {\"1\"},\n\t\t\"method\": {\"query\"},\n\t}\n\n\tvalues, err := qs.Values(req)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\tfor k := range values {\n\t\tparams.Set(k, values.Get(k))\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/webapi/query.cgi?%s\", params.Encode()))\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tresult := &QueryAPIInfoResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/client.go",
"content": "package synologydsm\n\nimport (\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strings\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tauthApiPath string\n\tauthApiVersion int\n\n\tsid string\n\tsynoToken string\n\tsynoTokenMtx sync.Mutex\n\n\tclient *resty.Client\n}\n\nfunc NewClient(serverUrl string) (*Client, error) {\n\tif serverUrl == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset serverUrl\")\n\t}\n\tif _, err := url.Parse(serverUrl); err != nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: invalid serverUrl: %w\", err)\n\t}\n\n\tclient := &Client{}\n\tclient.client = resty.New().\n\t\tSetBaseURL(strings.TrimRight(serverUrl, \"/\")).\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.synoToken != \"\" {\n\t\t\t\treq.Header.Set(\"X-SYNO-TOKEN\", client.synoToken)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) SetTLSConfig(config *tls.Config) *Client {\n\tc.client.SetTLSClientConfig(config)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t} else {\n\t\tif tsuccess := res.GetSuccess(); !tsuccess {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d'\", res.GetErrorCode())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/types.go",
"content": "package synologydsm\n\ntype sdkResponse interface {\n\tGetSuccess() bool\n\tGetErrorCode() int\n}\n\ntype sdkResponseBase struct {\n\tSuccess bool `json:\"success\"`\n\tError *APIError `json:\"error,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetSuccess() bool {\n\treturn r.Success\n}\n\nfunc (r *sdkResponseBase) GetErrorCode() int {\n\tif r.Error == nil {\n\t\tif r.Success {\n\t\t\treturn 0\n\t\t}\n\t\treturn -1\n\t}\n\n\treturn r.Error.Code\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype APIError struct {\n\tCode int `json:\"code,omitempty\"`\n}\n\ntype APIInfo struct {\n\tPath string `json:\"path\"`\n\tMinVersion int `json:\"minVersion\"`\n\tMaxVersion int `json:\"maxVersion\"`\n}\n\ntype CertificateInfo struct {\n\tID string `json:\"id\"`\n\tDescription string `json:\"desc\"`\n\tIsDefault bool `json:\"is_default\"`\n\tIsBroken bool `json:\"is_broken\"`\n\tIssuer struct {\n\t\tCommonName string `json:\"common_name\"`\n\t\tCountry string `json:\"country\"`\n\t\tOrganization string `json:\"organization\"`\n\t} `json:\"issuer\"`\n\tSubject struct {\n\t\tCommonName string `json:\"common_name\"`\n\t\tCountry string `json:\"country\"`\n\t\tOrganization string `json:\"organization\"`\n\t\tSAN []string `json:\"sub_alt_name\"`\n\t} `json:\"subject\"`\n\tValidFrom string `json:\"valid_from\"`\n\tValidTill string `json:\"valid_till\"`\n\tSignatureAlgorithm string `json:\"signature_algorithm\"`\n\tRenewable bool `json:\"renewable\"`\n\tServices []*CertificateService `json:\"services\"`\n}\n\ntype CertificateService struct {\n\tDisplayName string `json:\"display_name\"`\n\tDisplayNameI18N string `json:\"display_name_i18n,omitempty\"`\n\tIsPkg bool `json:\"isPkg\"`\n\tOwner string `json:\"owner\"`\n\tService string `json:\"service\"`\n\tSubscriber string `json:\"subscriber\"`\n}\n"
},
{
"path": "pkg/sdk3rd/synologydsm/utils.go",
"content": "package synologydsm\n\nfunc getAuthErrorDescription(code int) string {\n\tswitch code {\n\tcase 100:\n\t\treturn \"Unknown error\"\n\tcase 101:\n\t\treturn \"Invalid parameters\"\n\tcase 102:\n\t\treturn \"API does not exist\"\n\tcase 103:\n\t\treturn \"Method does not exist\"\n\tcase 104:\n\t\treturn \"This API version is not supported\"\n\tcase 105:\n\t\treturn \"Insufficient user privilege\"\n\tcase 106:\n\t\treturn \"Connection time out\"\n\tcase 107:\n\t\treturn \"Multiple login detected\"\n\tcase 400:\n\t\treturn \"Invalid password or account does not exist\"\n\tcase 401:\n\t\treturn \"Guest or disabled account\"\n\tcase 402:\n\t\treturn \"Permission denied\"\n\tcase 403:\n\t\treturn \"2-factor authentication code required (OTP)\"\n\tcase 404:\n\t\treturn \"Failed to authenticate 2-factor authentication code\"\n\tcase 405:\n\t\treturn \"Server version is too low or not supported\"\n\tcase 406:\n\t\treturn \"2-factor authentication code expired\"\n\tcase 407:\n\t\treturn \"Login failed: IP has been blocked\"\n\tcase 408:\n\t\treturn \"Expired password\"\n\tcase 409:\n\t\treturn \"Password must be changed (password policy)\"\n\tcase 410:\n\t\treturn \"Account locked (too many failed login attempts)\"\n\tdefault:\n\t\treturn \"Unknown authentication error\"\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ucdn/api_get_ucdn_domain_config.go",
"content": "package ucdn\n\nimport (\n\tucloudcdn \"github.com/ucloud/ucloud-sdk-go/services/ucdn\"\n)\n\ntype GetUcdnDomainConfigRequest = ucloudcdn.GetUcdnDomainConfigRequest\n\ntype GetUcdnDomainConfigResponse = ucloudcdn.GetUcdnDomainConfigResponse\n\nfunc (c *UCDNClient) NewGetUcdnDomainConfigRequest() *GetUcdnDomainConfigRequest {\n\treq := &GetUcdnDomainConfigRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UCDNClient) GetUcdnDomainConfig(req *GetUcdnDomainConfigRequest) (*GetUcdnDomainConfigResponse, error) {\n\tvar err error\n\tvar res GetUcdnDomainConfigResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"GetUcdnDomainConfig\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ucdn/api_update_ucdn_domain_https_config_v2.go",
"content": "package ucdn\n\nimport (\n\tucloudcdn \"github.com/ucloud/ucloud-sdk-go/services/ucdn\"\n)\n\ntype UpdateUcdnDomainHttpsConfigV2Request = ucloudcdn.UpdateUcdnDomainHttpsConfigV2Request\n\ntype UpdateUcdnDomainHttpsConfigV2Response = ucloudcdn.UpdateUcdnDomainHttpsConfigV2Response\n\nfunc (c *UCDNClient) NewUpdateUcdnDomainHttpsConfigV2Request() *UpdateUcdnDomainHttpsConfigV2Request {\n\treq := &UpdateUcdnDomainHttpsConfigV2Request{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UCDNClient) UpdateUcdnDomainHttpsConfigV2(req *UpdateUcdnDomainHttpsConfigV2Request) (*UpdateUcdnDomainHttpsConfigV2Response, error) {\n\tvar err error\n\tvar res UpdateUcdnDomainHttpsConfigV2Response\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UpdateUcdnDomainHttpsConfigV2\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ucdn/client.go",
"content": "package ucdn\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n)\n\ntype UCDNClient struct {\n\t*ucloud.Client\n}\n\nfunc NewClient(config *ucloud.Config, credential *auth.Credential) *UCDNClient {\n\tmeta := ucloud.ClientMeta{Product: \"UCDN\"}\n\tclient := ucloud.NewClientWithMeta(config, credential, meta)\n\treturn &UCDNClient{\n\t\tclient,\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ucdn/types.go",
"content": "package ucdn\n\nimport (\n\tucloudcdn \"github.com/ucloud/ucloud-sdk-go/services/ucdn\"\n)\n\ntype DomainConfigInfo = ucloudcdn.DomainConfigInfo\n"
},
{
"path": "pkg/sdk3rd/ucloud/udnr/api_add_domain_dns.go",
"content": "package udnr\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype AddDomainDNSRequest struct {\n\trequest.CommonBase\n\n\tDn *string `required:\"true\"`\n\tDnsType *string `required:\"true\"`\n\tRecordName *string `required:\"true\"`\n\tContent *string `required:\"true\"`\n\tTTL *string `required:\"true\"`\n\tPrio *string `required:\"false\"`\n}\n\ntype AddDomainDNSResponse struct {\n\tresponse.CommonBase\n}\n\nfunc (c *UDNRClient) NewAddDomainDNSRequest() *AddDomainDNSRequest {\n\treq := &AddDomainDNSRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(false)\n\treturn req\n}\n\nfunc (c *UDNRClient) AddDomainDNS(req *AddDomainDNSRequest) (*AddDomainDNSResponse, error) {\n\tvar err error\n\tvar res AddDomainDNSResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UdnrDomainDNSAdd\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/udnr/api_delete_domain_dns.go",
"content": "package udnr\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype DeleteDomainDNSRequest struct {\n\trequest.CommonBase\n\n\tDn *string `required:\"true\"`\n\tDnsType *string `required:\"true\"`\n\tRecordName *string `required:\"true\"`\n\tContent *string `required:\"true\"`\n}\n\ntype DeleteDomainDNSResponse struct {\n\tresponse.CommonBase\n}\n\nfunc (c *UDNRClient) NewDeleteDomainDNSRequest() *DeleteDomainDNSRequest {\n\treq := &DeleteDomainDNSRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UDNRClient) DeleteDomainDNS(req *DeleteDomainDNSRequest) (*DeleteDomainDNSResponse, error) {\n\tvar err error\n\tvar res DeleteDomainDNSResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UdnrDeleteDnsRecord\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/udnr/api_query_domain_dns.go",
"content": "package udnr\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype QueryDomainDNSRequest struct {\n\trequest.CommonBase\n\n\tDn *string `required:\"true\"`\n}\n\ntype QueryDomainDNSResponse struct {\n\tresponse.CommonBase\n\n\tData []DomainDNSRecord\n}\n\nfunc (c *UDNRClient) NewQueryDomainDNSRequest() *QueryDomainDNSRequest {\n\treq := &QueryDomainDNSRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UDNRClient) QueryDomainDNS(req *QueryDomainDNSRequest) (*QueryDomainDNSResponse, error) {\n\tvar err error\n\tvar res QueryDomainDNSResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UdnrDomainDNSQuery\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/udnr/client.go",
"content": "package udnr\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n)\n\ntype UDNRClient struct {\n\t*ucloud.Client\n}\n\nfunc NewClient(config *ucloud.Config, credential *auth.Credential) *UDNRClient {\n\tmeta := ucloud.ClientMeta{Product: \"UDNR\"}\n\tclient := ucloud.NewClientWithMeta(config, credential, meta)\n\treturn &UDNRClient{\n\t\tclient,\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/udnr/types.go",
"content": "package udnr\n\ntype DomainDNSRecord struct {\n\tDnsType string\n\tRecordName string\n\tContent string\n\tTTL string\n\tPrio string\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/uewaf/api_add_waf_domain_certificate_info.go",
"content": "package uewaf\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype AddWafDomainCertificateInfoRequest struct {\n\trequest.CommonBase\n\n\tDomain *string `required:\"true\"`\n\tCertificateName *string `required:\"true\"`\n\tSslPublicKey *string `required:\"true\"`\n\tSslPrivateKey *string `required:\"false\"`\n\tSslMD *string `required:\"false\"`\n\tSslKeyLess *string `required:\"false\"`\n}\n\ntype AddWafDomainCertificateInfoResponse struct {\n\tresponse.CommonBase\n\n\tId int\n}\n\nfunc (c *UEWAFClient) NewAddWafDomainCertificateInfoRequest() *AddWafDomainCertificateInfoRequest {\n\treq := &AddWafDomainCertificateInfoRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UEWAFClient) AddWafDomainCertificateInfo(req *AddWafDomainCertificateInfoRequest) (*AddWafDomainCertificateInfoResponse, error) {\n\tvar err error\n\tvar res AddWafDomainCertificateInfoResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"AddWafDomainCertificateInfo\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/uewaf/client.go",
"content": "package uewaf\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n)\n\ntype UEWAFClient struct {\n\t*ucloud.Client\n}\n\nfunc NewClient(config *ucloud.Config, credential *auth.Credential) *UEWAFClient {\n\tmeta := ucloud.ClientMeta{Product: \"UEWAF\"}\n\tclient := ucloud.NewClientWithMeta(config, credential, meta)\n\treturn &UEWAFClient{\n\t\tclient,\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ufile/api_add_ufile_ssl_cert.go",
"content": "package ufile\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype AddUFileSSLCertRequest struct {\n\trequest.CommonBase\n\n\tBucketName *string `required:\"true\"`\n\tDomain *string `required:\"true\"`\n\tCertificateName *string `required:\"true\"`\n\tUSSLId *string `required:\"false\"`\n}\n\ntype AddUFileSSLCertResponse struct {\n\tresponse.CommonBase\n}\n\nfunc (c *UFileClient) NewAddUFileSSLCertRequest() *AddUFileSSLCertRequest {\n\treq := &AddUFileSSLCertRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UFileClient) AddUFileSSLCert(req *AddUFileSSLCertRequest) (*AddUFileSSLCertResponse, error) {\n\tvar err error\n\tvar res AddUFileSSLCertResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"AddUFileSSLCert\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ufile/client.go",
"content": "package ufile\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n)\n\ntype UFileClient struct {\n\t*ucloud.Client\n}\n\nfunc NewClient(config *ucloud.Config, credential *auth.Credential) *UFileClient {\n\tmeta := ucloud.ClientMeta{Product: \"UFile\"}\n\tclient := ucloud.NewClientWithMeta(config, credential, meta)\n\treturn &UFileClient{\n\t\tclient,\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_add_ssl_binding.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype AddSSLBindingRequest = ucloudlb.AddSSLBindingRequest\n\ntype AddSSLBindingResponse = ucloudlb.AddSSLBindingResponse\n\nfunc (c *ULBClient) NewAddSSLBindingRequest() *AddSSLBindingRequest {\n\treq := &AddSSLBindingRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) AddSSLBinding(req *AddSSLBindingRequest) (*AddSSLBindingResponse, error) {\n\tvar err error\n\tvar res AddSSLBindingResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"AddSSLBinding\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_bind_ssl.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype BindSSLRequest = ucloudlb.BindSSLRequest\n\ntype BindSSLResponse = ucloudlb.BindSSLResponse\n\nfunc (c *ULBClient) NewBindSSLRequest() *BindSSLRequest {\n\treq := &BindSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) BindSSL(req *BindSSLRequest) (*BindSSLResponse, error) {\n\tvar err error\n\tvar res BindSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"BindSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_create_ssl.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype CreateSSLRequest = ucloudlb.CreateSSLRequest\n\ntype CreateSSLResponse = ucloudlb.CreateSSLResponse\n\nfunc (c *ULBClient) NewCreateSSLRequest() *CreateSSLRequest {\n\treq := &CreateSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) CreateSSL(req *CreateSSLRequest) (*CreateSSLResponse, error) {\n\tvar err error\n\tvar res CreateSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"CreateSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_delete_ssl_binding.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype DeleteSSLBindingRequest = ucloudlb.DeleteSSLBindingRequest\n\ntype DeleteSSLBindingResponse = ucloudlb.DeleteSSLBindingResponse\n\nfunc (c *ULBClient) NewDeleteSSLBindingRequest() *DeleteSSLBindingRequest {\n\treq := &DeleteSSLBindingRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) DeleteSSLBinding(req *DeleteSSLBindingRequest) (*DeleteSSLBindingResponse, error) {\n\tvar err error\n\tvar res DeleteSSLBindingResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"DeleteSSLBinding\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_describe_listeners.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype DescribeListenersRequest = ucloudlb.DescribeListenersRequest\n\ntype DescribeListenersResponse = ucloudlb.DescribeListenersResponse\n\nfunc (c *ULBClient) NewDescribeListenersRequest() *DescribeListenersRequest {\n\treq := &DescribeListenersRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) DescribeListeners(req *DescribeListenersRequest) (*DescribeListenersResponse, error) {\n\tvar err error\n\tvar res DescribeListenersResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"DescribeListeners\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_describe_ssl.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype DescribeSSLRequest = ucloudlb.DescribeSSLRequest\n\ntype DescribeSSLResponse = ucloudlb.DescribeSSLResponse\n\nfunc (c *ULBClient) NewDescribeSSLRequest() *DescribeSSLRequest {\n\treq := &DescribeSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) DescribeSSL(req *DescribeSSLRequest) (*DescribeSSLResponse, error) {\n\tvar err error\n\tvar res DescribeSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"DescribeSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_describe_ssl_v2.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype DescribeSSLV2Request = ucloudlb.DescribeSSLV2Request\n\ntype DescribeSSLV2Response = ucloudlb.DescribeSSLV2Response\n\nfunc (c *ULBClient) NewDescribeSSLV2Request() *DescribeSSLV2Request {\n\treq := &DescribeSSLV2Request{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) DescribeSSLV2(req *DescribeSSLV2Request) (*DescribeSSLV2Response, error) {\n\tvar err error\n\tvar res DescribeSSLV2Response\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"DescribeSSLV2\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_describe_vserver.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype DescribeVServerRequest = ucloudlb.DescribeVServerRequest\n\ntype DescribeVServerResponse = ucloudlb.DescribeVServerResponse\n\nfunc (c *ULBClient) NewDescribeVServerRequest() *DescribeVServerRequest {\n\treq := &DescribeVServerRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) DescribeVServer(req *DescribeVServerRequest) (*DescribeVServerResponse, error) {\n\tvar err error\n\tvar res DescribeVServerResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"DescribeVServer\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_unbind_ssl.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype UnbindSSLRequest = ucloudlb.UnbindSSLRequest\n\ntype UnbindSSLResponse = ucloudlb.UnbindSSLResponse\n\nfunc (c *ULBClient) NewUnbindSSLRequest() *UnbindSSLRequest {\n\treq := &UnbindSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) UnbindSSL(req *UnbindSSLRequest) (*UnbindSSLResponse, error) {\n\tvar err error\n\tvar res UnbindSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UnbindSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/api_update_listener_attribute.go",
"content": "package ulb\n\nimport (\n\tucloudlb \"github.com/ucloud/ucloud-sdk-go/services/ulb\"\n)\n\ntype UpdateListenerAttributeRequest = ucloudlb.UpdateListenerAttributeRequest\n\ntype UpdateListenerAttributeResponse = ucloudlb.UpdateListenerAttributeResponse\n\nfunc (c *ULBClient) NewUpdateListenerAttributeRequest() *UpdateListenerAttributeRequest {\n\treq := &UpdateListenerAttributeRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *ULBClient) UpdateListenerAttribute(req *UpdateListenerAttributeRequest) (*UpdateListenerAttributeResponse, error) {\n\tvar err error\n\tvar res UpdateListenerAttributeResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UpdateListenerAttribute\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ulb/client.go",
"content": "package ulb\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n)\n\ntype ULBClient struct {\n\t*ucloud.Client\n}\n\nfunc NewClient(config *ucloud.Config, credential *auth.Credential) *ULBClient {\n\tmeta := ucloud.ClientMeta{Product: \"ULB\"}\n\tclient := ucloud.NewClientWithMeta(config, credential, meta)\n\treturn &ULBClient{\n\t\tclient,\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/upathx/api_bind_pathx_ssl.go",
"content": "package upathx\n\nimport (\n\tucloudpathx \"github.com/ucloud/ucloud-sdk-go/services/pathx\"\n)\n\ntype BindPathXSSLRequest = ucloudpathx.BindPathXSSLRequest\n\ntype BindPathXSSLResponse = ucloudpathx.BindPathXSSLResponse\n\nfunc (c *UPathXClient) NewBindPathXSSLRequest() *BindPathXSSLRequest {\n\treq := &BindPathXSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UPathXClient) BindPathXSSL(req *BindPathXSSLRequest) (*BindPathXSSLResponse, error) {\n\tvar err error\n\tvar res BindPathXSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"BindPathXSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/upathx/api_create_pathx_ssl.go",
"content": "package upathx\n\nimport (\n\tucloudpathx \"github.com/ucloud/ucloud-sdk-go/services/pathx\"\n)\n\ntype CreatePathXSSLRequest = ucloudpathx.CreatePathXSSLRequest\n\ntype CreatePathXSSLResponse = ucloudpathx.CreatePathXSSLResponse\n\nfunc (c *UPathXClient) NewCreatePathXSSLRequest() *CreatePathXSSLRequest {\n\treq := &CreatePathXSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UPathXClient) CreatePathXSSL(req *CreatePathXSSLRequest) (*CreatePathXSSLResponse, error) {\n\tvar err error\n\tvar res CreatePathXSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"CreatePathXSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/upathx/api_describe_pathx_ssl.go",
"content": "package upathx\n\nimport (\n\tucloudpathx \"github.com/ucloud/ucloud-sdk-go/services/pathx\"\n)\n\ntype DescribePathXSSLRequest = ucloudpathx.DescribePathXSSLRequest\n\ntype DescribePathXSSLResponse = ucloudpathx.DescribePathXSSLResponse\n\nfunc (c *UPathXClient) NewDescribePathXSSLRequest() *DescribePathXSSLRequest {\n\treq := &DescribePathXSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UPathXClient) DescribePathXSSL(req *DescribePathXSSLRequest) (*DescribePathXSSLResponse, error) {\n\tvar err error\n\tvar res DescribePathXSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"DescribePathXSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/upathx/api_unbind_pathx_ssl.go",
"content": "package upathx\n\nimport (\n\tucloudpathx \"github.com/ucloud/ucloud-sdk-go/services/pathx\"\n)\n\ntype UnbindPathXSSLRequest = ucloudpathx.UnBindPathXSSLRequest\n\ntype UnbindPathXSSLResponse = ucloudpathx.UnBindPathXSSLResponse\n\nfunc (c *UPathXClient) NewUnbindPathXSSLRequest() *UnbindPathXSSLRequest {\n\treq := &UnbindPathXSSLRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *UPathXClient) UnbindPathXSSL(req *UnbindPathXSSLRequest) (*UnbindPathXSSLResponse, error) {\n\tvar err error\n\tvar res UnbindPathXSSLResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UnBindPathXSSL\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/upathx/client.go",
"content": "package upathx\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n)\n\ntype UPathXClient struct {\n\t*ucloud.Client\n}\n\nfunc NewClient(config *ucloud.Config, credential *auth.Credential) *UPathXClient {\n\tmeta := ucloud.ClientMeta{Product: \"PathX\"}\n\tclient := ucloud.NewClientWithMeta(config, credential, meta)\n\treturn &UPathXClient{\n\t\tclient,\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ussl/api_download_certificate.go",
"content": "package ussl\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype DownloadCertificateRequest struct {\n\trequest.CommonBase\n\n\tCertificateID *int `required:\"true\"`\n}\n\ntype DownloadCertificateResponse struct {\n\tresponse.CommonBase\n\n\tCertificateUrl string\n\tCertCA *CertificateDownloadInfo\n\tCertificate *CertificateDownloadInfo\n}\n\nfunc (c *USSLClient) NewDownloadCertificateRequest() *DownloadCertificateRequest {\n\treq := &DownloadCertificateRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *USSLClient) DownloadCertificate(req *DownloadCertificateRequest) (*DownloadCertificateResponse, error) {\n\tvar err error\n\tvar res DownloadCertificateResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"DownloadCertificate\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ussl/api_get_certificate_detail_info.go",
"content": "package ussl\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype GetCertificateDetailInfoRequest struct {\n\trequest.CommonBase\n\n\tCertificateID *int `required:\"true\"`\n}\n\ntype GetCertificateDetailInfoResponse struct {\n\tresponse.CommonBase\n\n\tCertificateInfo *CertificateInfo\n}\n\nfunc (c *USSLClient) NewGetCertificateDetailInfoRequest() *GetCertificateDetailInfoRequest {\n\treq := &GetCertificateDetailInfoRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *USSLClient) GetCertificateDetailInfo(req *GetCertificateDetailInfoRequest) (*GetCertificateDetailInfoResponse, error) {\n\tvar err error\n\tvar res GetCertificateDetailInfoResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"GetCertificateDetailInfo\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ussl/api_get_certificate_list.go",
"content": "package ussl\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype GetCertificateListRequest struct {\n\trequest.CommonBase\n\n\tMode *string `required:\"true\"`\n\tStateCode *string `required:\"false\"`\n\tBrand *string `required:\"false\"`\n\tCaOrganization *string `required:\"false\"`\n\tDomain *string `required:\"false\"`\n\tSort *string `required:\"false\"`\n\tPage *int `required:\"false\"`\n\tPageSize *int `required:\"false\"`\n}\n\ntype GetCertificateListResponse struct {\n\tresponse.CommonBase\n\n\tCertificateList []*CertificateListItem\n\tTotalCount int\n}\n\nfunc (c *USSLClient) NewGetCertificateListRequest() *GetCertificateListRequest {\n\treq := &GetCertificateListRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(true)\n\treturn req\n}\n\nfunc (c *USSLClient) GetCertificateList(req *GetCertificateListRequest) (*GetCertificateListResponse, error) {\n\tvar err error\n\tvar res GetCertificateListResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"GetCertificateList\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ussl/api_upload_normal_certificate.go",
"content": "package ussl\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/request\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/response\"\n)\n\ntype UploadNormalCertificateRequest struct {\n\trequest.CommonBase\n\n\tCertificateName *string `required:\"true\"`\n\tSslPublicKey *string `required:\"true\"`\n\tSslPrivateKey *string `required:\"true\"`\n\tSslMD5 *string `required:\"true\"`\n\tSslCaKey *string `required:\"false\"`\n}\n\ntype UploadNormalCertificateResponse struct {\n\tresponse.CommonBase\n\n\tCertificateID int\n\tLongResourceID string\n}\n\nfunc (c *USSLClient) NewUploadNormalCertificateRequest() *UploadNormalCertificateRequest {\n\treq := &UploadNormalCertificateRequest{}\n\n\tc.Client.SetupRequest(req)\n\n\treq.SetRetryable(false)\n\treturn req\n}\n\nfunc (c *USSLClient) UploadNormalCertificate(req *UploadNormalCertificateRequest) (*UploadNormalCertificateResponse, error) {\n\tvar err error\n\tvar res UploadNormalCertificateResponse\n\n\treqCopier := *req\n\n\terr = c.Client.InvokeAction(\"UploadNormalCertificate\", &reqCopier, &res)\n\tif err != nil {\n\t\treturn &res, err\n\t}\n\n\treturn &res, nil\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ussl/client.go",
"content": "package ussl\n\nimport (\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud\"\n\t\"github.com/ucloud/ucloud-sdk-go/ucloud/auth\"\n)\n\ntype USSLClient struct {\n\t*ucloud.Client\n}\n\nfunc NewClient(config *ucloud.Config, credential *auth.Credential) *USSLClient {\n\tmeta := ucloud.ClientMeta{Product: \"USSL\"}\n\tclient := ucloud.NewClientWithMeta(config, credential, meta)\n\treturn &USSLClient{\n\t\tclient,\n\t}\n}\n"
},
{
"path": "pkg/sdk3rd/ucloud/ussl/types.go",
"content": "package ussl\n\ntype CertificateListItem struct {\n\tCertificateID int\n\tCertificateSN string\n\tCertificateCat string\n\tMode string\n\tDomains string\n\tBrand string\n\tValidityPeriod int\n\tType string\n\tNotBefore int\n\tNotAfter int\n\tAlarmState int\n\tState string\n\tStateCode string\n\tName string\n\tMaxDomainsCount int\n\tDomainsCount int\n\tCaChannel string\n\tCSRAlgorithms []CSRAlgorithmInfo\n\tTopOrganizationID int\n\tOrganizationID int\n\tIsFree int\n\tYearOfValidity int\n\tChannel int\n\tCreateTime int\n\tCertificateUrl string\n}\n\ntype CSRAlgorithmInfo struct {\n\tAlgorithm string\n\tAlgorithmOption []string\n}\n\ntype CertificateInfo struct {\n\tType string\n\tCertificateID int\n\tCertificateType string\n\tCaOrganization string\n\tAlgorithm string\n\tValidityPeriod int\n\tState string\n\tStateCode string\n\tName string\n\tBrand string\n\tDomains string\n\tDomainsCount int\n\tMode string\n\tCSROnline int\n\tCSR string\n\tCSRKeyParameter string\n\tCSREncryptAlgo string\n\tIssuedDate int\n\tExpiredDate int\n}\n\ntype CertificateDownloadInfo struct {\n\tFileData string\n\tFileName string\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/api_get_buckets.go",
"content": "package console\n\nimport (\n\t\"context\"\n\t\"net/http\"\n\n\tqs \"github.com/google/go-querystring/query\"\n)\n\ntype GetBucketsRequest struct {\n\tBucketName string `json:\"status\" url:\"bucket_name\"`\n\tBusinessType string `json:\"business_type\" url:\"business_type\"`\n\tType string `json:\"type\" url:\"type\"`\n\tStatus string `json:\"state\" url:\"state\"`\n\tTag string `json:\"tag\" url:\"tag\"`\n\tIsSecurityCDN bool `json:\"security_cdn\" url:\"security_cdn\"`\n\tWithDomains bool `json:\"with_domains\" url:\"with_domains\"`\n\tPage int32 `json:\"page\" url:\"page\"`\n\tPerPage int32 `json:\"perPage\" url:\"perPage\"`\n}\n\ntype GetBucketsResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tsdkResponseBaseData\n\t\tBuckets []*BucketInfo `json:\"buckets\"`\n\t\tPager BucketPager `json:\"pager\"`\n\t} `json:\"data,omitempty\"`\n}\n\ntype BucketInfo struct {\n\tBucketName string `json:\"bucket_name\"`\n\tBusinessType string `json:\"business_type\"`\n\tType string `json:\"type\"`\n\tStatus string `json:\"status\"`\n\tTag string `json:\"tag\"`\n\tIsFusionCDN bool `json:\"fusion_cdn\"`\n\tIsSecurityCDN bool `json:\"security_cdn\"`\n\tDomains []*BucketDomain `json:\"domains\"`\n\tVisible bool `json:\"visible\"`\n\tCreatedAt string `json:\"created_at\"`\n}\n\ntype BucketDomain struct {\n\tDomain string `json:\"domain\"`\n\tStatus string `json:\"status\"`\n}\n\ntype BucketPager struct {\n\tPage int32 `json:\"page\"`\n\tPages int64 `json:\"pages\"`\n\tTotal int64 `json:\"total\"`\n}\n\nfunc (c *Client) GetBuckets(req *GetBucketsRequest) (*GetBucketsResponse, error) {\n\treturn c.GetBucketsWithContext(context.Background(), req)\n}\n\nfunc (c *Client) GetBucketsWithContext(ctx context.Context, req *GetBucketsRequest) (*GetBucketsResponse, error) {\n\tif err := c.ensureCookieExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/api/v2/buckets\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\tvalues, err := qs.Values(req)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\n\t\thttpreq.SetQueryParamsFromValues(values)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetBucketsResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/api_get_https_certificate_manager.go",
"content": "package console\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype HttpsCertificateManagerDomain struct {\n\tName string `json:\"name\"`\n\tType string `json:\"type\"`\n\tBucketId int64 `json:\"bucket_id\"`\n\tBucketName string `json:\"bucket_name\"`\n}\n\ntype GetHttpsCertificateManagerResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tsdkResponseBaseData\n\n\t\tAuthenticateNum int32 `json:\"authenticate_num\"`\n\t\tAuthenticateDomains []string `json:\"authenticate_domain\"`\n\t\tDomains []HttpsCertificateManagerDomain `json:\"domains\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) GetHttpsCertificateManager(certificateId string) (*GetHttpsCertificateManagerResponse, error) {\n\treturn c.GetHttpsCertificateManagerWithContext(context.Background(), certificateId)\n}\n\nfunc (c *Client) GetHttpsCertificateManagerWithContext(ctx context.Context, certificateId string) (*GetHttpsCertificateManagerResponse, error) {\n\tif certificateId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certificateId\")\n\t}\n\n\tif err := c.ensureCookieExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/api/https/certificate/manager/\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetQueryParam(\"certificate_id\", certificateId)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetHttpsCertificateManagerResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/api_get_https_service_manager.go",
"content": "package console\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype GetHttpsServiceManagerResponse struct {\n\tsdkResponseBase\n\tData *struct {\n\t\tsdkResponseBaseData\n\t\tStatus int32 `json:\"status\"`\n\t\tDomains []HttpsServiceManagerDomain `json:\"result\"`\n\t} `json:\"data,omitempty\"`\n}\n\ntype HttpsServiceManagerDomain struct {\n\tCertificateId string `json:\"certificate_id\"`\n\tCommonName string `json:\"commonName\"`\n\tHttps bool `json:\"https\"`\n\tForceHttps bool `json:\"force_https\"`\n\tPaymentType string `json:\"payment_type\"`\n\tDomainType string `json:\"domain_type\"`\n\tValidity HttpsServiceManagerDomainValidity `json:\"validity\"`\n}\n\ntype HttpsServiceManagerDomainValidity struct {\n\tStart int64 `json:\"start\"`\n\tEnd int64 `json:\"end\"`\n}\n\nfunc (c *Client) GetHttpsServiceManager(domain string) (*GetHttpsServiceManagerResponse, error) {\n\treturn c.GetHttpsServiceManagerWithContext(context.Background(), domain)\n}\n\nfunc (c *Client) GetHttpsServiceManagerWithContext(ctx context.Context, domain string) (*GetHttpsServiceManagerResponse, error) {\n\tif domain == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset domain\")\n\t}\n\n\tif err := c.ensureCookieExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, \"/api/https/services/manager\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetQueryParam(\"domain\", domain)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetHttpsServiceManagerResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/api_migrate_https_domain.go",
"content": "package console\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype MigrateHttpsDomainRequest struct {\n\tCertificateId string `json:\"crt_id\"`\n\tDomain string `json:\"domain_name\"`\n}\n\ntype MigrateHttpsDomainResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tsdkResponseBaseData\n\n\t\tStatus bool `json:\"status\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) MigrateHttpsDomain(req *MigrateHttpsDomainRequest) (*MigrateHttpsDomainResponse, error) {\n\treturn c.MigrateHttpsDomainWithContext(context.Background(), req)\n}\n\nfunc (c *Client) MigrateHttpsDomainWithContext(ctx context.Context, req *MigrateHttpsDomainRequest) (*MigrateHttpsDomainResponse, error) {\n\tif err := c.ensureCookieExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/https/migrate/domain\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &MigrateHttpsDomainResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/api_update_https_certificate_manager.go",
"content": "package console\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UpdateHttpsCertificateManagerRequest struct {\n\tCertificateId string `json:\"certificate_id\"`\n\tDomain string `json:\"domain\"`\n\tHttps bool `json:\"https\"`\n\tForceHttps bool `json:\"force_https\"`\n}\n\ntype UpdateHttpsCertificateManagerResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tsdkResponseBaseData\n\n\t\tStatus bool `json:\"status\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) UpdateHttpsCertificateManager(req *UpdateHttpsCertificateManagerRequest) (*UpdateHttpsCertificateManagerResponse, error) {\n\treturn c.UpdateHttpsCertificateManagerWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UpdateHttpsCertificateManagerWithContext(ctx context.Context, req *UpdateHttpsCertificateManagerRequest) (*UpdateHttpsCertificateManagerResponse, error) {\n\tif err := c.ensureCookieExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/https/certificate/manager\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateHttpsCertificateManagerResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/api_upload_https_certificate.go",
"content": "package console\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype UploadHttpsCertificateRequest struct {\n\tCertificate string `json:\"certificate\"`\n\tPrivateKey string `json:\"private_key\"`\n}\n\ntype UploadHttpsCertificateResponse struct {\n\tsdkResponseBase\n\n\tData *struct {\n\t\tsdkResponseBaseData\n\n\t\tStatus int32 `json:\"status\"`\n\t\tResult struct {\n\t\t\tCertificateId string `json:\"certificate_id\"`\n\t\t\tCommonName string `json:\"commonName\"`\n\t\t\tSerial string `json:\"serial\"`\n\t\t} `json:\"result\"`\n\t} `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) UploadHttpsCertificate(req *UploadHttpsCertificateRequest) (*UploadHttpsCertificateResponse, error) {\n\treturn c.UploadHttpsCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) UploadHttpsCertificateWithContext(ctx context.Context, req *UploadHttpsCertificateRequest) (*UploadHttpsCertificateResponse, error) {\n\tif err := c.ensureCookieExists(); err != nil {\n\t\treturn nil, err\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/https/certificate/\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UploadHttpsCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/client.go",
"content": "package console\n\nimport (\n\t\"encoding/json\"\n\t\"errors\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"sync\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tusername string\n\tpassword string\n\n\tloginCookie string\n\tloginCookieMtx sync.Mutex\n\n\tclient *resty.Client\n}\n\nfunc NewClient(username, password string) (*Client, error) {\n\tif username == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset username\")\n\t}\n\tif password == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset password\")\n\t}\n\n\tclient := &Client{\n\t\tusername: username,\n\t\tpassword: password,\n\t}\n\tclient.client = resty.New().\n\t\tSetBaseURL(\"https://console.upyun.com\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\tif client.loginCookie != \"\" {\n\t\t\t\treq.Header.Set(\"Cookie\", client.loginCookie)\n\t\t\t}\n\n\t\t\treturn nil\n\t\t})\n\n\treturn client, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\ttresp := &sdkResponseBase{}\n\t\t\tif err := json.Unmarshal(resp.Body(), &tresp); err != nil {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t\t} else if tdata := tresp.GetData(); tdata == nil {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: received empty data\")\n\t\t\t} else if terrcode := tdata.GetErrorCode(); terrcode != 0 {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%d', message='%s'\", terrcode, tdata.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) ensureCookieExists() error {\n\tc.loginCookieMtx.Lock()\n\tdefer c.loginCookieMtx.Unlock()\n\tif c.loginCookie != \"\" {\n\t\treturn nil\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPost, \"/accounts/signin/\")\n\tif err != nil {\n\t\treturn err\n\t} else {\n\t\thttpreq.SetBody(map[string]string{\n\t\t\t\"username\": c.username,\n\t\t\t\"password\": c.password,\n\t\t})\n\t}\n\n\ttype signinResponse struct {\n\t\tsdkResponseBase\n\t\tData *struct {\n\t\t\tsdkResponseBaseData\n\t\t\tResult bool `json:\"result\"`\n\t\t} `json:\"data,omitempty\"`\n\t}\n\n\tresult := &signinResponse{}\n\thttpresp, err := c.doRequestWithResult(httpreq, result)\n\tif err != nil {\n\t\treturn err\n\t} else if !result.Data.Result {\n\t\treturn errors.New(\"sdkerr: failed to signin upyun console\")\n\t} else {\n\t\tc.loginCookie = httpresp.Header().Get(\"Set-Cookie\")\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/sdk3rd/upyun/console/types.go",
"content": "package console\n\nimport (\n\t\"encoding/json\"\n)\n\ntype sdkResponse interface {\n\tGetData() *sdkResponseBaseData\n}\n\ntype sdkResponseBase struct {\n\tData *sdkResponseBaseData `json:\"data,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetData() *sdkResponseBaseData {\n\treturn r.Data\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\ntype sdkResponseBaseData struct {\n\tErrorCode json.Number `json:\"error_code,omitempty\"`\n\tMessage string `json:\"message,omitempty\"`\n}\n\nfunc (r *sdkResponseBaseData) GetErrorCode() int {\n\tif r.ErrorCode.String() == \"\" {\n\t\treturn 0\n\t}\n\n\terrcode, err := r.ErrorCode.Int64()\n\tif err != nil {\n\t\treturn -1\n\t}\n\n\treturn int(errcode)\n}\n\nfunc (r *sdkResponseBaseData) GetMessage() string {\n\treturn r.Message\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdn/api_batch_update_certificate_config.go",
"content": "package cdn\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype BatchUpdateCertificateConfigRequest struct {\n\tCertificateId int64 `json:\"certificateId\"`\n\tDomainNames []string `json:\"domainNames\"`\n}\n\ntype BatchUpdateCertificateConfigResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) BatchUpdateCertificateConfig(req *BatchUpdateCertificateConfigRequest) (*BatchUpdateCertificateConfigResponse, error) {\n\treturn c.BatchUpdateCertificateConfigWithContext(context.Background(), req)\n}\n\nfunc (c *Client) BatchUpdateCertificateConfigWithContext(ctx context.Context, req *BatchUpdateCertificateConfigRequest) (*BatchUpdateCertificateConfigResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPut, \"/api/config/certificate/batch\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &BatchUpdateCertificateConfigResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdn/client.go",
"content": "package cdn\n\nimport (\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/wangsu/openapi\"\n)\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKey, secretKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(accessKey, secretKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tresp, err := c.client.DoRequestWithResult(req, res)\n\tif err == nil {\n\t\tif tcode := res.GetCode(); tcode != \"\" && tcode != \"0\" {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: api error: code='%s', message='%s'\", tcode, res.GetMessage())\n\t\t}\n\t}\n\n\treturn resp, err\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdn/types.go",
"content": "package cdn\n\ntype sdkResponse interface {\n\tGetCode() string\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *string `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\nfunc (r *sdkResponseBase) GetCode() string {\n\tif r.Code == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdnpro/api_create_certificate.go",
"content": "package cdnpro\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n)\n\ntype CreateCertificateRequest struct {\n\tTimestamp int64 `json:\"-\"`\n\tName *string `json:\"name,omitempty\"`\n\tDescription *string `json:\"description,omitempty\"`\n\tAutoRenew *string `json:\"autoRenew,omitempty\"`\n\tForceRenew *bool `json:\"forceRenew,omitempty\"`\n\tNewVersion *CertificateVersionInfo `json:\"newVersion,omitempty\"`\n}\n\ntype CreateCertificateResponse struct {\n\tsdkResponseBase\n\n\tCertificateLocation string `json:\"location,omitempty\"`\n}\n\nfunc (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\treturn c.CreateCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertificateWithContext(ctx context.Context, req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/cdn/certificates\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetHeader(\"X-CNC-Timestamp\", fmt.Sprintf(\"%d\", req.Timestamp))\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertificateResponse{}\n\tif httpresp, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t} else {\n\t\tresult.CertificateLocation = httpresp.Header().Get(\"Location\")\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdnpro/api_create_deployment_task.go",
"content": "package cdnpro\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateDeploymentTaskRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tTarget *string `json:\"target,omitempty\"`\n\tActions *[]DeploymentTaskActionInfo `json:\"actions,omitempty\"`\n\tWebhook *string `json:\"webhook,omitempty\"`\n}\n\ntype CreateDeploymentTaskResponse struct {\n\tsdkResponseBase\n\n\tDeploymentTaskLocation string `json:\"location,omitempty\"`\n}\n\nfunc (c *Client) CreateDeploymentTask(req *CreateDeploymentTaskRequest) (*CreateDeploymentTaskResponse, error) {\n\treturn c.CreateDeploymentTaskWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateDeploymentTaskWithContext(ctx context.Context, req *CreateDeploymentTaskRequest) (*CreateDeploymentTaskResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/cdn/deploymentTasks\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateDeploymentTaskResponse{}\n\tif httpresp, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t} else {\n\t\tresult.DeploymentTaskLocation = httpresp.Header().Get(\"Location\")\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdnpro/api_get_deployment_task_detail.go",
"content": "package cdnpro\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype GetDeploymentTaskDetailResponse struct {\n\tsdkResponseBase\n\n\tName string `json:\"name\"`\n\tTarget string `json:\"target\"`\n\tActions []DeploymentTaskActionInfo `json:\"actions\"`\n\tStatus string `json:\"status\"`\n\tStatusDetails string `json:\"statusDetails\"`\n\tSubmissionTime string `json:\"submissionTime\"`\n\tFinishTime string `json:\"finishTime\"`\n\tApiRequestId string `json:\"apiRequestId\"`\n}\n\nfunc (c *Client) GetDeploymentTaskDetail(deploymentTaskId string) (*GetDeploymentTaskDetailResponse, error) {\n\treturn c.GetDeploymentTaskDetailWithContext(context.Background(), deploymentTaskId)\n}\n\nfunc (c *Client) GetDeploymentTaskDetailWithContext(ctx context.Context, deploymentTaskId string) (*GetDeploymentTaskDetailResponse, error) {\n\tif deploymentTaskId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset deploymentTaskId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/cdn/deploymentTasks/%s\", url.PathEscape(deploymentTaskId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetDeploymentTaskDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdnpro/api_get_hostname_detail.go",
"content": "package cdnpro\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype GetHostnameDetailResponse struct {\n\tsdkResponseBase\n\n\tHostname string `json:\"hostname\"`\n\tPropertyInProduction *HostnamePropertyInfo `json:\"propertyInProduction,omitempty\"`\n\tPropertyInStaging *HostnamePropertyInfo `json:\"propertyInStaging,omitempty\"`\n}\n\nfunc (c *Client) GetHostnameDetail(hostname string) (*GetHostnameDetailResponse, error) {\n\treturn c.GetHostnameDetailWithContext(context.Background(), hostname)\n}\n\nfunc (c *Client) GetHostnameDetailWithContext(ctx context.Context, hostname string) (*GetHostnameDetailResponse, error) {\n\tif hostname == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset hostname\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodGet, fmt.Sprintf(\"/cdn/hostnames/%s\", url.PathEscape(hostname)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &GetHostnameDetailResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdnpro/api_update_certificate.go",
"content": "package cdnpro\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype UpdateCertificateRequest struct {\n\tTimestamp int64 `json:\"-\"`\n\tName *string `json:\"name,omitempty\"`\n\tDescription *string `json:\"description,omitempty\"`\n\tAutoRenew *string `json:\"autoRenew,omitempty\"`\n\tForceRenew *bool `json:\"forceRenew,omitempty\"`\n\tNewVersion *CertificateVersionInfo `json:\"newVersion,omitempty\"`\n}\n\ntype UpdateCertificateResponse struct {\n\tsdkResponseBase\n\n\tCertificateLocation string `json:\"location,omitempty\"`\n}\n\nfunc (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\treturn c.UpdateCertificateWithContext(context.Background(), certificateId, req)\n}\n\nfunc (c *Client) UpdateCertificateWithContext(ctx context.Context, certificateId string, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\tif certificateId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certificateId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPatch, fmt.Sprintf(\"/cdn/certificates/%s\", url.PathEscape(certificateId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetHeader(\"X-CNC-Timestamp\", fmt.Sprintf(\"%d\", req.Timestamp))\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateCertificateResponse{}\n\tif httpresp, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t} else {\n\t\tresult.CertificateLocation = httpresp.Header().Get(\"Location\")\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdnpro/client.go",
"content": "package cdnpro\n\nimport (\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/wangsu/openapi\"\n)\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKey, secretKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(accessKey, secretKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\treturn c.client.DoRequestWithResult(req, res)\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/cdnpro/types.go",
"content": "package cdnpro\n\ntype sdkResponse interface {\n\tGetCode() string\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *string `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\nfunc (r *sdkResponseBase) GetCode() string {\n\tif r.Code == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\ntype CertificateVersionInfo struct {\n\tComments *string `json:\"comments,omitempty\"`\n\tPrivateKey *string `json:\"privateKey,omitempty\"`\n\tCertificate *string `json:\"certificate,omitempty\"`\n\tChainCert *string `json:\"chainCert,omitempty\"`\n\tIdentificationInfo *CertificateVersionIdentificationInfo `json:\"identificationInfo,omitempty\"`\n}\n\ntype CertificateVersionIdentificationInfo struct {\n\tCountry *string `json:\"country,omitempty\"`\n\tState *string `json:\"state,omitempty\"`\n\tCity *string `json:\"city,omitempty\"`\n\tCompany *string `json:\"company,omitempty\"`\n\tDepartment *string `json:\"department,omitempty\"`\n\tCommonName *string `json:\"commonName,omitempty\"`\n\tEmail *string `json:\"email,omitempty\"`\n\tSubjectAlternativeNames *[]string `json:\"subjectAlternativeNames,omitempty\"`\n}\n\ntype HostnamePropertyInfo struct {\n\tPropertyId string `json:\"propertyId\"`\n\tVersion int32 `json:\"version\"`\n\tCertificateId *string `json:\"certificateId,omitempty\"`\n}\n\ntype DeploymentTaskActionInfo struct {\n\tAction *string `json:\"action,omitempty\"`\n\tPropertyId *string `json:\"propertyId,omitempty\"`\n\tCertificateId *string `json:\"certificateId,omitempty\"`\n\tVersion *int32 `json:\"version,omitempty\"`\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/certificate/api_create_certificate.go",
"content": "package certificate\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype CreateCertificateRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tCertificate *string `json:\"certificate,omitempty\"`\n\tPrivateKey *string `json:\"privateKey,omitempty\"`\n\tComment *string `json:\"comment,omitempty\" `\n}\n\ntype CreateCertificateResponse struct {\n\tsdkResponseBase\n\n\tCertificateLocation string `json:\"location,omitempty\"`\n}\n\nfunc (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\treturn c.CreateCertificateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) CreateCertificateWithContext(ctx context.Context, req *CreateCertificateRequest) (*CreateCertificateResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodPost, \"/api/certificate\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &CreateCertificateResponse{}\n\tif httpresp, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t} else {\n\t\tresult.CertificateLocation = httpresp.Header().Get(\"Location\")\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/certificate/api_list_certificates.go",
"content": "package certificate\n\nimport (\n\t\"context\"\n\t\"net/http\"\n)\n\ntype ListCertificatesResponse struct {\n\tsdkResponseBase\n\n\tCertificates []*CertificateRecord `json:\"ssl-certificates,omitempty\"`\n}\n\nfunc (c *Client) ListCertificates() (*ListCertificatesResponse, error) {\n\treturn c.ListCertificatesWithContext(context.Background())\n}\n\nfunc (c *Client) ListCertificatesWithContext(ctx context.Context) (*ListCertificatesResponse, error) {\n\thttpreq, err := c.newRequest(http.MethodGet, \"/api/ssl/certificate\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &ListCertificatesResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/certificate/api_update_certificate.go",
"content": "package certificate\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\t\"net/http\"\n\t\"net/url\"\n)\n\ntype UpdateCertificateRequest struct {\n\tName *string `json:\"name,omitempty\"`\n\tCertificate *string `json:\"certificate,omitempty\"`\n\tPrivateKey *string `json:\"privateKey,omitempty\"`\n\tComment *string `json:\"comment,omitempty\" `\n}\n\ntype UpdateCertificateResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\treturn c.UpdateCertificateWithContext(context.Background(), certificateId, req)\n}\n\nfunc (c *Client) UpdateCertificateWithContext(ctx context.Context, certificateId string, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {\n\tif certificateId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset certificateId\")\n\t}\n\n\thttpreq, err := c.newRequest(http.MethodPut, fmt.Sprintf(\"/api/certificate/%s\", url.PathEscape(certificateId)))\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &UpdateCertificateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/certificate/client.go",
"content": "package certificate\n\nimport (\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/pkg/sdk3rd/wangsu/openapi\"\n)\n\ntype Client struct {\n\tclient *openapi.Client\n}\n\nfunc NewClient(accessKey, secretKey string) (*Client, error) {\n\tclient, err := openapi.NewClient(accessKey, secretKey)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn &Client{client: client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(method string, path string) (*resty.Request, error) {\n\treturn c.client.NewRequest(method, path)\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\treturn c.client.DoRequest(req)\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\treturn c.client.DoRequestWithResult(req, res)\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/certificate/types.go",
"content": "package certificate\n\ntype sdkResponse interface {\n\tGetCode() string\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *string `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n\nfunc (r *sdkResponseBase) GetCode() string {\n\tif r.Code == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\ntype CertificateRecord struct {\n\tCertificateId string `json:\"certificate-id\"`\n\tName string `json:\"name\"`\n\tComment string `json:\"comment\"`\n\tValidityFrom string `json:\"certificate-validity-from\"`\n\tValidityTo string `json:\"certificate-validity-to\"`\n\tSerial string `json:\"certificate-serial\"`\n}\n"
},
{
"path": "pkg/sdk3rd/wangsu/openapi/client.go",
"content": "package openapi\n\nimport (\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"net/url\"\n\t\"strconv\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\taccessKey string\n\tsecretKey string\n\n\tclient *resty.Client\n}\n\nfunc NewClient(accessKey, secretKey string) (*Client, error) {\n\tif accessKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset accessKey\")\n\t}\n\tif secretKey == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset secretKey\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://open.chinanetcenter.com\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"Host\", \"open.chinanetcenter.com\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\t// Step 1: Get request method\n\t\t\tmethod := req.Method\n\t\t\tmethod = strings.ToUpper(method)\n\n\t\t\t// Step 2: Get request path\n\t\t\tpath := \"/\"\n\t\t\tif req.URL != nil {\n\t\t\t\tpath = req.URL.Path\n\t\t\t}\n\n\t\t\t// Step 3: Get unencoded query string\n\t\t\tqueryString := \"\"\n\t\t\tif method != http.MethodPost && req.URL != nil {\n\t\t\t\tqueryString = req.URL.RawQuery\n\n\t\t\t\ts, err := url.QueryUnescape(queryString)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tqueryString = s\n\t\t\t}\n\n\t\t\t// Step 4: Get canonical headers & signed headers\n\t\t\tcanonicalHeaders := \"\" +\n\t\t\t\t\"content-type:\" + strings.TrimSpace(strings.ToLower(req.Header.Get(\"Content-Type\"))) + \"\\n\" +\n\t\t\t\t\"host:\" + strings.TrimSpace(strings.ToLower(req.Header.Get(\"Host\"))) + \"\\n\"\n\t\t\tsignedHeaders := \"content-type;host\"\n\n\t\t\t// Step 5: Get request payload\n\t\t\tpayload := \"\"\n\t\t\tif method != http.MethodGet && req.Body != nil {\n\t\t\t\treader, err := req.GetBody()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdefer reader.Close()\n\n\t\t\t\tpayloadb, err := io.ReadAll(reader)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tpayload = string(payloadb)\n\t\t\t}\n\t\t\thashedPayload := sha256.Sum256([]byte(payload))\n\t\t\thashedPayloadHex := strings.ToLower(hex.EncodeToString(hashedPayload[:]))\n\n\t\t\t// Step 6: Get timestamp\n\t\t\tvar reqtime time.Time\n\t\t\ttimestampString := req.Header.Get(\"X-CNC-Timestamp\")\n\t\t\tif timestampString == \"\" {\n\t\t\t\treqtime = time.Now().UTC()\n\t\t\t\ttimestampString = fmt.Sprintf(\"%d\", reqtime.Unix())\n\t\t\t} else {\n\t\t\t\ttimestamp, err := strconv.ParseInt(timestampString, 10, 64)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\t\t\t\treqtime = time.Unix(timestamp, 0).UTC()\n\t\t\t}\n\n\t\t\t// Step 7: Get canonical request string\n\t\t\tcanonicalRequest := fmt.Sprintf(\"%s\\n%s\\n%s\\n%s\\n%s\\n%s\", method, path, queryString, canonicalHeaders, signedHeaders, hashedPayloadHex)\n\t\t\thashedCanonicalRequest := sha256.Sum256([]byte(canonicalRequest))\n\t\t\thashedCanonicalRequestHex := strings.ToLower(hex.EncodeToString(hashedCanonicalRequest[:]))\n\n\t\t\t// Step 8: String to sign\n\t\t\tconst SignAlgorithmHeader = \"CNC-HMAC-SHA256\"\n\t\t\tstringToSign := fmt.Sprintf(\"%s\\n%s\\n%s\", SignAlgorithmHeader, timestampString, hashedCanonicalRequestHex)\n\t\t\thmac := hmac.New(sha256.New, []byte(secretKey))\n\t\t\thmac.Write([]byte(stringToSign))\n\t\t\tsign := hmac.Sum(nil)\n\t\t\tsignHex := strings.ToLower(hex.EncodeToString(sign))\n\n\t\t\t// Step 9: Add headers to request\n\t\t\treq.Header.Set(\"X-CNC-AccessKey\", accessKey)\n\t\t\treq.Header.Set(\"X-CNC-Timestamp\", timestampString)\n\t\t\treq.Header.Set(\"X-CNC-Auth-Method\", \"AKSK\")\n\t\t\treq.Header.Set(\"Authorization\", fmt.Sprintf(\"%s Credential=%s, SignedHeaders=%s, Signature=%s\", SignAlgorithmHeader, accessKey, signedHeaders, signHex))\n\t\t\treq.Header.Set(\"Date\", reqtime.Format(\"Mon, 02 Jan 2006 15:04:05 GMT\"))\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{\n\t\taccessKey: accessKey,\n\t\tsecretKey: secretKey,\n\t\tclient: client,\n\t}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) NewRequest(method string, path string) (*resty.Request, error) {\n\tif method == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset method\")\n\t}\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = method\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) DoRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) DoRequestWithResult(req *resty.Request, res interface{}) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.DoRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/xinnet/api_dns_create.go",
"content": "package xinnet\n\nimport (\n\t\"context\"\n)\n\ntype DnsCreateRequest struct {\n\tDomainName *string `json:\"domainName,omitempty\"`\n\tRecordName *string `json:\"recordName,omitempty\"`\n\tType *string `json:\"type,omitempty\"`\n\tValue *string `json:\"value,omitempty\"`\n\tLine *string `json:\"line,omitempty\"`\n\tTtl *int32 `json:\"ttl,omitempty\"`\n\tMx *int32 `json:\"mx,omitempty\"`\n\tStatus *int32 `json:\"status,omitempty\"`\n}\n\ntype DnsCreateResponse struct {\n\tsdkResponseBase\n\tData *int64 `json:\"data,omitempty\"`\n}\n\nfunc (c *Client) DnsCreate(req *DnsCreateRequest) (*DnsCreateResponse, error) {\n\treturn c.DnsCreateWithContext(context.Background(), req)\n}\n\nfunc (c *Client) DnsCreateWithContext(ctx context.Context, req *DnsCreateRequest) (*DnsCreateResponse, error) {\n\thttpreq, err := c.newRequest(\"/dns/create/\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DnsCreateResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/xinnet/api_dns_delete.go",
"content": "package xinnet\n\nimport (\n\t\"context\"\n)\n\ntype DnsDeleteRequest struct {\n\tDomainName *string `json:\"domainName,omitempty\"`\n\tRecordId *int64 `json:\"recordId,omitempty\"`\n}\n\ntype DnsDeleteResponse struct {\n\tsdkResponseBase\n}\n\nfunc (c *Client) DnsDelete(req *DnsDeleteRequest) (*DnsDeleteResponse, error) {\n\treturn c.DnsDeleteWithContext(context.Background(), req)\n}\n\nfunc (c *Client) DnsDeleteWithContext(ctx context.Context, req *DnsDeleteRequest) (*DnsDeleteResponse, error) {\n\thttpreq, err := c.newRequest(\"/dns/delete/\")\n\tif err != nil {\n\t\treturn nil, err\n\t} else {\n\t\thttpreq.SetBody(req)\n\t\thttpreq.SetContext(ctx)\n\t}\n\n\tresult := &DnsDeleteResponse{}\n\tif _, err := c.doRequestWithResult(httpreq, result); err != nil {\n\t\treturn result, err\n\t}\n\n\treturn result, nil\n}\n"
},
{
"path": "pkg/sdk3rd/xinnet/client.go",
"content": "package xinnet\n\nimport (\n\t\"crypto/hmac\"\n\t\"crypto/sha256\"\n\t\"encoding/hex\"\n\t\"encoding/json\"\n\t\"fmt\"\n\t\"io\"\n\t\"net/http\"\n\t\"strings\"\n\t\"time\"\n\n\t\"github.com/go-resty/resty/v2\"\n\n\t\"github.com/certimate-go/certimate/internal/app\"\n)\n\ntype Client struct {\n\tclient *resty.Client\n}\n\nfunc NewClient(agentId, appSecret string) (*Client, error) {\n\tif agentId == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset agentId\")\n\t}\n\tif appSecret == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset appSecret\")\n\t}\n\n\tclient := resty.New().\n\t\tSetBaseURL(\"https://apiv2.xinnet.com/api\").\n\t\tSetHeader(\"Accept\", \"application/json\").\n\t\tSetHeader(\"Content-Type\", \"application/json\").\n\t\tSetHeader(\"User-Agent\", app.AppUserAgent).\n\t\tSetPreRequestHook(func(c *resty.Client, req *http.Request) error {\n\t\t\t// 生成时间戳\n\t\t\ttimestamp := time.Now().UTC().Format(\"20060102T150405Z\")\n\n\t\t\t// 获取请求路径,注意结尾必须是 \"/\"\n\t\t\turlPath := \"/\"\n\t\t\tif req.URL != nil {\n\t\t\t\turlPath = req.URL.Path\n\n\t\t\t\tif !strings.HasSuffix(urlPath, \"/\") {\n\t\t\t\t\turlPath += \"/\"\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// 获取请求方法\n\t\t\trequestMethod := req.Method\n\n\t\t\t// 获取请求体\n\t\t\trequestBody := \"\"\n\t\t\tif req.Body != nil {\n\t\t\t\treader, err := req.GetBody()\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\tdefer reader.Close()\n\n\t\t\t\tpayloadb, err := io.ReadAll(reader)\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn err\n\t\t\t\t}\n\n\t\t\t\trequestBody = string(payloadb)\n\t\t\t}\n\n\t\t\t// 计算签名\n\t\t\talgorithm := \"HMAC-SHA256\"\n\t\t\tstringToSign := algorithm + \"\\n\" +\n\t\t\t\ttimestamp + \"\\n\" +\n\t\t\t\trequestMethod + \"\\n\" +\n\t\t\t\turlPath + \"\\n\" +\n\t\t\t\trequestBody\n\t\t\th := hmac.New(sha256.New, []byte(appSecret))\n\t\t\th.Write([]byte(stringToSign))\n\t\t\tsignature := hex.EncodeToString(h.Sum(nil))\n\n\t\t\t// 设置请求头\n\t\t\treq.Header.Set(\"timestamp\", timestamp)\n\t\t\treq.Header.Set(\"authorization\", fmt.Sprintf(\"%s Access=%s, Signature=%s\", algorithm, agentId, signature))\n\n\t\t\treturn nil\n\t\t})\n\n\treturn &Client{client}, nil\n}\n\nfunc (c *Client) SetTimeout(timeout time.Duration) *Client {\n\tc.client.SetTimeout(timeout)\n\treturn c\n}\n\nfunc (c *Client) newRequest(path string) (*resty.Request, error) {\n\tif path == \"\" {\n\t\treturn nil, fmt.Errorf(\"sdkerr: unset path\")\n\t}\n\n\treq := c.client.R()\n\treq.Method = http.MethodPost\n\treq.URL = path\n\treturn req, nil\n}\n\nfunc (c *Client) doRequest(req *resty.Request) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\t// WARN:\n\t// PLEASE DO NOT USE `req.SetResult` or `req.SetError` HERE! USE `doRequestWithResult` INSTEAD.\n\n\tresp, err := req.Send()\n\tif err != nil {\n\t\treturn resp, fmt.Errorf(\"sdkerr: failed to send request: %w\", err)\n\t} else if resp.IsError() {\n\t\treturn resp, fmt.Errorf(\"sdkerr: unexpected status code: %d (resp: %s)\", resp.StatusCode(), resp.String())\n\t}\n\n\treturn resp, nil\n}\n\nfunc (c *Client) doRequestWithResult(req *resty.Request, res sdkResponse) (*resty.Response, error) {\n\tif req == nil {\n\t\treturn nil, fmt.Errorf(\"sdkerr: nil request\")\n\t}\n\n\tresp, err := c.doRequest(req)\n\tif err != nil {\n\t\tif resp != nil {\n\t\t\tjson.Unmarshal(resp.Body(), &res)\n\t\t}\n\t\treturn resp, err\n\t}\n\n\tif len(resp.Body()) != 0 {\n\t\tif err := json.Unmarshal(resp.Body(), &res); err != nil {\n\t\t\treturn resp, fmt.Errorf(\"sdkerr: failed to unmarshal response: %w (resp: %s)\", err, resp.String())\n\t\t} else {\n\t\t\tif tcode := res.GetCode(); tcode != \"0\" {\n\t\t\t\treturn resp, fmt.Errorf(\"sdkerr: code='%s', msg='%s'\", tcode, res.GetMessage())\n\t\t\t}\n\t\t}\n\t}\n\n\treturn resp, nil\n}\n"
},
{
"path": "pkg/sdk3rd/xinnet/types.go",
"content": "package xinnet\n\ntype sdkResponse interface {\n\tGetCode() string\n\tGetMessage() string\n}\n\ntype sdkResponseBase struct {\n\tCode *string `json:\"code,omitempty\"`\n\tMessage *string `json:\"message,omitempty\"`\n\tRequestId *string `json:\"requestId,omitempty\"`\n}\n\nfunc (r *sdkResponseBase) GetCode() string {\n\tif r.Code == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Code\n}\n\nfunc (r *sdkResponseBase) GetMessage() string {\n\tif r.Message == nil {\n\t\treturn \"\"\n\t}\n\n\treturn *r.Message\n}\n\nvar _ sdkResponse = (*sdkResponseBase)(nil)\n"
},
{
"path": "pkg/utils/cert/common.go",
"content": "package cert\n\nimport (\n\t\"encoding/pem\"\n)\n\nfunc decodePEMBlocks(data []byte) []*pem.Block {\n\tblocks := make([]*pem.Block, 0)\n\tfor {\n\t\tblock, rest := pem.Decode(data)\n\t\tif block == nil {\n\t\t\tbreak\n\t\t}\n\n\t\tblocks = append(blocks, block)\n\t\tdata = rest\n\t}\n\n\treturn blocks\n}\n"
},
{
"path": "pkg/utils/cert/comparer.go",
"content": "package cert\n\nimport (\n\t\"crypto/x509\"\n)\n\n// 比较两个 x509.Certificate 对象,判断它们是否是同一张证书。\n//\n// 入参:\n// - a: 待比较的第一个 x509.Certificate 对象。\n// - b: 待比较的第二个 x509.Certificate 对象。\n//\n// 出参:\n// - 是否相同。\nfunc EqualCertificates(a, b *x509.Certificate) bool {\n\tif a == nil || b == nil {\n\t\treturn false\n\t}\n\n\treturn a.Equal(b)\n}\n\n// 与 [EqualCertificates] 方法类似,但入参是 PEM 编码的证书字符串。\n//\n// 入参:\n// - a: 待比较的第一个证书 PEM 内容。\n// - b: 待比较的第二个证书 PEM 内容。\n//\n// 出参:\n// - 是否相同。\nfunc EqualCertificatesFromPEM(a, b string) bool {\n\taCert, _ := ParseCertificateFromPEM(a)\n\tbCert, _ := ParseCertificateFromPEM(b)\n\treturn EqualCertificates(aCert, bCert)\n}\n"
},
{
"path": "pkg/utils/cert/converter.go",
"content": "package cert\n\nimport (\n\t\"crypto/ecdsa\"\n\t\"crypto/x509\"\n\t\"encoding/pem\"\n\t\"errors\"\n\t\"fmt\"\n)\n\n// 将 x509.Certificate 对象转换为 PEM 编码的字符串。\n//\n// 入参:\n// - cert: x509.Certificate 对象。\n//\n// 出参:\n// - certPEM: 证书 PEM 内容。\n// - err: 错误。\nfunc ConvertCertificateToPEM(cert *x509.Certificate) (_certPEM string, _err error) {\n\tif cert == nil {\n\t\treturn \"\", errors.New(\"the input certificate is nil\")\n\t}\n\n\tblock := &pem.Block{\n\t\tType: \"CERTIFICATE\",\n\t\tBytes: cert.Raw,\n\t}\n\n\treturn string(pem.EncodeToMemory(block)), nil\n}\n\n// 将 ecdsa.PrivateKey 对象转换为 PEM 编码的字符串。\n//\n// 入参:\n// - privkey: ecdsa.PrivateKey 对象。\n//\n// 出参:\n// - privkeyPEM: 私钥 PEM 内容。\n// - err: 错误。\nfunc ConvertECPrivateKeyToPEM(privkey *ecdsa.PrivateKey) (_privkeyPEM string, _err error) {\n\tif privkey == nil {\n\t\treturn \"\", errors.New(\"the input private key is nil\")\n\t}\n\n\tdata, _err := x509.MarshalECPrivateKey(privkey)\n\tif _err != nil {\n\t\treturn \"\", fmt.Errorf(\"failed to marshal EC private key: %w\", _err)\n\t}\n\n\tblock := &pem.Block{\n\t\tType: \"EC PRIVATE KEY\",\n\t\tBytes: data,\n\t}\n\n\treturn string(pem.EncodeToMemory(block)), nil\n}\n"
},
{
"path": "pkg/utils/cert/extractor.go",
"content": "package cert\n\nimport (\n\t\"encoding/pem\"\n\t\"errors\"\n\t\"fmt\"\n)\n\n// 从 PEM 编码的证书字符串解析并提取服务器证书和中间证书。\n//\n// 入参:\n// - certPEM: 证书 PEM 内容。\n//\n// 出参:\n// - serverCertPEM: 服务器证书的 PEM 内容。\n// - intermediaCertPEM: 中间证书的 PEM 内容。\n// - err: 错误。\nfunc ExtractCertificatesFromPEM(certPEM string) (_serverCertPEM string, _intermediaCertPEM string, _err error) {\n\tblocks := decodePEMBlocks([]byte(certPEM))\n\tfor i, block := range blocks {\n\t\tif block.Type != \"CERTIFICATE\" {\n\t\t\treturn \"\", \"\", fmt.Errorf(\"invalid PEM block type at %d, expected 'CERTIFICATE', got '%s'\", i, block.Type)\n\t\t}\n\t}\n\n\tserverCertPEM := \"\"\n\tintermediaCertPEM := \"\"\n\n\tif len(blocks) == 0 {\n\t\treturn \"\", \"\", errors.New(\"failed to decode PEM block\")\n\t}\n\n\tif len(blocks) > 0 {\n\t\tserverCertPEM = string(pem.EncodeToMemory(blocks[0]))\n\t}\n\n\tif len(blocks) > 1 {\n\t\tfor i := 1; i < len(blocks); i++ {\n\t\t\tintermediaCertPEM += string(pem.EncodeToMemory(blocks[i]))\n\t\t}\n\t}\n\n\treturn serverCertPEM, intermediaCertPEM, nil\n}\n"
},
{
"path": "pkg/utils/cert/hostname/hostname.go",
"content": "package hostname\n\nimport (\n\t\"crypto/x509\"\n\t\"net\"\n\t\"strings\"\n)\n\n// 检查目标主机名是否匹配待匹配主机名。\n//\n// 入参:\n// - match: 待匹配主机名。可以是泛域名,如 \"*.example.com\"。\n// - candidate: 目标主机名。如 \"sub.example.com\"。\n//\n// 出参:\n// - 是否匹配。\nfunc IsMatch(match, candidate string) bool {\n\tif match == \"\" || candidate == \"\" {\n\t\treturn false\n\t}\n\n\tmockCert := &x509.Certificate{}\n\tif ip := net.ParseIP(match); ip != nil {\n\t\tmockCert.IPAddresses = []net.IP{ip}\n\t} else {\n\t\tif strings.EqualFold(match, candidate) {\n\t\t\treturn true\n\t\t}\n\t\tmockCert.DNSNames = []string{match}\n\t}\n\treturn mockCert.VerifyHostname(candidate) == nil\n}\n"
},
{
"path": "pkg/utils/cert/hostname/hostname_test.go",
"content": "package hostname_test\n\nimport (\n\t\"testing\"\n\n\txcerthostname \"github.com/certimate-go/certimate/pkg/utils/cert/hostname\"\n)\n\nfunc TestCertHostnameUtil_IsMatch(t *testing.T) {\n\tt.Run(\"IsMatch\", func(t *testing.T) {\n\t\ttestCases := []struct {\n\t\t\twildcard string\n\t\t\ttarget string\n\t\t\texpected bool\n\t\t}{\n\t\t\t{\"*.example.com\", \"sub.example.com\", true},\n\t\t\t{\"*.example.com\", \"sub.sub.example.com\", false},\n\t\t\t{\"*.example.com\", \"example.com\", false},\n\n\t\t\t{\"*.*.example.com\", \"a.b.example.com\", false},\n\t\t\t{\"*.*.example.com\", \"a.example.com\", false},\n\t\t\t{\"*.*.example.com\", \"a.b.c.example.com\", false},\n\n\t\t\t{\"example.com\", \"example.com\", true},\n\t\t\t{\"example.com\", \"wrong.com\", false},\n\n\t\t\t{\"\", \"example.com\", false},\n\t\t\t{\"*.example.com\", \"\", false},\n\n\t\t\t{\"*.sub.example.com\", \"a.sub.example.com\", true},\n\t\t\t{\"*.sub.example.com\", \"a.b.sub.example.com\", false},\n\t\t\t{\"*.sub.example.com\", \"sub.example.com\", false},\n\n\t\t\t{\"*.Example.COM\", \"sub.example.com\", true},\n\t\t\t{\"*.EXAMPLE.COM\", \"SUB.EXAMPLE.COM\", true},\n\t\t}\n\n\t\tfor _, tc := range testCases {\n\t\t\tresult := xcerthostname.IsMatch(tc.wildcard, tc.target)\n\t\t\tstatus := \"✓\"\n\t\t\tpf := t.Logf\n\t\t\tif result != tc.expected {\n\t\t\t\tstatus = \"✗\"\n\t\t\t\tpf = t.Errorf\n\t\t\t}\n\n\t\t\tpf(\"%s Wildcard: %-20s Target: %-20s Expected: %-5v Got: %-5v\\n\", status, tc.wildcard, tc.target, tc.expected, result)\n\t\t}\n\t})\n}\n"
},
{
"path": "pkg/utils/cert/key/key.go",
"content": "package key\n\nimport (\n\t\"crypto\"\n\t\"crypto/ecdsa\"\n\t\"crypto/ed25519\"\n\t\"crypto/rsa\"\n\t\"crypto/x509\"\n\t\"errors\"\n)\n\ntype KeyAlgorithm = x509.PublicKeyAlgorithm\n\nfunc GetPublicKeyAlgorithm(pubkey crypto.PublicKey) (_algorithm KeyAlgorithm, _size int, _error error) {\n\tswitch t := pubkey.(type) {\n\tcase *rsa.PublicKey:\n\t\tsize := t.N.BitLen()\n\t\treturn x509.RSA, size, nil\n\n\tcase *ecdsa.PublicKey:\n\t\tsize := t.Curve.Params().BitSize\n\t\treturn x509.ECDSA, size, nil\n\n\tcase ed25519.PublicKey:\n\t\treturn x509.Ed25519, 256, nil\n\t}\n\n\treturn x509.UnknownPublicKeyAlgorithm, 0, errors.New(\"unknown public key type\")\n}\n\nfunc GetPrivateKeyAlgorithm(privkey crypto.PrivateKey) (_algorithm KeyAlgorithm, _size int, _error error) {\n\tswitch t := privkey.(type) {\n\tcase *rsa.PrivateKey:\n\t\tsize := t.N.BitLen()\n\t\treturn x509.RSA, size, nil\n\n\tcase *ecdsa.PrivateKey:\n\t\tsize := t.Curve.Params().BitSize\n\t\treturn x509.ECDSA, size, nil\n\n\tcase ed25519.PrivateKey:\n\t\treturn x509.Ed25519, 512, nil\n\t}\n\n\treturn x509.UnknownPublicKeyAlgorithm, 0, errors.New(\"unknown private key type\")\n}\n"
},
{
"path": "pkg/utils/cert/parser.go",
"content": "package cert\n\nimport (\n\t\"crypto\"\n\t\"crypto/x509\"\n\n\t\"github.com/go-acme/lego/v4/certcrypto\"\n)\n\n// 从 PEM 编码的证书字符串解析并返回一个 x509.Certificate 对象。\n// PEM 内容可能是包含多张证书的证书链,但只返回第一个证书(即服务器证书)。\n//\n// 入参:\n// - certPEM: 证书 PEM 内容。\n//\n// 出参:\n// - cert: x509.Certificate 对象。\n// - err: 错误。\nfunc ParseCertificateFromPEM(certPEM string) (_cert *x509.Certificate, _err error) {\n\treturn certcrypto.ParsePEMCertificate([]byte(certPEM))\n}\n\n// 从 PEM 编码的私钥字符串解析并返回一个 crypto.PrivateKey 对象。\n//\n// 入参:\n// - privkeyPEM: 私钥 PEM 内容。\n//\n// 出参:\n// - privkey: crypto.PrivateKey 对象,可能是 rsa.PrivateKey、ecdsa.PrivateKey 或 ed25519.PrivateKey。\n// - err: 错误。\nfunc ParsePrivateKeyFromPEM(privkeyPEM string) (_privkey crypto.PrivateKey, _err error) {\n\treturn certcrypto.ParsePEMPrivateKey([]byte(privkeyPEM))\n}\n"
},
{
"path": "pkg/utils/cert/transformer.go",
"content": "package cert\n\nimport (\n\t\"bytes\"\n\t\"crypto/x509\"\n\t\"errors\"\n\t\"fmt\"\n\t\"time\"\n\n\t\"github.com/pavlo-v-chernykh/keystore-go/v4\"\n\t\"software.sslmate.com/src/go-pkcs12\"\n)\n\n// 将 PEM 编码的证书字符串转换为 PFX 格式。\n//\n// 入参:\n// - certPEM: 证书 PEM 内容。\n// - privkeyPEM: 私钥 PEM 内容。\n// - pfxPassword: PFX 导出密码。\n//\n// 出参:\n// - data: PFX 格式的证书数据。\n// - err: 错误。\nfunc TransformCertificateFromPEMToPFX(certPEM string, privkeyPEM string, pfxPassword string) ([]byte, error) {\n\tblocks := decodePEMBlocks([]byte(certPEM))\n\n\tcerts := make([]*x509.Certificate, 0, len(blocks))\n\tfor i, block := range blocks {\n\t\tif block.Type != \"CERTIFICATE\" {\n\t\t\treturn nil, fmt.Errorf(\"invalid PEM block type at %d, expected 'CERTIFICATE', got '%s'\", i, block.Type)\n\t\t}\n\n\t\tcert, err := x509.ParseCertificate(block.Bytes)\n\t\tif err != nil {\n\t\t\treturn nil, err\n\t\t}\n\t\tcerts = append(certs, cert)\n\t}\n\n\tprivkey, err := ParsePrivateKeyFromPEM(privkeyPEM)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar pfxData []byte\n\tif len(certs) == 0 {\n\t\treturn nil, errors.New(\"failed to decode certificate PEM\")\n\t} else if len(certs) == 1 {\n\t\tpfxData, err = pkcs12.Legacy.Encode(privkey, certs[0], nil, pfxPassword)\n\t} else {\n\t\tpfxData, err = pkcs12.Legacy.Encode(privkey, certs[0], certs[1:], pfxPassword)\n\t}\n\n\treturn pfxData, err\n}\n\n// 将 PEM 编码的证书字符串转换为 JKS 格式。\n//\n// 入参:\n// - certPEM: 证书 PEM 内容。\n// - privkeyPEM: 私钥 PEM 内容。\n// - jksAlias: JKS 别名。\n// - jksKeypass: JKS 密钥密码。\n// - jksStorepass: JKS 存储密码。\n//\n// 出参:\n// - data: JKS 格式的证书数据。\n// - err: 错误。\nfunc TransformCertificateFromPEMToJKS(certPEM string, privkeyPEM string, jksAlias string, jksKeypass string, jksStorepass string) ([]byte, error) {\n\tcertBlocks := decodePEMBlocks([]byte(certPEM))\n\tif len(certBlocks) == 0 {\n\t\treturn nil, errors.New(\"failed to decode certificate PEM\")\n\t}\n\n\tprivkeyBlocks := decodePEMBlocks([]byte(privkeyPEM))\n\tif len(privkeyBlocks) == 0 {\n\t\treturn nil, errors.New(\"failed to decode private key PEM\")\n\t}\n\n\tentry := keystore.PrivateKeyEntry{\n\t\tCreationTime: time.Now(),\n\t\tPrivateKey: privkeyBlocks[0].Bytes,\n\t\tCertificateChain: make([]keystore.Certificate, len(certBlocks)),\n\t}\n\tfor i, certBlock := range certBlocks {\n\t\tif certBlock.Type != \"CERTIFICATE\" {\n\t\t\treturn nil, fmt.Errorf(\"invalid PEM block type at %d, expected 'CERTIFICATE', got '%s'\", i, certBlock.Type)\n\t\t}\n\n\t\tentry.CertificateChain[i] = keystore.Certificate{\n\t\t\tType: \"X509\",\n\t\t\tContent: certBlock.Bytes,\n\t\t}\n\t}\n\n\tks := keystore.New()\n\tif err := ks.SetPrivateKeyEntry(jksAlias, entry, []byte(jksKeypass)); err != nil {\n\t\treturn nil, err\n\t}\n\n\tvar buf bytes.Buffer\n\tif err := ks.Store(&buf, []byte(jksStorepass)); err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn buf.Bytes(), nil\n}\n"
},
{
"path": "pkg/utils/cert/x509/x509.go",
"content": "package x509\n\nimport (\n\t\"crypto/x509\"\n\t\"encoding/asn1\"\n\t\"net\"\n)\n\nvar oidSubjectAlternativeNameExtension = asn1.ObjectIdentifier{2, 5, 29, 17}\n\nconst (\n\tsanGeneralNameTagEmail = 1\n\tsanGeneralNameTagDNS = 2\n\tsanGeneralNameTagURI = 6\n\tsanGeneralNameTagIP = 7\n)\n\n// 返回指定 x509.Certificate 对象的主题名称。\n// 如果主题名称为空,则返回第一个主题替代名称。\n//\n// 入参:\n// - cert: x509.Certificate 对象。\n//\n// 出参:\n// - 主题名称。\nfunc GetSubjectCommonName(cert *x509.Certificate) string {\n\tif cert != nil {\n\t\tif cert.Subject.CommonName != \"\" {\n\t\t\treturn cert.Subject.CommonName\n\t\t}\n\n\t\tsans := GetSubjectAltNames(cert)\n\t\tif len(sans) > 0 {\n\t\t\treturn sans[0]\n\t\t}\n\t}\n\n\treturn \"\"\n}\n\n// 返回指定 x509.Certificate 对象的主题替代名称。\n//\n// 入参:\n// - cert: x509.Certificate 对象。\n//\n// 出参:\n// - 主题替代名称的字符串切片。\nfunc GetSubjectAltNames(cert *x509.Certificate) []string {\n\tsans := make([]string, 0)\n\n\tif cert != nil {\n\t\t// 注意,这里不直接使用 `DNSNames`、`IPAddresses` 等字段,以保证原始顺序不变\n\t\tfor _, ext := range cert.Extensions {\n\t\t\tif ext.Id.Equal(oidSubjectAlternativeNameExtension) {\n\t\t\t\tvar seq asn1.RawValue\n\t\t\t\tif _, err := asn1.Unmarshal(ext.Value, &seq); err != nil {\n\t\t\t\t\tcontinue\n\t\t\t\t}\n\n\t\t\t\trest := seq.Bytes\n\t\t\t\tfor len(rest) > 0 {\n\t\t\t\t\tvar name asn1.RawValue\n\t\t\t\t\tvar err error\n\t\t\t\t\trest, err = asn1.Unmarshal(rest, &name)\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\tbreak\n\t\t\t\t\t}\n\n\t\t\t\t\tswitch name.Tag {\n\t\t\t\t\tcase sanGeneralNameTagIP:\n\t\t\t\t\t\tvar ip net.IP = name.Bytes\n\t\t\t\t\t\tsans = append(sans, ip.String())\n\n\t\t\t\t\tcase sanGeneralNameTagEmail, sanGeneralNameTagDNS, sanGeneralNameTagURI:\n\t\t\t\t\t\tsans = append(sans, string(name.Bytes))\n\n\t\t\t\t\tdefault:\n\t\t\t\t\t\t// 忽略其他非 Critical 的 GeneralName\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\treturn sans\n}\n"
},
{
"path": "pkg/utils/crypto/aes.go",
"content": "package crypto\n\nimport (\n\t\"bytes\"\n\t\"crypto/aes\"\n\t\"crypto/cipher\"\n\t\"crypto/rand\"\n\t\"fmt\"\n\t\"io\"\n)\n\ntype AESCryptor interface {\n\tCBCEncrypt(data []byte) ([]byte, error)\n\tCBCDecrypt(cipher []byte) ([]byte, error)\n}\n\ntype aesCryptor struct {\n\tkey []byte\n}\n\nfunc (c *aesCryptor) CBCEncrypt(data []byte) ([]byte, error) {\n\tblock, err := aes.NewCipher(c.key)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tpaddedData := c.pkcs7Padding(data, aes.BlockSize)\n\tciphertext := make([]byte, aes.BlockSize+len(paddedData))\n\tiv := ciphertext[:aes.BlockSize]\n\tif _, err := io.ReadFull(rand.Reader, iv); err != nil {\n\t\treturn nil, err\n\t}\n\n\tmode := cipher.NewCBCEncrypter(block, iv)\n\tmode.CryptBlocks(ciphertext[aes.BlockSize:], paddedData)\n\n\treturn ciphertext, nil\n}\n\nfunc (c *aesCryptor) CBCDecrypt(ciphertext []byte) ([]byte, error) {\n\tblock, err := aes.NewCipher(c.key)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\tif len(ciphertext) < aes.BlockSize {\n\t\treturn nil, fmt.Errorf(\"ciphertext too short\")\n\t}\n\n\tiv := ciphertext[:aes.BlockSize]\n\tciphertext = ciphertext[aes.BlockSize:]\n\n\tif len(ciphertext)%aes.BlockSize != 0 {\n\t\treturn nil, fmt.Errorf(\"ciphertext is not a multiple of the block size\")\n\t}\n\n\tmode := cipher.NewCBCDecrypter(block, iv)\n\tmode.CryptBlocks(ciphertext, ciphertext)\n\n\treturn c.pkcs7Unpadding(ciphertext), nil\n}\n\nfunc (c *aesCryptor) pkcs7Padding(data []byte, blockSize int) []byte {\n\tpadding := blockSize - (len(data) % blockSize)\n\tpadText := bytes.Repeat([]byte{byte(padding)}, padding)\n\treturn append(data, padText...)\n}\n\nfunc (c *aesCryptor) pkcs7Unpadding(data []byte) []byte {\n\tlength := len(data)\n\tif length == 0 {\n\t\treturn data\n\t}\n\n\tpadding := int(data[length-1])\n\tif padding > length {\n\t\treturn data\n\t}\n\n\treturn data[:length-padding]\n}\n\nfunc NewAESCryptor(key []byte) AESCryptor {\n\treturn &aesCryptor{key: key}\n}\n"
},
{
"path": "pkg/utils/env/get.go",
"content": "package env\n\nimport (\n\t\"errors\"\n\t\"os\"\n\t\"strconv\"\n)\n\n// 以字符串形式读取指定环境变量的值。\n//\n// 入参:\n// - envVar:环境变量。\n//\n// 出参:\n// - 环境变量值。\nfunc GetString(envVar string) string {\n\treturn GetOrDefaultString(envVar, \"\")\n}\n\n// 以字符串形式读取指定环境变量的值。\n//\n// 入参:\n// - envVar:环境变量。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 环境变量值。如果指定环境变量不存在、或者值为零值,则返回默认值。\nfunc GetOrDefaultString(envVar, defaultValue string) string {\n\treturn getOrDefault(envVar, defaultValue, parseString)\n}\n\n// 以整数形式读取指定环境变量的值。\n//\n// 入参:\n// - envVar:环境变量。\n//\n// 出参:\n// - 环境变量值。\nfunc GetInt(envVar string) int {\n\treturn GetOrDefaultInt(envVar, 0)\n}\n\n// 以整数形式读取指定环境变量的值。\n//\n// 入参:\n// - envVar:环境变量。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 环境变量值。如果指定环境变量不存在、或者值的类型不是整数,则返回默认值。\nfunc GetOrDefaultInt(envVar string, defaultValue int) int {\n\treturn getOrDefault(envVar, defaultValue, strconv.Atoi)\n}\n\n// 以布尔形式读取指定环境变量的值。\n//\n// 入参:\n// - envVar:环境变量。\n//\n// 出参:\n// - 环境变量值。\nfunc GetBool(envVar string) bool {\n\treturn GetOrDefaultBool(envVar, false)\n}\n\n// 以布尔形式读取指定环境变量的值。\n//\n// 入参:\n// - envVar:环境变量。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 环境变量值。如果指定环境变量不存在、或者值的类型不是布尔,则返回默认值。\nfunc GetOrDefaultBool(envVar string, defaultValue bool) bool {\n\treturn getOrDefault(envVar, defaultValue, strconv.ParseBool)\n}\n\nfunc getOrDefault[T any](envVar string, defaultValue T, parser func(string) (T, error)) T {\n\tv, err := parser(os.Getenv(envVar))\n\tif err != nil {\n\t\treturn defaultValue\n\t}\n\n\treturn v\n}\n\nfunc parseString(s string) (string, error) {\n\tif s == \"\" {\n\t\treturn \"\", errors.New(\"empty string\")\n\t}\n\n\treturn s, nil\n}\n"
},
{
"path": "pkg/utils/file/io.go",
"content": "package file\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\t\"path/filepath\"\n)\n\n// 与 [Write] 类似,但写入的是字符串内容。\n//\n// 入参:\n// - path: 文件路径。\n// - content: 文件内容。\n//\n// 出参:\n// - 错误。\nfunc WriteString(path string, content string) error {\n\treturn Write(path, []byte(content))\n}\n\n// 将数据写入指定路径的文件。\n// 如果目录不存在,将会递归创建目录。\n// 如果文件不存在,将会创建该文件;如果文件已存在,将会覆盖原有内容。\n//\n// 入参:\n// - path: 文件路径。\n// - data: 文件数据字节数组。\n//\n// 出参:\n// - 错误。\nfunc Write(path string, data []byte) error {\n\tdir := filepath.Dir(path)\n\n\terr := os.MkdirAll(dir, os.ModePerm)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create directory: %w\", err)\n\t}\n\n\tfile, err := os.Create(path)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create file: %w\", err)\n\t}\n\tdefer file.Close()\n\n\t_, err = file.Write(data)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to write file: %w\", err)\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/utils/filepath/path.go",
"content": "package filepath\n\nimport (\n\tstdfilepath \"path/filepath\"\n\t\"strings\"\n)\n\n// 与标准库中的 [filepath.Dir] 类似,但会尝试保留原有的路径分隔符。\n//\n// 入参:\n// - path: 文件路径。\n//\n// 出参:\n// - 目录路径。\nfunc Dir(path string) string {\n\tconst SEP_WIN = \"\\\\\"\n\tconst SEP_UNIX = \"/\"\n\n\tsep := SEP_UNIX\n\tif strings.Contains(path, SEP_WIN) && !strings.Contains(path, SEP_UNIX) {\n\t\tsep = SEP_WIN\n\t}\n\n\tdir := stdfilepath.Dir(path)\n\n\tif sep != SEP_UNIX && strings.Contains(dir, SEP_UNIX) {\n\t\tdir = strings.ReplaceAll(dir, SEP_UNIX, sep)\n\t} else if sep != SEP_WIN && strings.Contains(dir, SEP_WIN) {\n\t\tdir = strings.ReplaceAll(dir, SEP_WIN, sep)\n\t}\n\n\treturn dir\n}\n"
},
{
"path": "pkg/utils/http/parser.go",
"content": "package http\n\nimport (\n\t\"bufio\"\n\t\"net/http\"\n\t\"net/textproto\"\n\t\"strings\"\n)\n\n// 从表示 HTTP 标头的字符串解析并返回一个 http.Header 对象。\n//\n// 入参:\n// - headers: 表示 HTTP 标头的字符串。\n//\n// 出参:\n// - header: http.Header 对象。\n// - err: 错误。\nfunc ParseHeaders(headers string) (http.Header, error) {\n\tstr := strings.TrimSpace(headers) + \"\\r\\n\\r\\n\"\n\tif len(str) == 4 {\n\t\treturn make(http.Header), nil\n\t}\n\n\tbr := bufio.NewReader(strings.NewReader(str))\n\ttp := textproto.NewReader(br)\n\n\tmimeHeader, err := tp.ReadMIMEHeader()\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\treturn http.Header(mimeHeader), err\n}\n"
},
{
"path": "pkg/utils/http/transport.go",
"content": "package http\n\nimport (\n\t\"net\"\n\t\"net/http\"\n\t\"time\"\n)\n\n// 创建并返回一个 [http.DefaultTransport] 对象副本。\n//\n// 出参:\n// - transport: [http.DefaultTransport] 对象副本。\nfunc NewDefaultTransport() *http.Transport {\n\tif http.DefaultTransport != nil {\n\t\tif t, ok := http.DefaultTransport.(*http.Transport); ok {\n\t\t\treturn t.Clone()\n\t\t}\n\t}\n\n\treturn &http.Transport{\n\t\tProxy: http.ProxyFromEnvironment,\n\t\tDialContext: (&net.Dialer{\n\t\t\tTimeout: 30 * time.Second,\n\t\t\tKeepAlive: 30 * time.Second,\n\t\t\tDualStack: true,\n\t\t}).DialContext,\n\t\tForceAttemptHTTP2: true,\n\t\tMaxIdleConns: 100,\n\t\tIdleConnTimeout: 90 * time.Second,\n\t\tTLSHandshakeTimeout: 10 * time.Second,\n\t\tExpectContinueTimeout: 1 * time.Second,\n\t}\n}\n"
},
{
"path": "pkg/utils/maps/get.go",
"content": "package maps\n\nimport (\n\t\"strconv\"\n)\n\n// 以字符串形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、或者值的类型不是字符串,则返回空字符串。\nfunc GetString(dict map[string]any, key string) string {\n\treturn GetOrDefaultString(dict, key, \"\")\n}\n\n// 以字符串形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、值的类型不是字符串、或者值为零值,则返回默认值。\nfunc GetOrDefaultString(dict map[string]any, key string, defaultValue string) string {\n\tif dict == nil {\n\t\treturn defaultValue\n\t}\n\n\tif value, ok := dict[key]; ok {\n\t\tif result, ok := value.(string); ok {\n\t\t\tif result != \"\" {\n\t\t\t\treturn result\n\t\t\t}\n\t\t}\n\t}\n\n\treturn defaultValue\n}\n\n// 以整数形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、或者值的类型不是整数,则返回 0。\nfunc GetInt(dict map[string]any, key string) int {\n\treturn GetOrDefaultInt(dict, key, 0)\n}\n\n// 以整数形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、值的类型不是整数、或者值为零值,则返回默认值。\nfunc GetOrDefaultInt(dict map[string]any, key string, defaultValue int) int {\n\tif dict == nil {\n\t\treturn defaultValue\n\t}\n\n\tif value, ok := dict[key]; ok {\n\t\tvar result int\n\n\t\tswitch v := value.(type) {\n\t\tcase int:\n\t\t\tresult = v\n\t\tcase int8:\n\t\t\tresult = int(v)\n\t\tcase int16:\n\t\t\tresult = int(v)\n\t\tcase int32:\n\t\t\tresult = int(v)\n\t\tcase int64:\n\t\t\tresult = int(v)\n\t\tcase uint:\n\t\t\tresult = int(v)\n\t\tcase uint8:\n\t\t\tresult = int(v)\n\t\tcase uint16:\n\t\t\tresult = int(v)\n\t\tcase uint32:\n\t\t\tresult = int(v)\n\t\tcase uint64:\n\t\t\tresult = int(v)\n\t\tcase float32:\n\t\t\tresult = int(v)\n\t\tcase float64:\n\t\t\tresult = int(v)\n\t\tcase string:\n\t\t\t// 兼容字符串类型的值\n\t\t\tif t, err := strconv.ParseInt(v, 10, 64); err == nil {\n\t\t\t\tresult = int(t)\n\t\t\t}\n\t\t}\n\n\t\tif result != 0 {\n\t\t\treturn result\n\t\t}\n\t}\n\n\treturn defaultValue\n}\n\n// 以 32 位整数形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、或者值的类型不是 32 位整数,则返回 0。\nfunc GetInt32(dict map[string]any, key string) int32 {\n\treturn GetOrDefaultInt32(dict, key, 0)\n}\n\n// 以 32 位整数形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、值的类型不是 32 位整数、或者值为零值,则返回默认值。\nfunc GetOrDefaultInt32(dict map[string]any, key string, defaultValue int32) int32 {\n\tif dict == nil {\n\t\treturn defaultValue\n\t}\n\n\tif value, ok := dict[key]; ok {\n\t\tvar result int32\n\n\t\tswitch v := value.(type) {\n\t\tcase int:\n\t\t\tresult = int32(v)\n\t\tcase int8:\n\t\t\tresult = int32(v)\n\t\tcase int16:\n\t\t\tresult = int32(v)\n\t\tcase int32:\n\t\t\tresult = v\n\t\tcase int64:\n\t\t\tresult = int32(v)\n\t\tcase uint:\n\t\t\tresult = int32(v)\n\t\tcase uint8:\n\t\t\tresult = int32(v)\n\t\tcase uint16:\n\t\t\tresult = int32(v)\n\t\tcase uint32:\n\t\t\tresult = int32(v)\n\t\tcase uint64:\n\t\t\tresult = int32(v)\n\t\tcase float32:\n\t\t\tresult = int32(v)\n\t\tcase float64:\n\t\t\tresult = int32(v)\n\t\tcase string:\n\t\t\t// 兼容字符串类型的值\n\t\t\tif t, err := strconv.ParseInt(v, 10, 32); err == nil {\n\t\t\t\tresult = int32(t)\n\t\t\t}\n\t\t}\n\n\t\tif result != 0 {\n\t\t\treturn result\n\t\t}\n\t}\n\n\treturn defaultValue\n}\n\n// 以 64 位整数形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、或者值的类型不是 64 位整数,则返回 0。\nfunc GetInt64(dict map[string]any, key string) int64 {\n\treturn GetOrDefaultInt64(dict, key, 0)\n}\n\n// 以 64 位整数形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、值的类型不是 64 位整数、或者值为零值,则返回默认值。\nfunc GetOrDefaultInt64(dict map[string]any, key string, defaultValue int64) int64 {\n\tif dict == nil {\n\t\treturn defaultValue\n\t}\n\n\tif value, ok := dict[key]; ok {\n\t\tvar result int64\n\n\t\tswitch v := value.(type) {\n\t\tcase int:\n\t\t\tresult = int64(v)\n\t\tcase int8:\n\t\t\tresult = int64(v)\n\t\tcase int16:\n\t\t\tresult = int64(v)\n\t\tcase int32:\n\t\t\tresult = int64(v)\n\t\tcase int64:\n\t\t\tresult = v\n\t\tcase uint:\n\t\t\tresult = int64(v)\n\t\tcase uint8:\n\t\t\tresult = int64(v)\n\t\tcase uint16:\n\t\t\tresult = int64(v)\n\t\tcase uint32:\n\t\t\tresult = int64(v)\n\t\tcase uint64:\n\t\t\tresult = int64(v)\n\t\tcase float32:\n\t\t\tresult = int64(v)\n\t\tcase float64:\n\t\t\tresult = int64(v)\n\t\tcase string:\n\t\t\t// 兼容字符串类型的值\n\t\t\tif t, err := strconv.ParseInt(v, 10, 64); err == nil {\n\t\t\t\tresult = t\n\t\t\t}\n\t\t}\n\n\t\tif result != 0 {\n\t\t\treturn result\n\t\t}\n\t}\n\n\treturn defaultValue\n}\n\n// 以布尔形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、或者值的类型不是布尔,则返回 false。\nfunc GetBool(dict map[string]any, key string) bool {\n\treturn GetOrDefaultBool(dict, key, false)\n}\n\n// 以布尔形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n// - defaultValue: 默认值。\n//\n// 出参:\n// - 字典中键对应的值。如果指定键不存在、或者值的类型不是布尔,则返回默认值。\nfunc GetOrDefaultBool(dict map[string]any, key string, defaultValue bool) bool {\n\tif dict == nil {\n\t\treturn defaultValue\n\t}\n\n\tif value, ok := dict[key]; ok {\n\t\tif result, ok := value.(bool); ok {\n\t\t\treturn result\n\t\t}\n\n\t\t// 兼容字符串类型的值\n\t\tif str, ok := value.(string); ok {\n\t\t\tif result, err := strconv.ParseBool(str); err == nil {\n\t\t\t\treturn result\n\t\t\t}\n\t\t}\n\t}\n\n\treturn defaultValue\n}\n\n// 以 `map[string]V` 形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n//\n// 出参:\n// - 字典中键对应的 `map[string]V` 对象。\nfunc GetKVMap[V any](dict map[string]any, key string) map[string]V {\n\tif dict == nil {\n\t\treturn make(map[string]V)\n\t}\n\n\tif val, ok := dict[key]; ok {\n\t\tif result, ok := val.(map[string]V); ok {\n\t\t\treturn result\n\t\t}\n\t}\n\n\treturn make(map[string]V)\n}\n\n// 以 `map[string]any` 形式从字典中获取指定键的值。\n//\n// 入参:\n// - dict: 字典。\n// - key: 键。\n//\n// 出参:\n// - 字典中键对应的 `map[string]any` 对象。\nfunc GetKVMapAny(dict map[string]any, key string) map[string]any {\n\treturn GetKVMap[any](dict, key)\n}\n"
},
{
"path": "pkg/utils/maps/marshal.go",
"content": "package maps\n\nimport (\n\tmapstructure \"github.com/go-viper/mapstructure/v2\"\n)\n\n// 将字典填充到指定类型的结构体。\n// 与 [json.Unmarshal] 类似,但传入的是一个 [map[string]any] 对象而非 JSON 格式的字符串。\n//\n// 入参:\n// - dict: 字典。\n// - output: 结构体指针。\n//\n// 出参:\n// - 错误信息。如果填充失败,则返回错误信息。\nfunc Populate(dict map[string]any, output any) error {\n\tconfig := &mapstructure.DecoderConfig{\n\t\tMetadata: nil,\n\t\tResult: output,\n\t\tWeaklyTypedInput: true,\n\t\tTagName: \"json\",\n\t}\n\n\tdecoder, err := mapstructure.NewDecoder(config)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\treturn decoder.Decode(dict)\n}\n"
},
{
"path": "pkg/utils/ssh/cmd.go",
"content": "package ssh\n\nimport (\n\t\"bytes\"\n\t\"fmt\"\n\n\t\"golang.org/x/crypto/ssh\"\n)\n\n// 执行远程脚本命令,并返回执行后标准输出和标准错误。\n//\n// 入参:\n// - sshCli: SSH 客户端。\n// - command: 待执行的脚本命令。\n//\n// 出参:\n// - stdout:标准输出。\n// - stderr:标准错误。\n// - err: 错误。\nfunc RunCommand(sshCli *ssh.Client, command string) (string, string, error) {\n\tsession, err := sshCli.NewSession()\n\tif err != nil {\n\t\treturn \"\", \"\", err\n\t}\n\tdefer session.Close()\n\n\tstdoutBuf := bytes.NewBuffer(nil)\n\tsession.Stdout = stdoutBuf\n\tstderrBuf := bytes.NewBuffer(nil)\n\tsession.Stderr = stderrBuf\n\terr = session.Run(command)\n\tif err != nil {\n\t\treturn stdoutBuf.String(), stderrBuf.String(), fmt.Errorf(\"failed to execute ssh command: %w\", err)\n\t}\n\n\treturn stdoutBuf.String(), stderrBuf.String(), nil\n}\n"
},
{
"path": "pkg/utils/ssh/io.go",
"content": "package ssh\n\nimport (\n\t\"bytes\"\n\t\"errors\"\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/pkg/sftp\"\n\t\"github.com/povsister/scp\"\n\t\"golang.org/x/crypto/ssh\"\n\n\txfilepath \"github.com/certimate-go/certimate/pkg/utils/filepath\"\n)\n\n// 与 [WriteRemote] 类似,但写入的是字符串内容。\n//\n// 入参:\n// - sshCli: SSH 客户端。\n// - path: 文件远程路径。\n// - data: 文件数据字节数组。\n// - useSCP: 是否使用 SCP 进行传输,否则使用 SFTP。\n//\n// 出参:\n// - 错误。\nfunc WriteRemoteString(sshCli *ssh.Client, path string, content string, useSCP bool) error {\n\tif useSCP {\n\t\treturn writeRemoteStringWithSCP(sshCli, path, content)\n\t}\n\n\treturn writeRemoteStringWithSFTP(sshCli, path, content)\n}\n\n// 将数据写入指定远程路径的文件。\n// 如果目录不存在,将会递归创建目录。\n// 如果文件不存在,将会创建该文件;如果文件已存在,将会覆盖原有内容。\n//\n// 入参:\n// - sshCli: SSH 客户端。\n// - path: 文件远程路径。\n// - data: 文件数据字节数组。\n// - useSCP: 是否使用 SCP 进行传输,否则使用 SFTP。\n//\n// 出参:\n// - 错误。\nfunc WriteRemote(sshCli *ssh.Client, path string, data []byte, useSCP bool) error {\n\tif useSCP {\n\t\treturn writeRemoteWithSCP(sshCli, path, data)\n\t}\n\n\treturn writeRemoteWithSFTP(sshCli, path, data)\n}\n\n// 删除指定远程路径的文件。\n//\n// 入参:\n// - sshCli: SSH 客户端。\n// - path: 文件远程路径。\n// - useSCP: 是否使用 SCP 进行传输,否则使用 SFTP。\n//\n// 出参:\n// - 错误。\nfunc RemoveRemote(sshCli *ssh.Client, path string, useSCP bool) error {\n\tif useSCP {\n\t\treturn errors.ErrUnsupported\n\t}\n\n\treturn removeRemoteWithSFTP(sshCli, path)\n}\n\nfunc writeRemoteStringWithSCP(sshCli *ssh.Client, path string, content string) error {\n\treturn writeRemoteWithSCP(sshCli, path, []byte(content))\n}\n\nfunc writeRemoteStringWithSFTP(sshCli *ssh.Client, path string, content string) error {\n\treturn writeRemoteWithSFTP(sshCli, path, []byte(content))\n}\n\nfunc writeRemoteWithSCP(sshCli *ssh.Client, path string, data []byte) error {\n\tscpCli, err := scp.NewClientFromExistingSSH(sshCli, &scp.ClientOption{})\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create scp client: %w\", err)\n\t}\n\n\treader := bytes.NewReader(data)\n\terr = scpCli.CopyToRemote(reader, path, &scp.FileTransferOption{})\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to write to remote file: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc writeRemoteWithSFTP(sshCli *ssh.Client, path string, data []byte) error {\n\tsftpCli, err := sftp.NewClient(sshCli)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create sftp client: %w\", err)\n\t}\n\tdefer sftpCli.Close()\n\n\tif err := sftpCli.MkdirAll(xfilepath.Dir(path)); err != nil {\n\t\treturn fmt.Errorf(\"failed to create remote directory: %w\", err)\n\t}\n\n\tfile, err := sftpCli.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to open remote file: %w\", err)\n\t}\n\tdefer file.Close()\n\n\t_, err = file.Write(data)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to write to remote file: %w\", err)\n\t}\n\n\treturn nil\n}\n\nfunc removeRemoteWithSFTP(sshCli *ssh.Client, path string) error {\n\tsftpCli, err := sftp.NewClient(sshCli)\n\tif err != nil {\n\t\treturn fmt.Errorf(\"failed to create sftp client: %w\", err)\n\t}\n\tdefer sftpCli.Close()\n\n\tif err := sftpCli.MkdirAll(xfilepath.Dir(path)); err != nil {\n\t\treturn fmt.Errorf(\"failed to create remote directory: %w\", err)\n\t}\n\n\tif err := sftpCli.Remove(path); err != nil {\n\t\treturn fmt.Errorf(\"failed to remove remote file: %w\", err)\n\t}\n\n\treturn nil\n}\n"
},
{
"path": "pkg/utils/tls/config.go",
"content": "package tls\n\nimport (\n\t\"crypto/tls\"\n)\n\n// 创建并返回一个兼容低版的 [tls.Config] 对象。\n//\n// 出参:\n// - config: [tls.Config] 对象。\nfunc NewCompatibleConfig() *tls.Config {\n\tvar suiteIds []uint16\n\tfor _, suite := range tls.CipherSuites() {\n\t\tsuiteIds = append(suiteIds, suite.ID)\n\t}\n\tfor _, suite := range tls.InsecureCipherSuites() {\n\t\tsuiteIds = append(suiteIds, suite.ID)\n\t}\n\n\treturn &tls.Config{\n\t\tMinVersion: tls.VersionTLS10,\n\t\tCipherSuites: suiteIds,\n\t}\n}\n\n// 创建并返回一个不安全的 [tls.Config] 对象。\n//\n// 出参:\n// - config: [tls.Config] 对象。\nfunc NewInsecureConfig() *tls.Config {\n\tconfig := NewCompatibleConfig()\n\tconfig.InsecureSkipVerify = true\n\treturn config\n}\n"
},
{
"path": "pkg/utils/wait/delay.go",
"content": "package wait\n\nimport (\n\t\"context\"\n\t\"time\"\n)\n\n// 等待一段时间。\n//\n// 入参:\n// - wait: 等待时间。\n//\n// 出参:\n// - err: 错误。\nfunc Delay(wait time.Duration) error {\n\treturn DelayWithContext(context.Background(), wait)\n}\n\n// 等待一段时间,或上下文被取消。\n//\n// 入参:\n// - ctx: 上下文。\n// - wait: 等待时间。\n//\n// 出参:\n// - err: 错误。\nfunc DelayWithContext(ctx context.Context, wait time.Duration) error {\n\tticker := time.NewTimer(wait)\n\tdefer ticker.Stop()\n\n\tselect {\n\tcase <-ctx.Done():\n\t\treturn ctx.Err()\n\tcase <-ticker.C:\n\t\treturn nil\n\t}\n}\n"
},
{
"path": "pkg/utils/wait/until.go",
"content": "package wait\n\nimport (\n\t\"context\"\n\t\"time\"\n)\n\n// 等待直到条件满足。\n//\n// 入参:\n// - condition: 条件函数,接收尝试次数作为参数,返回是否满足条件和错误。\n// - interval: 执行条件函数的间隔时间。\n//\n// 出参:\n// - ret: 是否满足条件。\n// - err: 错误。\nfunc Until(condition func(index int) (bool, error), interval time.Duration) (bool, error) {\n\tconditionWithContext := func(_ context.Context, index int) (bool, error) {\n\t\treturn condition(index)\n\t}\n\treturn UntilWithContext(context.Background(), conditionWithContext, interval)\n}\n\n// 等待直到条件满足,或上下文被取消。\n//\n// 入参:\n// - ctx: 上下文。\n// - condition: 条件函数,接收上下文和尝试次数作为参数,返回是否满足条件和错误。\n// - interval: 执行条件函数的间隔时间。\n//\n// 出参:\n// - ret: 是否满足条件。\n// - err: 错误。\nfunc UntilWithContext(ctx context.Context, condition func(ctx context.Context, index int) (bool, error), interval time.Duration) (bool, error) {\n\tticker := time.NewTicker(interval)\n\tdefer ticker.Stop()\n\n\tattempt := 0\n\tfor {\n\t\tselect {\n\t\tcase <-ctx.Done():\n\t\t\treturn false, ctx.Err()\n\n\t\tcase <-ticker.C:\n\t\t\tattempt++\n\t\t\tret, err := condition(ctx, attempt)\n\t\t\tif ret || err != nil {\n\t\t\t\treturn ret, err\n\t\t\t}\n\t\t}\n\t}\n}\n\n// 等待直到条件满足或超时。\n//\n// 入参:\n// - condition: 条件函数,接收尝试次数作为参数,返回是否满足条件和错误。\n// - timeout: 超时时间。\n// - interval: 执行条件函数的间隔时间。\n//\n// 出参:\n// - ret: 是否满足条件。\n// - err: 错误。\nfunc UntilTimeout(condition func(index int) (bool, error), timeout time.Duration, interval time.Duration) (bool, error) {\n\tconditionWithContext := func(_ context.Context, index int) (bool, error) {\n\t\treturn condition(index)\n\t}\n\treturn UntilTimeoutWithContext(context.Background(), conditionWithContext, timeout, interval)\n}\n\n// 等待直到条件满足或超时,或上下文被取消。\n//\n// 入参:\n// - ctx: 上下文。\n// - condition: 条件函数,接收上下文和尝试次数作为参数,返回是否满足条件和错误。\n// - timeout: 超时时间。\n// - interval: 执行条件函数的间隔时间。\n//\n// 出参:\n// - ret: 是否满足条件。\n// - err: 错误。\nfunc UntilTimeoutWithContext(ctx context.Context, condition func(ctx context.Context, index int) (bool, error), timeout time.Duration, interval time.Duration) (bool, error) {\n\tctxWithTimeout, cancel := context.WithTimeout(ctx, timeout)\n\tdefer cancel()\n\n\tticker := time.NewTicker(interval)\n\tdefer ticker.Stop()\n\n\tattempt := 0\n\tfor {\n\t\tselect {\n\t\tcase <-ctxWithTimeout.Done():\n\t\t\treturn false, ctx.Err()\n\n\t\tcase <-ticker.C:\n\t\t\tattempt++\n\t\t\tret, err := condition(ctxWithTimeout, attempt)\n\t\t\tif ret || err != nil {\n\t\t\t\treturn ret, err\n\t\t\t}\n\t\t}\n\t}\n}\n"
},
{
"path": "ui/.gitignore",
"content": "node_modules\ndist\ndist-ssr\n!dist/.gitkeep\n\n# Logs\nlogs\n*.log\nnpm-debug.log*\nyarn-debug.log*\nyarn-error.log*\npnpm-debug.log*\nlerna-debug.log*\n\n# Editor directories and files\n.vscode/*\n!.vscode/extensions.json\n.idea\n.DS_Store\n*.suo\n*.ntvs*\n*.njsproj\n*.sln\n*.sw?\n\n*.local\n.env\n"
},
{
"path": "ui/embed.go",
"content": "// Package ui handles the PocketBase Admin frontend embedding.\npackage ui\n\nimport (\n\t\"embed\"\n\n\t\"github.com/pocketbase/pocketbase/apis\"\n)\n\n//go:embed all:dist\nvar distDir embed.FS\n\n// DistDirFS contains the embedded dist directory files (without the \"dist\" prefix)\nvar DistDirFS = apis.MustSubFS(distDir, \"dist\")\n"
},
{
"path": "ui/eslint.config.mjs",
"content": "import eslint from \"@eslint/js\";\nimport { defineConfig } from \"eslint/config\";\nimport tailwindcssPlugin from \"eslint-plugin-better-tailwindcss\";\nimport importPlugin from \"eslint-plugin-import\";\nimport prettierPluginConfig from \"eslint-plugin-prettier/recommended\";\nimport reactHooksPlugin from \"eslint-plugin-react-hooks\";\nimport reactRefreshPlugin from \"eslint-plugin-react-refresh\";\nimport typescriptPlugin from \"typescript-eslint\";\n\n/**\n * @type {import(\"eslint\").Linter.Config[]}\n */\nexport default defineConfig(\n // Basic\n eslint.configs[\"recommended\"],\n {\n name: \"eslint/import\",\n extends: [importPlugin.flatConfigs[\"recommended\"], importPlugin.flatConfigs[\"typescript\"]],\n rules: {\n \"import/no-named-as-default-member\": \"off\",\n \"import/no-unresolved\": \"off\",\n \"import/order\": [\n \"error\",\n {\n groups: [\"builtin\", \"external\", \"internal\", [\"parent\", \"sibling\"], \"index\"],\n pathGroups: [\n {\n pattern: \"react*\",\n group: \"external\",\n position: \"before\",\n },\n {\n pattern: \"react/**\",\n group: \"external\",\n position: \"before\",\n },\n {\n pattern: \"react-*\",\n group: \"external\",\n position: \"before\",\n },\n {\n pattern: \"react-*/**\",\n group: \"external\",\n position: \"before\",\n },\n {\n pattern: \"~/**\",\n group: \"external\",\n position: \"after\",\n },\n {\n pattern: \"@/**\",\n group: \"internal\",\n position: \"before\",\n },\n ],\n pathGroupsExcludedImportTypes: [\"builtin\"],\n alphabetize: {\n order: \"asc\",\n caseInsensitive: true,\n },\n },\n ],\n \"sort-imports\": [\n \"error\",\n {\n ignoreDeclarationSort: true,\n },\n ],\n },\n settings: {\n \"import/resolver\": {\n node: {\n extensions: [\".js\", \".jsx\", \".ts\", \".tsx\"],\n },\n typescript: {\n alwaysTryTypes: true,\n },\n },\n },\n },\n\n // Typescript\n {\n name: \"typescript\",\n extends: [typescriptPlugin.configs[\"recommended\"]],\n rules: {\n \"@typescript-eslint/consistent-type-imports\": \"error\",\n \"@typescript-eslint/no-empty-object-type\": [\n \"error\",\n {\n allowInterfaces: \"with-single-extends\",\n },\n ],\n \"@typescript-eslint/no-explicit-any\": [\n \"warn\",\n {\n ignoreRestArgs: true,\n },\n ],\n \"@typescript-eslint/no-unused-vars\": [\n \"error\",\n {\n argsIgnorePattern: \"^_\",\n caughtErrorsIgnorePattern: \"^_\",\n destructuredArrayIgnorePattern: \"^_\",\n varsIgnorePattern: \"^_\",\n },\n ],\n },\n },\n\n // Pretter\n {\n name: \"prettier\",\n extends: [prettierPluginConfig],\n },\n\n // React\n {\n name: \"react\",\n extends: [reactHooksPlugin.configs.flat[\"recommended-latest\"], reactRefreshPlugin.configs[\"vite\"]],\n rules: {\n \"react-hooks/exhaustive-deps\": [\"warn\"],\n \"react-hooks/immutability\": [\"warn\"],\n \"react-hooks/refs\": [\"warn\"],\n \"react-hooks/preserve-manual-memoization\": [\"off\"],\n \"react-hooks/set-state-in-effect\": [\"warn\"],\n \"react-hooks/set-state-in-render\": [\"warn\"],\n \"react-refresh/only-export-components\": [\n \"warn\",\n {\n allowConstantExport: true,\n },\n ],\n },\n },\n\n // TailwindCSS\n {\n name: \"tailwindcss\",\n plugins: {\n \"better-tailwindcss\": tailwindcssPlugin,\n },\n rules: {\n ...tailwindcssPlugin.configs[\"recommended-warn\"].rules,\n ...tailwindcssPlugin.configs[\"recommended-error\"].rules,\n\n \"better-tailwindcss/enforce-consistent-line-wrapping\": \"off\",\n \"better-tailwindcss/no-unknown-classes\": \"off\",\n },\n settings: {\n \"better-tailwindcss\": {\n entryPoint: \"src/global.css\",\n },\n },\n }\n);\n"
},
{
"path": "ui/index.html",
"content": "\n\n \n Certimate - Your Trusted Partner in SSL Automation \n \n \n \n \n \n\n"
},
{
"path": "ui/package.json",
"content": "{\n \"name\": \"@certimate/webui\",\n \"private\": true,\n \"type\": \"module\",\n \"scripts\": {\n \"dev\": \"vite --host\",\n \"build\": \"tsc -b && vite build\",\n \"lint\": \"eslint . --ext ts,tsx --report-unused-disable-directives --max-warnings 0\",\n \"preview\": \"vite preview\"\n },\n \"dependencies\": {\n \"@codemirror/lang-json\": \"^6.0.2\",\n \"@codemirror/lang-yaml\": \"^6.1.2\",\n \"@codemirror/language\": \"^6.12.2\",\n \"@codemirror/legacy-modes\": \"^6.5.2\",\n \"@flowgram.ai/document\": \"1.0.8\",\n \"@flowgram.ai/fixed-layout-editor\": \"1.0.8\",\n \"@flowgram.ai/minimap-plugin\": \"1.0.8\",\n \"@peculiar/asn1-ecc\": \"^2.6.1\",\n \"@peculiar/asn1-pkcs8\": \"^2.6.1\",\n \"@peculiar/asn1-rsa\": \"^2.6.1\",\n \"@peculiar/asn1-schema\": \"^2.6.0\",\n \"@peculiar/x509\": \"^1.14.3\",\n \"@tabler/icons-react\": \"^3.40.0\",\n \"@uiw/codemirror-extensions-basic-setup\": \"^4.25.8\",\n \"@uiw/codemirror-theme-vscode\": \"^4.25.8\",\n \"@uiw/react-codemirror\": \"^4.25.8\",\n \"ahooks\": \"^3.9.6\",\n \"antd\": \"^6.3.2\",\n \"antd-zod\": \"^8.0.0\",\n \"clsx\": \"^2.1.1\",\n \"cron-parser\": \"^5.5.0\",\n \"dayjs\": \"^1.11.20\",\n \"file-saver\": \"^2.0.5\",\n \"i18next\": \"^25.8.18\",\n \"i18next-browser-languagedetector\": \"^8.2.1\",\n \"immer\": \"^11.1.4\",\n \"nanoid\": \"^5.1.7\",\n \"pocketbase\": \"^0.26.8\",\n \"radash\": \"^12.1.1\",\n \"react\": \"^18.3.1\",\n \"react-copy-to-clipboard\": \"^5.1.1\",\n \"react-dom\": \"^18.3.1\",\n \"react-i18next\": \"^16.5.8\",\n \"react-router\": \"^7.13.1\",\n \"react-router-dom\": \"^7.13.1\",\n \"reflect-metadata\": \"^0.2.2\",\n \"tailwind-merge\": \"^3.5.0\",\n \"yaml\": \"^2.8.2\",\n \"zod\": \"^4.3.6\",\n \"zustand\": \"^5.0.12\"\n },\n \"devDependencies\": {\n \"@eslint/js\": \"^9.39.2\",\n \"@tailwindcss/postcss\": \"^4.2.1\",\n \"@tailwindcss/vite\": \"^4.2.1\",\n \"@types/file-saver\": \"^2.0.7\",\n \"@types/fs-extra\": \"^11.0.4\",\n \"@types/node\": \"^24.10.4\",\n \"@types/react\": \"^18.3.26\",\n \"@types/react-copy-to-clipboard\": \"^5.0.7\",\n \"@types/react-dom\": \"^18.3.7\",\n \"@vitejs/plugin-legacy\": \"^7.2.1\",\n \"@vitejs/plugin-react\": \"^5.1.4\",\n \"eslint\": \"^9.39.2\",\n \"eslint-config-prettier\": \"^10.1.8\",\n \"eslint-import-resolver-typescript\": \"^4.4.4\",\n \"eslint-plugin-better-tailwindcss\": \"^4.3.2\",\n \"eslint-plugin-import\": \"^2.32.0\",\n \"eslint-plugin-prettier\": \"^5.5.5\",\n \"eslint-plugin-react-hooks\": \"^7.0.1\",\n \"eslint-plugin-react-refresh\": \"^0.5.2\",\n \"fs-extra\": \"^11.3.4\",\n \"prettier\": \"^3.8.1\",\n \"tailwindcss\": \"^4.2.1\",\n \"typescript\": \"^5.9.3\",\n \"typescript-eslint\": \"^8.57.0\",\n \"vite\": \"^7.3.1\"\n }\n}\n"
},
{
"path": "ui/prettier.config.mjs",
"content": "/**\n * @type {import(\"prettier\").Config}\n */\nexport default {\n arrowParens: \"always\",\n bracketSpacing: true,\n editorconfig: true,\n htmlWhitespaceSensitivity: \"ignore\",\n jsxSingleQuote: false,\n endOfLine: \"crlf\",\n printWidth: 160,\n proseWrap: \"preserve\",\n quoteProps: \"as-needed\",\n semi: true,\n singleQuote: false,\n tabs: false,\n tabWidth: 2,\n trailingComma: \"es5\",\n useTabs: false,\n};\n"
},
{
"path": "ui/public/robots.txt",
"content": "User-Agent: *\nDisallow: /\n"
},
{
"path": "ui/src/App.tsx",
"content": "import \"reflect-metadata\";\nimport { useEffect, useLayoutEffect, useState } from \"react\";\nimport { useTranslation } from \"react-i18next\";\nimport { RouterProvider } from \"react-router-dom\";\nimport { App, ConfigProvider, type ThemeConfig, theme } from \"antd\";\nimport { type Locale } from \"antd/es/locale\";\nimport AntdLocaleEnUS from \"antd/locale/en_US\";\nimport AntdLocaleZhCN from \"antd/locale/zh_CN\";\nimport dayjs from \"dayjs\";\nimport { z } from \"zod\";\nimport { en as ZodLocaleEnUs, zhCN as ZodLocaleZhCN } from \"zod/locales\";\nimport \"dayjs/locale/zh-cn\";\n\nimport { useBrowserTheme } from \"@/hooks\";\nimport { localeNames } from \"@/i18n\";\nimport { router } from \"@/routers\";\n\nconst antdLocalesMap: Record = {\n [localeNames.EN]: AntdLocaleEnUS,\n [localeNames.ZH]: AntdLocaleZhCN,\n};\n\nconst antdThemesMap: Record = {\n [\"light\"]: { algorithm: theme.defaultAlgorithm },\n [\"dark\"]: { algorithm: theme.darkAlgorithm },\n};\n\nconst zodLocalesMap: Record = {\n [localeNames.EN]: ZodLocaleEnUs,\n [localeNames.ZH]: ZodLocaleZhCN,\n};\n\nconst RootApp = () => {\n const { i18n } = useTranslation();\n\n const { theme: browserTheme } = useBrowserTheme();\n\n const [antdLocale, setAntdLocale] = useState(antdLocalesMap[i18n.language]);\n const [antdTheme, setAntdTheme] = useState(antdThemesMap[browserTheme]);\n\n const handleLanguageChanged = () => {\n setAntdLocale(antdLocalesMap[i18n.language]);\n dayjs.locale(i18n.language);\n z.config(zodLocalesMap[i18n.language]?.());\n };\n\n i18n.on(\"initialized\", handleLanguageChanged);\n i18n.on(\"languageChanged\", handleLanguageChanged);\n useLayoutEffect(() => {\n handleLanguageChanged();\n\n return () => {\n i18n.off(\"initialized\", handleLanguageChanged);\n i18n.off(\"languageChanged\", handleLanguageChanged);\n };\n }, [i18n]);\n\n useEffect(() => {\n setAntdTheme(antdThemesMap[browserTheme]);\n\n const root = window.document.documentElement;\n root.classList.remove(\"light\", \"dark\");\n root.classList.add(browserTheme);\n }, [browserTheme]);\n\n return (\n \n \n \n \n );\n};\n\nexport default RootApp;\n"
},
{
"path": "ui/src/api/certificates.ts",
"content": "import { ClientResponseError } from \"pocketbase\";\n\nimport { type CertificateFormatType } from \"@/domain/certificate\";\nimport { getPocketBase } from \"@/repository/_pocketbase\";\n\nexport const download = async (certificateId: string, format?: CertificateFormatType) => {\n const pb = getPocketBase();\n\n type RespData = {\n fileBytes: string;\n };\n const resp = await pb.send>(`/api/certificates/${encodeURIComponent(certificateId)}/download`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: {\n format: format,\n },\n });\n\n if (resp.code != 0) {\n throw new ClientResponseError({ status: resp.code, response: resp, data: {} });\n }\n\n return resp;\n};\n\nexport const revoke = async (certificateId: string) => {\n const pb = getPocketBase();\n\n const resp = await pb.send(`/api/certificates/${encodeURIComponent(certificateId)}/revoke`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (resp.code != 0) {\n throw new ClientResponseError({ status: resp.code, response: resp, data: {} });\n }\n\n return resp;\n};\n"
},
{
"path": "ui/src/api/notifications.ts",
"content": "import { ClientResponseError } from \"pocketbase\";\n\nimport { getPocketBase } from \"@/repository/_pocketbase\";\n\nexport const testPushNotification = async ({ provider, accessId }: { provider: string; accessId: string }) => {\n const pb = getPocketBase();\n\n const resp = await pb.send(\"/api/notifications/test\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: {\n provider,\n accessId,\n },\n });\n\n if (resp.code != 0) {\n throw new ClientResponseError({ status: resp.code, response: resp, data: {} });\n }\n\n return resp;\n};\n"
},
{
"path": "ui/src/api/statistics.ts",
"content": "import { ClientResponseError } from \"pocketbase\";\n\nimport { type Statistics } from \"@/domain/statistics\";\nimport { getPocketBase } from \"@/repository/_pocketbase\";\n\nexport const get = async () => {\n const pb = getPocketBase();\n\n const resp = await pb.send>(\"/api/statistics\", {\n method: \"GET\",\n });\n\n if (resp.code != 0) {\n throw new ClientResponseError({ status: resp.code, response: resp, data: {} });\n }\n\n return resp;\n};\n"
},
{
"path": "ui/src/api/workflows.ts",
"content": "import { ClientResponseError } from \"pocketbase\";\n\nimport { WORKFLOW_TRIGGERS } from \"@/domain/workflow\";\nimport { getPocketBase } from \"@/repository/_pocketbase\";\n\nexport const getStats = async () => {\n const pb = getPocketBase();\n\n type RespData = {\n concurrency: number;\n pendingRunIds: string[];\n processingRunIds: string[];\n };\n const resp = await pb.send>(`/api/workflows/stats`, {\n method: \"GET\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (resp.code != 0) {\n throw new ClientResponseError({ status: resp.code, response: resp, data: {} });\n }\n\n return resp;\n};\n\nexport const startRun = async (workflowId: string) => {\n const pb = getPocketBase();\n\n const resp = await pb.send(`/api/workflows/${encodeURIComponent(workflowId)}/runs`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: {\n trigger: WORKFLOW_TRIGGERS.MANUAL,\n },\n });\n\n if (resp.code != 0) {\n throw new ClientResponseError({ status: resp.code, response: resp, data: {} });\n }\n\n return resp;\n};\n\nexport const cancelRun = async (workflowId: string, runId: string) => {\n const pb = getPocketBase();\n\n const resp = await pb.send(`/api/workflows/${encodeURIComponent(workflowId)}/runs/${encodeURIComponent(runId)}/cancel`, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n });\n\n if (resp.code != 0) {\n throw new ClientResponseError({ status: resp.code, response: resp, data: {} });\n }\n\n return resp;\n};\n"
},
{
"path": "ui/src/components/AppDocument.tsx",
"content": "import { useTranslation } from \"react-i18next\";\nimport { IconBook } from \"@tabler/icons-react\";\nimport { Typography } from \"antd\";\n\nimport { APP_DOCUMENT_URL } from \"@/domain/app\";\n\nexport interface AppDocumentLinkButtonProps {\n className?: string;\n style?: React.CSSProperties;\n showIcon?: boolean;\n}\n\nconst AppDocumentLinkButton = ({ className, style, showIcon = true }: AppDocumentLinkButtonProps) => {\n const { t } = useTranslation();\n\n const handleDocumentClick = () => {\n window.open(APP_DOCUMENT_URL, \"_blank\");\n };\n\n return (\n \n \n {showIcon ? {t(\"common.menu.document\")} \n
\n \n );\n};\n\nexport default {\n LinkButton: AppDocumentLinkButton,\n};\n"
},
{
"path": "ui/src/components/AppLocale.tsx",
"content": "import { useTranslation } from \"react-i18next\";\nimport { IconLanguage, type IconProps } from \"@tabler/icons-react\";\nimport { Dropdown, type DropdownProps, Typography } from \"antd\";\n\nimport { IconLanguageEnZh, IconLanguageZhEn } from \"@/components/icons\";\nimport Show from \"@/components/Show\";\nimport { localeNames, localeResources } from \"@/i18n\";\nimport { mergeCls } from \"@/utils/css\";\n\nexport const useAppLocaleMenuItems = () => {\n const { i18n } = useTranslation();\n\n const items = Object.keys(i18n.store.data).map((key) => {\n return {\n key: key as string,\n label: i18n.store.data[key].name as string,\n onClick: () => {\n if (key !== (i18n.resolvedLanguage ?? i18n.language)) {\n i18n.changeLanguage(key);\n window.location.reload();\n }\n },\n };\n });\n\n return items;\n};\n\nexport interface AppLocaleDropdownProps {\n children?: React.ReactNode;\n trigger?: DropdownProps[\"trigger\"];\n}\n\nconst AppLocaleDropdown = ({ children, trigger = [\"click\"] }: AppLocaleDropdownProps) => {\n const items = useAppLocaleMenuItems();\n\n return (\n \n {children}\n \n );\n};\n\nexport interface AppLocaleIconProps extends IconProps {}\n\nconst AppLocaleIcon = (props: AppLocaleIconProps) => {\n const { i18n } = useTranslation();\n\n return (\n \n \n \n \n \n \n \n \n );\n};\n\nexport interface AppLocaleLinkButtonProps {\n className?: string;\n style?: React.CSSProperties;\n showIcon?: boolean;\n}\n\nconst AppLocaleLinkButton = ({ className, style, showIcon = true }: AppLocaleLinkButtonProps) => {\n const { t } = useTranslation();\n const { i18n } = useTranslation();\n\n return (\n \n \n \n {showIcon ?
: <>}\n
{String(localeResources[i18n.resolvedLanguage ?? i18n.language]?.name ?? t(\"common.menu.locale\"))} \n
\n \n );\n};\n\nexport default {\n Dropdown: AppLocaleDropdown,\n Icon: AppLocaleIcon,\n LinkButton: AppLocaleLinkButton,\n};\n"
},
{
"path": "ui/src/components/AppTheme.tsx",
"content": "import { useTranslation } from \"react-i18next\";\nimport { IconMoon, type IconProps, IconSun, IconSunMoon } from \"@tabler/icons-react\";\nimport { Dropdown, type DropdownProps, Typography } from \"antd\";\n\nimport Show from \"@/components/Show\";\nimport { useBrowserTheme } from \"@/hooks\";\nimport { mergeCls } from \"@/utils/css\";\n\nexport const useAppThemeMenuItems = () => {\n const { t } = useTranslation();\n\n const { themeMode, setThemeMode } = useBrowserTheme();\n\n const items = (\n [\n [\"light\", \"common.theme.light\", [0]);\n window.location.reload();\n }\n },\n };\n });\n\n return items;\n};\n\nexport interface AppThemeDropdownProps {\n children?: React.ReactNode;\n trigger?: DropdownProps[\"trigger\"];\n}\n\nconst AppThemeDropdown = ({ children, trigger = [\"click\"] }: AppThemeDropdownProps) => {\n const items = useAppThemeMenuItems();\n\n return (\n \n {children}\n \n );\n};\n\nexport interface AppThemeIconProps extends IconProps {}\n\nconst AppThemeIcon = (props: AppThemeIconProps) => {\n const { theme } = useBrowserTheme();\n\n return (\n \n \n \n \n \n \n );\n};\n\nexport interface AppThemeLinkButtonProps {\n className?: string;\n style?: React.CSSProperties;\n showIcon?: boolean;\n}\n\nconst AppThemeLinkButton = ({ className, style, showIcon = true }: AppThemeLinkButtonProps) => {\n const { t } = useTranslation();\n\n const { themeMode } = useBrowserTheme();\n\n return (\n \n \n \n {showIcon ?
: <>}\n
{t(`common.theme.${themeMode}`)} \n
\n \n );\n};\n\nexport default {\n Dropdown: AppThemeDropdown,\n Icon: AppThemeIcon,\n LinkButton: AppThemeLinkButton,\n};\n"
},
{
"path": "ui/src/components/AppVersion.tsx",
"content": "import { Badge, Typography } from \"antd\";\n\nimport { APP_DOWNLOAD_URL, APP_VERSION } from \"@/domain/app\";\nimport { useVersionChecker } from \"@/hooks\";\n\nexport interface AppVersionLinkButtonProps {\n className?: string;\n style?: React.CSSProperties;\n}\n\nconst AppVersionLinkButton = ({ className, style }: AppVersionLinkButtonProps) => {\n return (\n \n \n {APP_VERSION}\n \n \n );\n};\n\nexport interface AppVersionBadgeProps {\n className?: string;\n style?: React.CSSProperties;\n children?: React.ReactNode;\n}\n\nconst AppVersionBadge = ({ className, style, children }: AppVersionBadgeProps) => {\n const { hasUpdate } = useVersionChecker();\n\n return (\n \n {children}\n \n );\n};\n\nexport default {\n LinkButton: AppVersionLinkButton,\n Badge: AppVersionBadge,\n};\n"
},
{
"path": "ui/src/components/CodeTextInput.tsx",
"content": "import { useContext, useMemo, useRef } from \"react\";\nimport { json } from \"@codemirror/lang-json\";\nimport { yaml } from \"@codemirror/lang-yaml\";\nimport { StreamLanguage } from \"@codemirror/language\";\nimport { powerShell } from \"@codemirror/legacy-modes/mode/powershell\";\nimport { shell } from \"@codemirror/legacy-modes/mode/shell\";\nimport { basicSetup } from \"@uiw/codemirror-extensions-basic-setup\";\nimport { vscodeDark, vscodeLight } from \"@uiw/codemirror-theme-vscode\";\nimport CodeMirror, { EditorView, type ReactCodeMirrorProps, type ReactCodeMirrorRef } from \"@uiw/react-codemirror\";\nimport { useFocusWithin, useHover } from \"ahooks\";\nimport { theme } from \"antd\";\nimport DisabledContext from \"antd/es/config-provider/DisabledContext\";\n\nimport { useBrowserTheme } from \"@/hooks\";\nimport { mergeCls } from \"@/utils/css\";\n\nexport interface CodeTextInputProps extends Omit {\n disabled?: boolean;\n language?: string | string[];\n lineNumbers?: boolean;\n lineWrapping?: boolean;\n readOnly?: boolean;\n}\n\nconst CodeTextInput = ({ className, style, disabled, language, lineNumbers = true, lineWrapping = true, readOnly, ...props }: CodeTextInputProps) => {\n const { token: themeToken } = theme.useToken();\n\n const { theme: browserTheme } = useBrowserTheme();\n\n const injectedDisabled = useContext(DisabledContext);\n const mergedDisabled = disabled ?? injectedDisabled;\n\n const cmRef = useRef(null);\n const isFocusing = useFocusWithin(cmRef.current?.editor);\n const isHovering = useHover(cmRef.current?.editor);\n\n const cmTheme = useMemo(() => {\n if (browserTheme === \"dark\") {\n return vscodeDark;\n }\n return vscodeLight;\n }, [browserTheme]);\n\n const cmExtensions = useMemo(() => {\n const temp: NonNullable = [\n basicSetup({\n foldGutter: false,\n dropCursor: false,\n allowMultipleSelections: false,\n indentOnInput: false,\n }),\n ];\n\n if (lineWrapping) {\n temp.push(EditorView.lineWrapping);\n }\n\n const langs = Array.isArray(language) ? language : [language];\n langs.forEach((lang) => {\n switch (lang) {\n case \"shell\":\n temp.push(StreamLanguage.define(shell));\n break;\n case \"json\":\n temp.push(json());\n break;\n case \"powershell\":\n temp.push(StreamLanguage.define(powerShell));\n break;\n case \"yaml\":\n temp.push(yaml());\n break;\n }\n });\n\n return temp;\n }, [language, lineWrapping]);\n\n return (\n \n {\n message.success(t(\"common.text.copied\"));\n }}\n >\n \n {children}\n \n \n );\n};\n\nexport default CopyableText;\n"
},
{
"path": "ui/src/components/DrawerForm.tsx",
"content": "import { useTranslation } from \"react-i18next\";\nimport { IconX } from \"@tabler/icons-react\";\nimport { useControllableValue } from \"ahooks\";\nimport { Button, Drawer, type DrawerProps, Flex, Form, type FormProps, type ModalProps } from \"antd\";\n\nimport { useAntdForm, useTriggerElement } from \"@/hooks\";\n\nexport interface DrawerFormProps = any> extends Omit, \"title\" | \"onFinish\"> {\n className?: string;\n style?: React.CSSProperties;\n children?: React.ReactNode;\n cancelButtonProps?: ModalProps[\"cancelButtonProps\"];\n cancelText?: ModalProps[\"cancelText\"];\n defaultOpen?: boolean;\n drawerProps?: Omit;\n okButtonProps?: ModalProps[\"okButtonProps\"];\n okText?: ModalProps[\"okText\"];\n open?: boolean;\n title?: React.ReactNode;\n trigger?: React.ReactNode;\n onFinish?: (values: T) => unknown | Promise;\n onOpenChange?: (open: boolean) => void;\n}\n\nconst DrawerForm = = any>({\n className,\n style,\n children,\n cancelText,\n cancelButtonProps,\n form,\n drawerProps,\n okText,\n okButtonProps,\n title,\n trigger,\n onFinish,\n ...props\n}: DrawerFormProps) => {\n const { t } = useTranslation();\n\n const [open, setOpen] = useControllableValue(props, {\n valuePropName: \"open\",\n defaultValuePropName: \"defaultOpen\",\n trigger: \"onOpenChange\",\n });\n\n const triggerEl = useTriggerElement(trigger, {\n onClick: () => {\n setOpen(true);\n },\n });\n\n const {\n form: formInst,\n formPending,\n formProps,\n submit: submitForm,\n } = useAntdForm({\n form,\n onSubmit: (values) => {\n return onFinish?.(values);\n },\n });\n\n const mergedFormProps: FormProps = {\n clearOnDestroy: drawerProps?.destroyOnHidden ? true : void 0,\n ...formProps,\n ...props,\n };\n\n const mergedDrawerProps: DrawerProps = {\n ...drawerProps,\n closeIcon: false,\n onClose: async (e) => {\n if (formPending) return;\n\n // 关闭 Drawer 时 Promise.reject 阻止关闭\n await drawerProps?.onClose?.(e);\n setOpen(false);\n\n if (!mergedFormProps.preserve) {\n formInst.resetFields();\n }\n },\n };\n\n const handleOkClick = async () => {\n // 提交表单返回 Promise.reject 时不关闭 Drawer\n await submitForm();\n\n setOpen(false);\n };\n\n const handleCancelClick = () => {\n if (formPending) return;\n\n setOpen(false);\n };\n\n return (\n <>\n {triggerEl}\n\n \n \n {cancelText ?? t(\"common.button.cancel\")}\n \n \n {okText ?? t(\"common.button.ok\")}\n \n \n }\n forceRender\n open={open}\n title={\n \n {title}
\n {mergedDrawerProps.closeIcon !== false && (\n \n }\n >\n \n \n \n );\n};\n\nexport default DrawerForm;\n"
},
{
"path": "ui/src/components/Empty.tsx",
"content": "import { useTranslation } from \"react-i18next\";\nimport { Typography, theme } from \"antd\";\n\nimport Show from \"./Show\";\n\nexport interface EmptyProps {\n className?: string;\n style?: React.CSSProperties;\n title?: React.ReactNode;\n description?: React.ReactNode;\n extra?: React.ReactNode;\n icon?: React.ReactNode;\n}\n\nconst Empty = (props: EmptyProps) => {\n const { t } = useTranslation();\n\n const { className, style, title = t(\"common.text.nodata\"), description, extra, icon } = props;\n\n const { token: themeToken } = theme.useToken();\n\n const isPrimitive = (node: React.ReactNode): node is string | number | boolean | null => {\n return typeof node === \"string\" || typeof node === \"number\" || typeof node === \"boolean\" || node == null;\n };\n\n return (\n \n
\n
\n
\n
\n
\n \n \n
\n
\n \n {title}\n
\n \n
\n {isPrimitive(description) ? (\n {description} \n ) : (\n {description}
\n )}\n \n
\n
\n {extra}
\n \n
\n
\n
\n
\n
{\n accept?: string;\n uploadButtonProps?: Omit;\n uploadText?: string;\n onChange?: (value: string) => void;\n}\n\nconst FileTextInput = ({ className, style, accept, disabled, readOnly, uploadText, uploadButtonProps, onChange, ...props }: FileTextInputProps) => {\n const { t } = useTranslation();\n\n const injectedDisabled = useContext(DisabledContext);\n const mergedDisabled = disabled ?? injectedDisabled;\n\n const fileInputRef = useRef(null);\n\n const handleButtonClick = () => {\n if (fileInputRef.current) {\n fileInputRef.current.click();\n }\n };\n\n const handleFileChange = async (e: ChangeEvent) => {\n const { files } = e.target as HTMLInputElement;\n if (files?.length) {\n const value = await readFileAsText(files[0]);\n onChange?.(value);\n }\n };\n\n return (\n \n
\n onChange?.(e.target.value)} />\n {!readOnly && (\n <>\n
\n
= any> extends Omit, \"title\" | \"onFinish\"> {\n className?: string;\n style?: React.CSSProperties;\n children?: React.ReactNode;\n cancelButtonProps?: ModalProps[\"cancelButtonProps\"];\n cancelText?: ModalProps[\"cancelText\"];\n defaultOpen?: boolean;\n modalProps?: Omit<\n ModalProps,\n | \"cancelButtonProps\"\n | \"cancelText\"\n | \"confirmLoading\"\n | \"defaultOpen\"\n | \"forceRender\"\n | \"okButtonProps\"\n | \"okText\"\n | \"okType\"\n | \"open\"\n | \"title\"\n | \"width\"\n | \"onCancel\"\n | \"onOk\"\n | \"onOpenChange\"\n >;\n okButtonProps?: ModalProps[\"okButtonProps\"];\n okText?: ModalProps[\"okText\"];\n open?: boolean;\n title?: ModalProps[\"title\"];\n trigger?: React.ReactNode;\n width?: ModalProps[\"width\"];\n onFinish?: (values: T) => unknown | Promise;\n onOpenChange?: (open: boolean) => void;\n}\n\nconst ModalForm = = any>({\n className,\n style,\n children,\n cancelButtonProps,\n cancelText,\n form,\n modalProps,\n okButtonProps,\n okText,\n title,\n trigger,\n width,\n onFinish,\n ...props\n}: ModalFormProps) => {\n const [open, setOpen] = useControllableValue(props, {\n valuePropName: \"open\",\n defaultValuePropName: \"defaultOpen\",\n trigger: \"onOpenChange\",\n });\n\n const triggerEl = useTriggerElement(trigger, { onClick: () => setOpen(true) });\n\n const {\n form: formInst,\n formPending,\n formProps,\n submit: submitForm,\n } = useAntdForm({\n form,\n onSubmit: (values) => {\n return onFinish?.(values);\n },\n });\n\n const mergedFormProps: FormProps = {\n clearOnDestroy: modalProps?.destroyOnHidden ? true : void 0,\n ...formProps,\n ...props,\n };\n\n const mergedModalProps: ModalProps = {\n ...modalProps,\n afterClose: () => {\n if (!mergedFormProps.preserve) {\n formInst.resetFields();\n }\n\n modalProps?.afterClose?.();\n },\n };\n\n const handleOkClick = async () => {\n // 提交表单返回 Promise.reject 时不关闭 Modal\n await submitForm();\n setOpen(false);\n };\n\n const handleCancelClick = () => {\n if (formPending) return;\n\n setOpen(false);\n };\n\n return (\n <>\n {triggerEl}\n\n \n \n \n
\n \n \n );\n};\n\nexport default ModalForm;\n"
},
{
"path": "ui/src/components/MultipleInput.tsx",
"content": "import { type ChangeEvent, forwardRef, useImperativeHandle, useMemo, useRef } from \"react\";\nimport { useTranslation } from \"react-i18next\";\nimport { IconCircleArrowDown, IconCircleArrowUp, IconCircleMinus, IconCirclePlus } from \"@tabler/icons-react\";\nimport { useControllableValue } from \"ahooks\";\nimport { Button, Input, type InputProps, type InputRef } from \"antd\";\nimport { produce } from \"immer\";\n\nexport interface MultipleInputProps extends Omit {\n allowClear?: boolean;\n defaultValue?: string[];\n maxCount?: number;\n minCount?: number;\n showSortButton?: boolean;\n value?: string[];\n onChange?: (value: string[]) => void;\n onValueChange?: (index: number, element: string) => void;\n onValueCreate?: (index: number) => void;\n onValueRemove?: (index: number) => void;\n onValueSort?: (oldIndex: number, newIndex: number) => void;\n}\n\nconst MultipleInput = ({\n allowClear = false,\n disabled,\n maxCount,\n minCount,\n showSortButton = true,\n onValueChange,\n onValueCreate,\n onValueSort,\n onValueRemove,\n ...props\n}: MultipleInputProps) => {\n const { t } = useTranslation();\n\n const itemRefs = useRef([]);\n\n const [value, setValue] = useControllableValue(props, {\n valuePropName: \"value\",\n defaultValue: [],\n defaultValuePropName: \"defaultValue\",\n trigger: \"onChange\",\n });\n\n const handleCreate = () => {\n const newValue = produce(value ?? [], (draft) => {\n draft.push(\"\");\n });\n setValue(newValue);\n setTimeout(() => itemRefs.current[newValue.length - 1]?.focus(), 1);\n\n onValueCreate?.(newValue.length - 1);\n };\n\n const handleChange = (index: number, element: string) => {\n const newValue = produce(value, (draft) => {\n draft[index] = element;\n });\n setValue(newValue);\n\n onValueChange?.(index, element);\n };\n\n const handleInputBlur = (index: number) => {\n if (!allowClear && !value[index]) {\n const newValue = produce(value, (draft) => {\n draft.splice(index, 1);\n });\n setValue(newValue);\n }\n };\n\n const handleClickUp = (index: number) => {\n if (index === 0) {\n return;\n }\n\n const newValue = produce(value, (draft) => {\n const temp = draft[index - 1];\n draft[index - 1] = draft[index];\n draft[index] = temp;\n });\n setValue(newValue);\n\n onValueSort?.(index, index - 1);\n };\n\n const handleClickDown = (index: number) => {\n if (index === value.length - 1) {\n return;\n }\n\n const newValue = produce(value, (draft) => {\n const temp = draft[index + 1];\n draft[index + 1] = draft[index];\n draft[index] = temp;\n });\n setValue(newValue);\n\n onValueSort?.(index, index + 1);\n };\n\n const handleClickAdd = (index: number) => {\n const newValue = produce(value, (draft) => {\n draft.splice(index + 1, 0, \"\");\n });\n setValue(newValue);\n setTimeout(() => itemRefs.current[index + 1]?.focus(), 1);\n\n onValueCreate?.(index + 1);\n };\n\n const handleClickRemove = (index: number) => {\n const newValue = produce(value, (draft) => {\n draft.splice(index, 1);\n });\n setValue(newValue);\n\n onValueRemove?.(index);\n };\n\n return value == null || value.length === 0 ? (\n \n {t(\"common.button.add\")}\n \n ) : (\n \n {Array.from(value).map((element, index) => {\n const allowUp = index > 0;\n const allowDown = index < value.length - 1;\n const allowRemove = minCount == null || value.length > minCount;\n const allowAdd = maxCount == null || value.length < maxCount;\n\n return (\n (itemRefs.current[index] = ref!)}\n allowAdd={allowAdd}\n allowClear={allowClear}\n allowDown={allowDown}\n allowRemove={allowRemove}\n allowUp={allowUp}\n disabled={disabled}\n defaultValue={void 0}\n showSortButton={showSortButton}\n value={element}\n onBlur={() => handleInputBlur(index)}\n onChange={(val) => handleChange(index, val)}\n onEntryAdd={() => handleClickAdd(index)}\n onEntryDown={() => handleClickDown(index)}\n onEntryUp={() => handleClickUp(index)}\n onEntryRemove={() => handleClickRemove(index)}\n />\n );\n })}\n
\n );\n};\n\ntype MultipleInputItemProps = Omit<\n MultipleInputProps,\n \"defaultValue\" | \"maxCount\" | \"minCount\" | \"preset\" | \"value\" | \"onChange\" | \"onValueCreate\" | \"onValueRemove\" | \"onValueSort\" | \"onValueChange\"\n> & {\n allowAdd: boolean;\n allowRemove: boolean;\n allowUp: boolean;\n allowDown: boolean;\n defaultValue?: string;\n value?: string;\n onChange?: (value: string) => void;\n onEntryAdd?: () => void;\n onEntryDown?: () => void;\n onEntryUp?: () => void;\n onEntryRemove?: () => void;\n};\n\ntype MultipleInputItemInstance = {\n focus: InputRef[\"focus\"];\n blur: InputRef[\"blur\"];\n select: InputRef[\"select\"];\n};\n\nconst MultipleInputItem = forwardRef(\n (\n {\n allowAdd,\n allowClear,\n allowDown,\n allowRemove,\n allowUp,\n disabled,\n showSortButton,\n onEntryAdd,\n onEntryDown,\n onEntryUp,\n onEntryRemove,\n ...props\n }: MultipleInputItemProps,\n ref\n ) => {\n const inputRef = useRef(null);\n\n const [value, setValue] = useControllableValue(props, {\n valuePropName: \"value\",\n defaultValue: \"\",\n defaultValuePropName: \"defaultValue\",\n trigger: \"onChange\",\n });\n\n const upBtn = useMemo(() => {\n if (!showSortButton) return null;\n return ) => {\n setValue(e.target.value);\n };\n\n useImperativeHandle(ref, () => ({\n focus: (options) => {\n inputRef.current?.focus(options);\n },\n blur: () => {\n inputRef.current?.blur();\n },\n select: () => {\n inputRef.current?.select();\n },\n }));\n\n return (\n \n
\n
\n
\n {removeBtn}\n {upBtn}\n {downBtn}\n {addBtn}\n
\n
{\n defaultValue?: string;\n maxCount?: number;\n minCount?: number;\n modalTitle?: React.ReactNode;\n modalWidth?: number | string;\n placeholderInModal?: string;\n showSortButton?: boolean;\n separator?: string;\n splitOptions?: SplitOptions;\n value?: string[];\n onChange?: (value: string) => void;\n}\n\nconst DEFAULT_SEPARATOR = \";\";\n\nconst MultipleSplitValueInput = ({\n className,\n style,\n size,\n separator: delimiter = DEFAULT_SEPARATOR,\n disabled,\n maxCount,\n minCount,\n modalTitle,\n modalWidth = \"480px\",\n placeholder,\n placeholderInModal,\n showSortButton = true,\n splitOptions = {},\n onClear,\n ...props\n}: MultipleSplitValueInputProps) => {\n const [value, setValue] = useControllableValue(props, {\n valuePropName: \"value\",\n defaultValuePropName: \"defaultValue\",\n trigger: \"onChange\",\n });\n\n const { form: formInst, formProps } = useAntdForm({\n name: \"componentMultipleSplitValueInput_\" + nanoid(),\n initialValues: { value: value?.split(delimiter) },\n onSubmit: (values) => {\n const temp = (values.value ?? []) as string[];\n if (splitOptions.trimSpace) {\n temp.map((e) => e.trim());\n }\n if (splitOptions.removeEmpty) {\n temp.filter((e) => !!e);\n }\n\n setValue(temp.join(delimiter));\n },\n });\n\n useEffect(() => {\n formInst.setFieldValue(\"value\", value?.split(delimiter));\n }, [delimiter, value]);\n\n const handleChange = (e: ChangeEvent) => {\n setValue(e.target.value);\n };\n\n const handleClear = () => {\n setValue(\"\");\n onClear?.();\n };\n\n return (\n \n \n \n \n \n \n \n
\n );\n};\n\nexport default MultipleSplitValueInput;\n"
},
{
"path": "ui/src/components/Show.tsx",
"content": "import { Children as ReactChildren, isValidElement } from \"react\";\n\nexport type ShowProps =\n | {\n children: React.ReactNode;\n }\n | {\n when: boolean;\n children: React.ReactNode;\n fallback?: React.ReactNode;\n };\n\nconst Show = ({ children, ...props }: ShowProps) => {\n if (\"when\" in props) {\n const { when, fallback } = props;\n return when ? children : fallback;\n }\n\n let fallback: React.ReactNode | undefined;\n\n const cases = ReactChildren.toArray(children);\n for (let i = 0; i < cases.length; i++) {\n const child = cases[i];\n if (isValidElement(child)) {\n if (child.type === Case && child.props.when) {\n return child.props.children;\n } else if (child.type === Default) {\n if (fallback) {\n console.warn(\"[certimate] multiple Default components found in Show. Only the first will be used.\");\n continue;\n }\n fallback = child.props.children;\n }\n }\n }\n\n return fallback;\n};\n\nconst Case = ({ children, when }: { children: React.ReactNode; when: boolean }) => {\n return when ? children : null;\n};\n\nconst Default = ({ children }: { children: React.ReactNode }) => {\n return children;\n};\n\nconst _default = Object.assign(Show, {\n Case,\n Default,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/Tips.tsx",
"content": "import { IconBulb } from \"@tabler/icons-react\";\nimport { Alert, Flex, Typography, theme } from \"antd\";\n\nexport interface TipsProps {\n className?: string;\n style?: React.CSSProperties;\n message: React.ReactNode;\n}\n\nconst Tips = ({ className, style, message }: TipsProps) => {\n const { token: themeToken } = theme.useToken();\n\n return (\n \n \n
\n \n {message} \n
\n \n }\n type=\"info\"\n />\n );\n};\n\nexport default Tips;\n"
},
{
"path": "ui/src/components/access/AccessEditDrawer.tsx",
"content": "import { startTransition, useCallback, useState } from \"react\";\nimport { useTranslation } from \"react-i18next\";\nimport { IconChevronDown, IconX } from \"@tabler/icons-react\";\nimport { useControllableValue, useGetState } from \"ahooks\";\nimport { App, Button, Drawer, Dropdown, Flex, Form, Space } from \"antd\";\n\nimport { testPushNotification } from \"@/api/notifications\";\nimport AccessProviderPicker from \"@/components/provider/AccessProviderPicker\";\nimport Show from \"@/components/Show\";\nimport { type AccessModel } from \"@/domain/access\";\nimport { ACCESS_USAGES } from \"@/domain/provider\";\nimport { useTriggerElement, useZustandShallowSelector } from \"@/hooks\";\nimport { useAccessesStore } from \"@/stores/access\";\nimport { unwrapErrMsg } from \"@/utils/error\";\n\nimport AccessForm, { type AccessFormModes, type AccessFormProps, type AccessFormUsages } from \"./AccessForm\";\n\nexport interface AccessEditDrawerProps {\n afterClose?: () => void;\n afterSubmit?: (record: AccessModel) => void;\n data?: AccessFormProps[\"initialValues\"];\n loading?: boolean;\n mode: AccessFormModes;\n open?: boolean;\n trigger?: React.ReactNode;\n usage?: AccessFormUsages;\n onOpenChange?: (open: boolean) => void;\n}\n\nconst AccessEditDrawer = ({ afterSubmit, mode, data, loading, trigger, usage, ...props }: AccessEditDrawerProps) => {\n const { t } = useTranslation();\n\n const { message, notification } = App.useApp();\n\n const { createAccess, updateAccess } = useAccessesStore(useZustandShallowSelector([\"createAccess\", \"updateAccess\"]));\n\n const [open, setOpen] = useControllableValue(props, {\n valuePropName: \"open\",\n defaultValuePropName: \"defaultOpen\",\n trigger: \"onOpenChange\",\n });\n\n const afterClose = () => {\n setFormPending(false);\n setFormChanged(false);\n setIsTesting(false);\n props.afterClose?.();\n };\n\n const triggerEl = useTriggerElement(trigger, { onClick: () => setOpen(true) });\n\n const providerFilter = AccessForm.useProviderFilterByUsage(usage);\n\n const [formInst] = Form.useForm();\n const [formPending, setFormPending] = useState(false);\n const [formChanged, setFormChanged] = useState(false);\n\n const submitForm = async () => {\n let formValues: AccessModel;\n\n setFormPending(true);\n try {\n formValues = await formInst.validateFields();\n formValues.reserve = usage === \"ca\" ? \"ca\" : usage === \"notification\" ? \"notif\" : void 0;\n } catch (err) {\n message.warning(t(\"common.errmsg.form_invalid\"));\n\n setFormPending(false);\n throw err;\n }\n\n try {\n switch (mode) {\n case \"create\":\n {\n if (data?.id) {\n throw \"Invalid props: `data`\";\n }\n\n formValues = await createAccess(formValues);\n }\n break;\n\n case \"modify\":\n {\n if (!data?.id) {\n throw \"Invalid props: `data`\";\n }\n\n formValues = await updateAccess({ ...data, ...formValues });\n }\n break;\n\n default:\n throw \"Invalid props: `mode`\";\n }\n\n afterSubmit?.(formValues);\n } catch (err) {\n notification.error({ title: t(\"common.text.request_error\"), description: unwrapErrMsg(err) });\n\n throw err;\n } finally {\n setFormPending(false);\n }\n };\n\n const fieldProvider = Form.useWatch(\"provider\", { form: formInst, preserve: true });\n\n const [isTesting, setIsTesting] = useState(false);\n\n const handleProviderPick = (value: string) => {\n formInst.setFieldValue(\"provider\", value);\n };\n\n const handleFormChange = () => {\n setFormChanged(true);\n };\n\n const handleOkClick = async () => {\n await submitForm();\n setOpen(false);\n };\n\n const handleOkAndContinueClick = async () => {\n await submitForm();\n message.success(t(\"common.text.saved\"));\n };\n\n const handleCancelClick = () => {\n if (formPending) return;\n\n setOpen(false);\n };\n\n const handleTestPushClick = async () => {\n setIsTesting(true);\n\n try {\n await formInst.validateFields();\n } catch {\n setIsTesting(false);\n return;\n }\n\n try {\n await testPushNotification({ provider: fieldProvider, accessId: data!.id });\n message.success(t(\"common.text.operation_succeeded\"));\n } catch (err) {\n notification.error({ title: t(\"common.text.request_error\"), description: unwrapErrMsg(err) });\n } finally {\n setIsTesting(false);\n }\n };\n\n return (\n <>\n {triggerEl}\n\n !open && afterClose?.()}\n autoFocus\n closeIcon={false}\n destroyOnHidden\n footer={\n fieldProvider ? (\n \n {usage === \"notification\" ? (\n \n {t(\"access.action.test_notify.button\")}\n \n ) : (\n {/* TODO: 测试连接 */} \n )}\n \n \n {t(\"common.button.cancel\")}\n \n \n \n {mode === \"modify\" ? t(\"common.button.save\") : t(\"common.button.submit\")}\n \n \n \n \n \n \n \n ) : (\n false\n )\n }\n loading={loading}\n maskClosable={!formPending}\n open={open}\n size=\"large\"\n title={\n \n \n {mode === \"modify\" && !!data?.id ? t(\"access.action.modify.modal.title\") + ` #${data.id}` : t(`access.action.${mode}.modal.title`)}\n
\n \n }\n onClose={handleCancelClick}\n >\n \n \n\n \n \n \n );\n};\n\nconst useDrawer = () => {\n type DataType = AccessEditDrawerProps[\"data\"];\n const [data, setData, getData] = useGetState();\n const [loading, setLoading] = useState();\n const [open, setOpen] = useState(false);\n\n const onOpenChange = useCallback((open: boolean) => {\n setOpen(open);\n }, []);\n\n return {\n drawerProps: {\n afterClose: () => {\n startTransition(() => {\n if (!open) {\n setData(void 0);\n setLoading(void 0);\n }\n });\n },\n data,\n loading,\n open,\n onOpenChange,\n },\n\n open: ({ data, loading }: { data: NonNullable; loading?: boolean }) => {\n setData(data);\n setLoading(loading);\n setOpen(true);\n\n return {\n safeUpdate: ({ data, loading }: { data?: NonNullable; loading?: boolean }) => {\n if (data != null) {\n if (data.id !== getData()?.id) return; // 确保数据不脏读\n\n setData(data);\n }\n\n if (loading != null) {\n setLoading(loading);\n }\n },\n };\n },\n close: () => {\n setOpen(false);\n },\n };\n};\n\nconst _default = Object.assign(AccessEditDrawer, {\n useDrawer,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/AccessForm.tsx",
"content": "import { useTranslation } from \"react-i18next\";\nimport { Form, type FormInstance, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport AccessProviderSelect from \"@/components/provider/AccessProviderSelect\";\nimport { type AccessModel } from \"@/domain/access\";\nimport { ACCESS_PROVIDERS, ACCESS_USAGES } from \"@/domain/provider\";\nimport { useAntdForm } from \"@/hooks\";\n\nimport { FormNestedFieldsContextProvider } from \"./forms/_context\";\nimport { useProviderFilterByUsage } from \"./forms/_hooks\";\nimport AccessConfigFieldsProvider from \"./forms/AccessConfigFieldsProvider\";\n\nexport type AccessFormModes = \"create\" | \"modify\";\nexport type AccessFormUsages = \"dns\" | \"hosting\" | \"dns-hosting\" | \"ca\" | \"notification\";\n\nexport interface AccessFormProps {\n className?: string;\n style?: React.CSSProperties;\n disabled?: boolean;\n initialValues?: Nullish>;\n form: FormInstance;\n mode: AccessFormModes;\n usage?: AccessFormUsages;\n onFormValuesChange?: (changedValues: Nullish>, values: Nullish>) => void;\n}\n\nconst AccessForm = ({ className, style, disabled, initialValues, mode, usage, onFormValuesChange, ...props }: AccessFormProps) => {\n const { t } = useTranslation();\n\n const providerFilter = useProviderFilterByUsage(usage);\n\n const formSchema = z.object({\n name: z\n .string(t(\"access.form.name.placeholder\"))\n .min(1, t(\"access.form.name.placeholder\"))\n .max(64, t(\"common.errmsg.string_max\", { max: 64 })),\n provider: z.enum(ACCESS_PROVIDERS, t(\"access.form.provider.placeholder\")),\n config: z.any(),\n reserve: z.string().nullish(),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const { form: formInst, formProps } = useAntdForm>({\n form: props.form,\n name: \"accessForm\",\n initialValues: initialValues,\n });\n\n const fieldProvider = Form.useWatch(\"provider\", { form: formInst, preserve: true });\n\n const renderNestedFieldProviderComponent = AccessConfigFieldsProvider.useComponent(fieldProvider, {\n initProps: (provider) => {\n let props: object = { disabled: disabled };\n\n switch (provider) {\n case ACCESS_PROVIDERS.WEBHOOK:\n {\n props = {\n ...props,\n usage: usage === \"notification\" ? \"notification\" : usage === \"hosting\" || usage === \"dns-hosting\" ? \"deployment\" : \"none\",\n };\n }\n break;\n }\n\n return props;\n },\n deps: [disabled, usage],\n });\n\n return (\n \n \n \n\n : null}\n rules={[formRule]}\n >\n \n {renderNestedFieldProviderComponent && <>{renderNestedFieldProviderComponent}}\n \n \n );\n};\n\nconst _default = Object.assign(AccessForm, {\n useProviderFilterByUsage,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/AccessSelect.tsx",
"content": "import { useEffect, useState } from \"react\";\nimport { useMount } from \"ahooks\";\nimport { Avatar, Select, type SelectProps, Typography, theme } from \"antd\";\n\nimport { type AccessModel } from \"@/domain/access\";\nimport { accessProvidersMap } from \"@/domain/provider\";\nimport { useZustandShallowSelector } from \"@/hooks\";\nimport { useAccessesStore } from \"@/stores/access\";\nimport { matchSearchOption } from \"@/utils/search\";\n\nexport interface AccessTypeSelectProps extends Omit {\n onFilter?: (value: string, option: AccessModel) => boolean;\n}\n\nconst AccessSelect = ({ onFilter, ...props }: AccessTypeSelectProps) => {\n const { token: themeToken } = theme.useToken();\n\n const { accesses, loadedAtOnce, fetchAccesses } = useAccessesStore(useZustandShallowSelector([\"accesses\", \"loadedAtOnce\", \"fetchAccesses\"]));\n useMount(() => {\n fetchAccesses(false);\n });\n\n const [options, setOptions] = useState>([]);\n useEffect(() => {\n const filteredItems = onFilter != null ? accesses.filter((item) => onFilter(item.id, item)) : accesses;\n setOptions(\n filteredItems.map((item) => ({\n key: item.id,\n value: item.id,\n label: item.name,\n data: item,\n }))\n );\n }, [accesses, onFilter]);\n\n const renderOption = (key: string) => {\n const access = accesses.find((e) => e.id === key);\n if (!access) {\n return (\n \n );\n }\n\n const provider = accessProvidersMap.get(access.provider);\n return (\n \n );\n };\n\n return (\n matchSearchOption(inputValue, option!),\n optionFilterProp: \"label\",\n }}\n labelRender={({ value }) => {\n if (value != null) {\n return renderOption(value as string);\n }\n\n return {props.placeholder} ;\n }}\n loading={!loadedAtOnce}\n options={options}\n optionLabelProp={void 0}\n optionRender={(option) => renderOption(option.data.value)}\n />\n );\n};\n\nexport default AccessSelect;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProvider.tsx",
"content": "import { useEffect, useState } from \"react\";\r\n\r\nimport { ACCESS_PROVIDERS, type AccessProviderType } from \"@/domain/provider\";\r\n\r\nimport AccessConfigFieldsProvider1Panel from \"./AccessConfigFieldsProvider1Panel\";\r\nimport AccessConfigFieldsProvider35cn from \"./AccessConfigFieldsProvider35cn\";\r\nimport AccessConfigFieldsProvider51DNScom from \"./AccessConfigFieldsProvider51DNScom\";\r\nimport AccessConfigFieldsProviderACMECA from \"./AccessConfigFieldsProviderACMECA\";\r\nimport AccessConfigFieldsProviderACMEDNS from \"./AccessConfigFieldsProviderACMEDNS\";\r\nimport AccessConfigFieldsProviderACMEHttpReq from \"./AccessConfigFieldsProviderACMEHttpReq\";\r\nimport AccessConfigFieldsProviderActalisSSL from \"./AccessConfigFieldsProviderActalisSSL\";\r\nimport AccessConfigFieldsProviderAkamai from \"./AccessConfigFieldsProviderAkamai\";\r\nimport AccessConfigFieldsProviderAliyun from \"./AccessConfigFieldsProviderAliyun\";\r\nimport AccessConfigFieldsProviderAPISIX from \"./AccessConfigFieldsProviderAPISIX\";\r\nimport AccessConfigFieldsProviderArvanCloud from \"./AccessConfigFieldsProviderArvanCloud\";\r\nimport AccessConfigFieldsProviderAWS from \"./AccessConfigFieldsProviderAWS\";\r\nimport AccessConfigFieldsProviderAzure from \"./AccessConfigFieldsProviderAzure\";\r\nimport AccessConfigFieldsProviderBaiduCloud from \"./AccessConfigFieldsProviderBaiduCloud\";\r\nimport AccessConfigFieldsProviderBaishan from \"./AccessConfigFieldsProviderBaishan\";\r\nimport AccessConfigFieldsProviderBaotaPanel from \"./AccessConfigFieldsProviderBaotaPanel\";\r\nimport AccessConfigFieldsProviderBaotaPanelGo from \"./AccessConfigFieldsProviderBaotaPanelGo\";\r\nimport AccessConfigFieldsProviderBaotaWAF from \"./AccessConfigFieldsProviderBaotaWAF\";\r\nimport AccessConfigFieldsProviderBookMyName from \"./AccessConfigFieldsProviderBookMyName\";\r\nimport AccessConfigFieldsProviderBunny from \"./AccessConfigFieldsProviderBunny\";\r\nimport AccessConfigFieldsProviderBytePlus from \"./AccessConfigFieldsProviderBytePlus\";\r\nimport AccessConfigFieldsProviderCacheFly from \"./AccessConfigFieldsProviderCacheFly\";\r\nimport AccessConfigFieldsProviderCdnfly from \"./AccessConfigFieldsProviderCdnfly\";\r\nimport AccessConfigFieldsProviderCloudflare from \"./AccessConfigFieldsProviderCloudflare\";\r\nimport AccessConfigFieldsProviderClouDNS from \"./AccessConfigFieldsProviderClouDNS\";\r\nimport AccessConfigFieldsProviderCMCCCloud from \"./AccessConfigFieldsProviderCMCCCloud\";\r\nimport AccessConfigFieldsProviderConstellix from \"./AccessConfigFieldsProviderConstellix\";\r\nimport AccessConfigFieldsProviderCPanel from \"./AccessConfigFieldsProviderCPanel\";\r\nimport AccessConfigFieldsProviderCTCCCloud from \"./AccessConfigFieldsProviderCTCCCloud\";\r\nimport AccessConfigFieldsProviderDeSEC from \"./AccessConfigFieldsProviderDeSEC\";\r\nimport AccessConfigFieldsProviderDigiCert from \"./AccessConfigFieldsProviderDigiCert\";\r\nimport AccessConfigFieldsProviderDigitalOcean from \"./AccessConfigFieldsProviderDigitalOcean\";\r\nimport AccessConfigFieldsProviderDingTalkBot from \"./AccessConfigFieldsProviderDingTalkBot\";\r\nimport AccessConfigFieldsProviderDiscordBot from \"./AccessConfigFieldsProviderDiscordBot\";\r\nimport AccessConfigFieldsProviderDNSExit from \"./AccessConfigFieldsProviderDNSExit\";\r\nimport AccessConfigFieldsProviderDNSLA from \"./AccessConfigFieldsProviderDNSLA\";\r\nimport AccessConfigFieldsProviderDNSMadeEasy from \"./AccessConfigFieldsProviderDNSMadeEasy\";\r\nimport AccessConfigFieldsProviderDogeCloud from \"./AccessConfigFieldsProviderDogeCloud\";\r\nimport AccessConfigFieldsProviderDokploy from \"./AccessConfigFieldsProviderDokploy\";\r\nimport AccessConfigFieldsProviderDuckDNS from \"./AccessConfigFieldsProviderDuckDNS\";\r\nimport AccessConfigFieldsProviderDynu from \"./AccessConfigFieldsProviderDynu\";\r\nimport AccessConfigFieldsProviderDynv6 from \"./AccessConfigFieldsProviderDynv6\";\r\nimport AccessConfigFieldsProviderEmail from \"./AccessConfigFieldsProviderEmail\";\r\nimport AccessConfigFieldsProviderFlexCDN from \"./AccessConfigFieldsProviderFlexCDN\";\r\nimport AccessConfigFieldsProviderFlyIO from \"./AccessConfigFieldsProviderFlyIO\";\r\nimport AccessConfigFieldsProviderGandinet from \"./AccessConfigFieldsProviderGandinet\";\r\nimport AccessConfigFieldsProviderGcore from \"./AccessConfigFieldsProviderGcore\";\r\nimport AccessConfigFieldsProviderGlobalSignAtlas from \"./AccessConfigFieldsProviderGlobalSignAtlas\";\r\nimport AccessConfigFieldsProviderGname from \"./AccessConfigFieldsProviderGname\";\r\nimport AccessConfigFieldsProviderGoDaddy from \"./AccessConfigFieldsProviderGoDaddy\";\r\nimport AccessConfigFieldsProviderGoEdge from \"./AccessConfigFieldsProviderGoEdge\";\r\nimport AccessConfigFieldsProviderGoogleTrustServices from \"./AccessConfigFieldsProviderGoogleTrustServices\";\r\nimport AccessConfigFieldsProviderHetzner from \"./AccessConfigFieldsProviderHetzner\";\r\nimport AccessConfigFieldsProviderHostingde from \"./AccessConfigFieldsProviderHostingde\";\r\nimport AccessConfigFieldsProviderHostinger from \"./AccessConfigFieldsProviderHostinger\";\r\nimport AccessConfigFieldsProviderHuaweiCloud from \"./AccessConfigFieldsProviderHuaweiCloud\";\r\nimport AccessConfigFieldsProviderInfomaniak from \"./AccessConfigFieldsProviderInfomaniak\";\r\nimport AccessConfigFieldsProviderIONOS from \"./AccessConfigFieldsProviderIONOS\";\r\nimport AccessConfigFieldsProviderJDCloud from \"./AccessConfigFieldsProviderJDCloud\";\r\nimport AccessConfigFieldsProviderKong from \"./AccessConfigFieldsProviderKong\";\r\nimport AccessConfigFieldsProviderKsyun from \"./AccessConfigFieldsProviderKsyun\";\r\nimport AccessConfigFieldsProviderKubernetes from \"./AccessConfigFieldsProviderKubernetes\";\r\nimport AccessConfigFieldsProviderLarkBot from \"./AccessConfigFieldsProviderLarkBot\";\r\nimport AccessConfigFieldsProviderLeCDN from \"./AccessConfigFieldsProviderLeCDN\";\r\nimport AccessConfigFieldsProviderLinode from \"./AccessConfigFieldsProviderLinode\";\r\nimport AccessConfigFieldsProviderLiteSSL from \"./AccessConfigFieldsProviderLiteSSL\";\r\nimport AccessConfigFieldsProviderMattermost from \"./AccessConfigFieldsProviderMattermost\";\r\nimport AccessConfigFieldsProviderMohua from \"./AccessConfigFieldsProviderMohua\";\r\nimport AccessConfigFieldsProviderNamecheap from \"./AccessConfigFieldsProviderNamecheap\";\r\nimport AccessConfigFieldsProviderNameDotCom from \"./AccessConfigFieldsProviderNameDotCom\";\r\nimport AccessConfigFieldsProviderNameSilo from \"./AccessConfigFieldsProviderNameSilo\";\r\nimport AccessConfigFieldsProviderNetcup from \"./AccessConfigFieldsProviderNetcup\";\r\nimport AccessConfigFieldsProviderNetlify from \"./AccessConfigFieldsProviderNetlify\";\r\nimport AccessConfigFieldsProviderNginxProxyManager from \"./AccessConfigFieldsProviderNginxProxyManager\";\r\nimport AccessConfigFieldsProviderNS1 from \"./AccessConfigFieldsProviderNS1\";\r\nimport AccessConfigFieldsProviderOVHcloud from \"./AccessConfigFieldsProviderOVHcloud\";\r\nimport AccessConfigFieldsProviderPorkbun from \"./AccessConfigFieldsProviderPorkbun\";\r\nimport AccessConfigFieldsProviderPowerDNS from \"./AccessConfigFieldsProviderPowerDNS\";\r\nimport AccessConfigFieldsProviderProxmoxVE from \"./AccessConfigFieldsProviderProxmoxVE\";\r\nimport AccessConfigFieldsProviderQingCloud from \"./AccessConfigFieldsProviderQingCloud\";\r\nimport AccessConfigFieldsProviderQiniu from \"./AccessConfigFieldsProviderQiniu\";\r\nimport AccessConfigFieldsProviderRainYun from \"./AccessConfigFieldsProviderRainYun\";\r\nimport AccessConfigFieldsProviderRatPanel from \"./AccessConfigFieldsProviderRatPanel\";\r\nimport AccessConfigFieldsProviderRFC2136 from \"./AccessConfigFieldsProviderRFC2136\";\r\nimport AccessConfigFieldsProviderS3 from \"./AccessConfigFieldsProviderS3\";\r\nimport AccessConfigFieldsProviderSafeLine from \"./AccessConfigFieldsProviderSafeLine\";\r\nimport AccessConfigFieldsProviderSectigo from \"./AccessConfigFieldsProviderSectigo\";\r\nimport AccessConfigFieldsProviderSlackBot from \"./AccessConfigFieldsProviderSlackBot\";\r\nimport AccessConfigFieldsProviderSpaceship from \"./AccessConfigFieldsProviderSpaceship\";\r\nimport AccessConfigFieldsProviderSSH from \"./AccessConfigFieldsProviderSSH\";\r\nimport AccessConfigFieldsProviderSSLCom from \"./AccessConfigFieldsProviderSSLCom\";\r\nimport AccessConfigFieldsProviderSynologyDSM from \"./AccessConfigFieldsProviderSynologyDSM\";\r\nimport AccessConfigFieldsProviderTechnitiumDNS from \"./AccessConfigFieldsProviderTechnitiumDNS\";\r\nimport AccessConfigFieldsProviderTelegramBot from \"./AccessConfigFieldsProviderTelegramBot\";\r\nimport AccessConfigFieldsProviderTencentCloud from \"./AccessConfigFieldsProviderTencentCloud\";\r\nimport AccessConfigFieldsProviderTodayNIC from \"./AccessConfigFieldsProviderTodayNIC\";\r\nimport AccessConfigFieldsProviderUCloud from \"./AccessConfigFieldsProviderUCloud\";\r\nimport AccessConfigFieldsProviderUniCloud from \"./AccessConfigFieldsProviderUniCloud\";\r\nimport AccessConfigFieldsProviderUpyun from \"./AccessConfigFieldsProviderUpyun\";\r\nimport AccessConfigFieldsProviderVercel from \"./AccessConfigFieldsProviderVercel\";\r\nimport AccessConfigFieldsProviderVolcEngine from \"./AccessConfigFieldsProviderVolcEngine\";\r\nimport AccessConfigFieldsProviderVultr from \"./AccessConfigFieldsProviderVultr\";\r\nimport AccessConfigFieldsProviderWangsu from \"./AccessConfigFieldsProviderWangsu\";\r\nimport AccessConfigFieldsProviderWebhook from \"./AccessConfigFieldsProviderWebhook\";\r\nimport AccessConfigFieldsProviderWeComBot from \"./AccessConfigFieldsProviderWeComBot\";\r\nimport AccessConfigFieldsProviderWestcn from \"./AccessConfigFieldsProviderWestcn\";\r\nimport AccessConfigFieldsProviderXinnet from \"./AccessConfigFieldsProviderXinnet\";\r\nimport AccessConfigFieldsProviderZeroSSL from \"./AccessConfigFieldsProviderZeroSSL\";\r\n\r\nconst providerComponentMap: Partial>> = {\r\n /*\r\n 注意:如果追加新的子组件,请保持以 ASCII 排序。\r\n NOTICE: If you add new child component, please keep ASCII order.\r\n */\r\n [ACCESS_PROVIDERS[\"1PANEL\"]]: AccessConfigFieldsProvider1Panel,\r\n [ACCESS_PROVIDERS[\"35CN\"]]: AccessConfigFieldsProvider35cn,\r\n [ACCESS_PROVIDERS[\"51DNSCOM\"]]: AccessConfigFieldsProvider51DNScom,\r\n [ACCESS_PROVIDERS.ACMECA]: AccessConfigFieldsProviderACMECA,\r\n [ACCESS_PROVIDERS.ACMEDNS]: AccessConfigFieldsProviderACMEDNS,\r\n [ACCESS_PROVIDERS.ACMEHTTPREQ]: AccessConfigFieldsProviderACMEHttpReq,\r\n [ACCESS_PROVIDERS.ACTALISSSL]: AccessConfigFieldsProviderActalisSSL,\r\n [ACCESS_PROVIDERS.AKAMAI]: AccessConfigFieldsProviderAkamai,\r\n [ACCESS_PROVIDERS.ALIYUN]: AccessConfigFieldsProviderAliyun,\r\n [ACCESS_PROVIDERS.APISIX]: AccessConfigFieldsProviderAPISIX,\r\n [ACCESS_PROVIDERS.ARVANCLOUD]: AccessConfigFieldsProviderArvanCloud,\r\n [ACCESS_PROVIDERS.AWS]: AccessConfigFieldsProviderAWS,\r\n [ACCESS_PROVIDERS.AZURE]: AccessConfigFieldsProviderAzure,\r\n [ACCESS_PROVIDERS.BAIDUCLOUD]: AccessConfigFieldsProviderBaiduCloud,\r\n [ACCESS_PROVIDERS.BAISHAN]: AccessConfigFieldsProviderBaishan,\r\n [ACCESS_PROVIDERS.BAOTAPANEL]: AccessConfigFieldsProviderBaotaPanel,\r\n [ACCESS_PROVIDERS.BAOTAPANELGO]: AccessConfigFieldsProviderBaotaPanelGo,\r\n [ACCESS_PROVIDERS.BAOTAWAF]: AccessConfigFieldsProviderBaotaWAF,\r\n [ACCESS_PROVIDERS.BOOKMYNAME]: AccessConfigFieldsProviderBookMyName,\r\n [ACCESS_PROVIDERS.BUNNY]: AccessConfigFieldsProviderBunny,\r\n [ACCESS_PROVIDERS.BYTEPLUS]: AccessConfigFieldsProviderBytePlus,\r\n [ACCESS_PROVIDERS.CACHEFLY]: AccessConfigFieldsProviderCacheFly,\r\n [ACCESS_PROVIDERS.CDNFLY]: AccessConfigFieldsProviderCdnfly,\r\n [ACCESS_PROVIDERS.CLOUDFLARE]: AccessConfigFieldsProviderCloudflare,\r\n [ACCESS_PROVIDERS.CLOUDNS]: AccessConfigFieldsProviderClouDNS,\r\n [ACCESS_PROVIDERS.CMCCCLOUD]: AccessConfigFieldsProviderCMCCCloud,\r\n [ACCESS_PROVIDERS.CONSTELLIX]: AccessConfigFieldsProviderConstellix,\r\n [ACCESS_PROVIDERS.CPANEL]: AccessConfigFieldsProviderCPanel,\r\n [ACCESS_PROVIDERS.CTCCCLOUD]: AccessConfigFieldsProviderCTCCCloud,\r\n [ACCESS_PROVIDERS.DESEC]: AccessConfigFieldsProviderDeSEC,\r\n [ACCESS_PROVIDERS.DIGICERT]: AccessConfigFieldsProviderDigiCert,\r\n [ACCESS_PROVIDERS.DIGITALOCEAN]: AccessConfigFieldsProviderDigitalOcean,\r\n [ACCESS_PROVIDERS.DINGTALKBOT]: AccessConfigFieldsProviderDingTalkBot,\r\n [ACCESS_PROVIDERS.DISCORDBOT]: AccessConfigFieldsProviderDiscordBot,\r\n [ACCESS_PROVIDERS.DNSEXIT]: AccessConfigFieldsProviderDNSExit,\r\n [ACCESS_PROVIDERS.DNSLA]: AccessConfigFieldsProviderDNSLA,\r\n [ACCESS_PROVIDERS.DNSMADEEASY]: AccessConfigFieldsProviderDNSMadeEasy,\r\n [ACCESS_PROVIDERS.DOKPLOY]: AccessConfigFieldsProviderDokploy,\r\n [ACCESS_PROVIDERS.DOGECLOUD]: AccessConfigFieldsProviderDogeCloud,\r\n [ACCESS_PROVIDERS.DUCKDNS]: AccessConfigFieldsProviderDuckDNS,\r\n [ACCESS_PROVIDERS.DYNU]: AccessConfigFieldsProviderDynu,\r\n [ACCESS_PROVIDERS.DYNV6]: AccessConfigFieldsProviderDynv6,\r\n [ACCESS_PROVIDERS.EMAIL]: AccessConfigFieldsProviderEmail,\r\n [ACCESS_PROVIDERS.FLEXCDN]: AccessConfigFieldsProviderFlexCDN,\r\n [ACCESS_PROVIDERS.FLYIO]: AccessConfigFieldsProviderFlyIO,\r\n [ACCESS_PROVIDERS.GANDINET]: AccessConfigFieldsProviderGandinet,\r\n [ACCESS_PROVIDERS.GCORE]: AccessConfigFieldsProviderGcore,\r\n [ACCESS_PROVIDERS.GNAME]: AccessConfigFieldsProviderGname,\r\n [ACCESS_PROVIDERS.GODADDY]: AccessConfigFieldsProviderGoDaddy,\r\n [ACCESS_PROVIDERS.GOEDGE]: AccessConfigFieldsProviderGoEdge,\r\n [ACCESS_PROVIDERS.GLOBALSIGNATLAS]: AccessConfigFieldsProviderGlobalSignAtlas,\r\n [ACCESS_PROVIDERS.GOOGLETRUSTSERVICES]: AccessConfigFieldsProviderGoogleTrustServices,\r\n [ACCESS_PROVIDERS.HETZNER]: AccessConfigFieldsProviderHetzner,\r\n [ACCESS_PROVIDERS.HOSTINGDE]: AccessConfigFieldsProviderHostingde,\r\n [ACCESS_PROVIDERS.HOSTINGER]: AccessConfigFieldsProviderHostinger,\r\n [ACCESS_PROVIDERS.HUAWEICLOUD]: AccessConfigFieldsProviderHuaweiCloud,\r\n [ACCESS_PROVIDERS.IONOS]: AccessConfigFieldsProviderIONOS,\r\n [ACCESS_PROVIDERS.JDCLOUD]: AccessConfigFieldsProviderJDCloud,\r\n [ACCESS_PROVIDERS.KONG]: AccessConfigFieldsProviderKong,\r\n [ACCESS_PROVIDERS.KUBERNETES]: AccessConfigFieldsProviderKubernetes,\r\n [ACCESS_PROVIDERS.KSYUN]: AccessConfigFieldsProviderKsyun,\r\n [ACCESS_PROVIDERS.LARKBOT]: AccessConfigFieldsProviderLarkBot,\r\n [ACCESS_PROVIDERS.LECDN]: AccessConfigFieldsProviderLeCDN,\r\n [ACCESS_PROVIDERS.INFOMANIAK]: AccessConfigFieldsProviderInfomaniak,\r\n [ACCESS_PROVIDERS.LINODE]: AccessConfigFieldsProviderLinode,\r\n [ACCESS_PROVIDERS.LITESSL]: AccessConfigFieldsProviderLiteSSL,\r\n [ACCESS_PROVIDERS.MATTERMOST]: AccessConfigFieldsProviderMattermost,\r\n [ACCESS_PROVIDERS.MOHUA]: AccessConfigFieldsProviderMohua,\r\n [ACCESS_PROVIDERS.NAMECHEAP]: AccessConfigFieldsProviderNamecheap,\r\n [ACCESS_PROVIDERS.NAMEDOTCOM]: AccessConfigFieldsProviderNameDotCom,\r\n [ACCESS_PROVIDERS.NAMESILO]: AccessConfigFieldsProviderNameSilo,\r\n [ACCESS_PROVIDERS.NETCUP]: AccessConfigFieldsProviderNetcup,\r\n [ACCESS_PROVIDERS.NETLIFY]: AccessConfigFieldsProviderNetlify,\r\n [ACCESS_PROVIDERS.NGINXPROXYMANAGER]: AccessConfigFieldsProviderNginxProxyManager,\r\n [ACCESS_PROVIDERS.NS1]: AccessConfigFieldsProviderNS1,\r\n [ACCESS_PROVIDERS.OVHCLOUD]: AccessConfigFieldsProviderOVHcloud,\r\n [ACCESS_PROVIDERS.PORKBUN]: AccessConfigFieldsProviderPorkbun,\r\n [ACCESS_PROVIDERS.POWERDNS]: AccessConfigFieldsProviderPowerDNS,\r\n [ACCESS_PROVIDERS.PROXMOXVE]: AccessConfigFieldsProviderProxmoxVE,\r\n [ACCESS_PROVIDERS.QINGCLOUD]: AccessConfigFieldsProviderQingCloud,\r\n [ACCESS_PROVIDERS.QINIU]: AccessConfigFieldsProviderQiniu,\r\n [ACCESS_PROVIDERS.RAINYUN]: AccessConfigFieldsProviderRainYun,\r\n [ACCESS_PROVIDERS.RATPANEL]: AccessConfigFieldsProviderRatPanel,\r\n [ACCESS_PROVIDERS.RFC2136]: AccessConfigFieldsProviderRFC2136,\r\n [ACCESS_PROVIDERS.S3]: AccessConfigFieldsProviderS3,\r\n [ACCESS_PROVIDERS.SAFELINE]: AccessConfigFieldsProviderSafeLine,\r\n [ACCESS_PROVIDERS.SECTIGO]: AccessConfigFieldsProviderSectigo,\r\n [ACCESS_PROVIDERS.SLACKBOT]: AccessConfigFieldsProviderSlackBot,\r\n [ACCESS_PROVIDERS.SPACESHIP]: AccessConfigFieldsProviderSpaceship,\r\n [ACCESS_PROVIDERS.SSLCOM]: AccessConfigFieldsProviderSSLCom,\r\n [ACCESS_PROVIDERS.SSH]: AccessConfigFieldsProviderSSH,\r\n [ACCESS_PROVIDERS.SYNOLOGYDSM]: AccessConfigFieldsProviderSynologyDSM,\r\n [ACCESS_PROVIDERS.TECHNITIUMDNS]: AccessConfigFieldsProviderTechnitiumDNS,\r\n [ACCESS_PROVIDERS.TELEGRAMBOT]: AccessConfigFieldsProviderTelegramBot,\r\n [ACCESS_PROVIDERS.TENCENTCLOUD]: AccessConfigFieldsProviderTencentCloud,\r\n [ACCESS_PROVIDERS.TODAYNIC]: AccessConfigFieldsProviderTodayNIC,\r\n [ACCESS_PROVIDERS.UCLOUD]: AccessConfigFieldsProviderUCloud,\r\n [ACCESS_PROVIDERS.UNICLOUD]: AccessConfigFieldsProviderUniCloud,\r\n [ACCESS_PROVIDERS.UPYUN]: AccessConfigFieldsProviderUpyun,\r\n [ACCESS_PROVIDERS.VERCEL]: AccessConfigFieldsProviderVercel,\r\n [ACCESS_PROVIDERS.VOLCENGINE]: AccessConfigFieldsProviderVolcEngine,\r\n [ACCESS_PROVIDERS.VULTR]: AccessConfigFieldsProviderVultr,\r\n [ACCESS_PROVIDERS.WANGSU]: AccessConfigFieldsProviderWangsu,\r\n [ACCESS_PROVIDERS.WEBHOOK]: AccessConfigFieldsProviderWebhook,\r\n [ACCESS_PROVIDERS.WECOMBOT]: AccessConfigFieldsProviderWeComBot,\r\n [ACCESS_PROVIDERS.WESTCN]: AccessConfigFieldsProviderWestcn,\r\n [ACCESS_PROVIDERS.XINNET]: AccessConfigFieldsProviderXinnet,\r\n [ACCESS_PROVIDERS.ZEROSSL]: AccessConfigFieldsProviderZeroSSL,\r\n};\r\n\r\nconst useComponent = (provider: string, { initProps, deps = [] }: { initProps?: (provider: string) => any; deps?: unknown[] }) => {\r\n const initComponent = () => {\r\n const Component = providerComponentMap[provider as AccessProviderType];\r\n if (!Component) return null;\r\n\r\n const props = initProps?.(provider);\r\n if (props) {\r\n return \n \n ({ label: s, value: s }))} placeholder={t(\"access.form.1panel_api_version.placeholder\")} />\n \n\n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:20410/\",\n apiVersion: \"v1\",\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n apiVersion: z.string().nonempty(t(\"access.form.1panel_api_version.placeholder\")),\n apiKey: z.string().nonempty(t(\"access.form.1panel_api_key.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProvider1Panel, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProvider35cn.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport Tips from \"@/components/Tips\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProvider35cn = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n \n\n \n \n } />\n \n \n );\n};\n\nconst getInitialValues = (): Nullish>> => {\n return {\n username: \"\",\n apiPassword: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n username: z.string().nonempty(t(\"access.form.35cn_username.placeholder\")),\n apiPassword: z.string().nonempty(t(\"access.form.35cn_api_password.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProvider35cn, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProvider51DNScom.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProvider51DNScom = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n apiKey: \"\",\n apiSecret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiKey: z.string().nonempty(t(\"access.form.51dnscom_api_key.placeholder\")),\n apiSecret: z.string().nonempty(t(\"access.form.51dnscom_api_secret.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProvider51DNScom, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderACMECA.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderACMECA = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n \n \n\n \n >> => {\n return {\n endpoint: \"https://example.com/acme/directory\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n endpoint: z.url(t(\"common.errmsg.url_invalid\")),\n eabKid: z.string().nullish(),\n eabHmacKey: z.string().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderACMECA, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderACMEDNS.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod/v4\";\n\nimport FileTextInput from \"@/components/FileTextInput\";\nimport { isJsonObject } from \"@/utils/validator\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFieldsProviderACMEDNS = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n }\n >\n >> => {\n return {\n serverUrl: \"https://auth.acme-dns.io/\",\n credentials: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n credentials: z.string().refine((v) => isJsonObject(v), t(\"common.errmsg.json_invalid\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFieldsProviderACMEDNS, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderACMEHttpReq.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Select } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderACMEHttpReq = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n }\n >\n }\n >\n >> => {\n return {\n endpoint: \"https://example.com/api/\",\n mode: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n endpoint: z.url(t(\"common.errmsg.url_invalid\")),\n mode: z.string().nullish(),\n username: z.string().nullish(),\n password: z.string().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderACMEHttpReq, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderAPISIX.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderAPISIX = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:9180/\",\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n apiKey: z.string().nonempty(t(\"access.form.apisix_api_key.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderAPISIX, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderAWS.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderAWS = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n accessKeyId: \"\",\n secretAccessKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessKeyId: z.string().nonempty(t(\"access.form.aws_access_key_id.placeholder\")),\n secretAccessKey: z.string().nonempty(t(\"access.form.aws_secret_access_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderAWS, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderActalisSSL.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport Tips from \"@/components/Tips\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderActalisSSL = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n \n\n \n \n } />\n \n \n );\n};\n\nconst getInitialValues = (): Nullish>> => {\n return {\n eabKid: \"\",\n eabHmacKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n eabKid: z.string().nonempty(t(\"access.form.shared_acme_eab_kid.placeholder\")),\n eabHmacKey: z.string().nonempty(t(\"access.form.shared_acme_eab_hmac_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderActalisSSL, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderAkamai.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderAkamai = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n }\n >\n }\n >\n >> => {\n return {\n host: \"\",\n clientToken: \"\",\n clientSecret: \"\",\n accessToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n host: z.string().nonempty(t(\"access.form.akamai_host.placeholder\")),\n clientToken: z.string().nonempty(t(\"access.form.akamai_client_token.placeholder\")),\n clientSecret: z.string().nonempty(t(\"access.form.akamai_client_secret.placeholder\")),\n accessToken: z.string().nonempty(t(\"access.form.akamai_access_token.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderAkamai, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderAliyun.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderAliyun = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n }\n >\n >> => {\n return {\n accessKeyId: \"\",\n accessKeySecret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessKeyId: z.string().nonempty(t(\"access.form.aliyun_access_key_id.placeholder\")),\n accessKeySecret: z.string().nonempty(t(\"access.form.aliyun_access_key_secret.placeholder\")),\n resourceGroupId: z.string().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderAliyun, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderArvanCloud.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderArvanCloud = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n >> => {\n return {\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiKey: z.string().nonempty(t(\"access.form.arvancloud_api_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderArvanCloud, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderAzure.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { AutoComplete, Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { matchSearchOption } from \"@/utils/search\";\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderAzure = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n }\n >\n }\n >\n }\n >\n }\n >\n ({ value }))}\n placeholder={t(\"access.form.azure_cloud_name.placeholder\")}\n showSearch={{\n filterOption: (inputValue, option) => matchSearchOption(inputValue, option!),\n }}\n />\n \n \n );\n};\n\nconst getInitialValues = (): Nullish>> => {\n return {\n tenantId: \"\",\n clientId: \"\",\n clientSecret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n tenantId: z.string().nonempty(t(\"access.form.azure_tenant_id.placeholder\")),\n clientId: z.string().nonempty(t(\"access.form.azure_client_id.placeholder\")),\n clientSecret: z.string().nonempty(t(\"access.form.azure_client_secret.placeholder\")),\n subscriptionId: z.string().nullish(),\n resourceGroupName: z.string().nullish(),\n cloudName: z.string().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderAzure, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBaiduCloud.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBaiduCloud = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n accessKeyId: \"\",\n secretAccessKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessKeyId: z.string().nonempty(t(\"access.form.baiducloud_access_key_id.placeholder\")),\n secretAccessKey: z.string().nonempty(t(\"access.form.baiducloud_secret_access_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBaiduCloud, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBaishan.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBaishan = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n \n \n );\n};\n\nconst getInitialValues = (): Nullish>> => {\n return {\n apiToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiToken: z.string().nonempty(t(\"access.form.baishan_api_token.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBaishan, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBaotaPanel.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBaotaPanel = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:8888/\",\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n apiKey: z.string().nonempty(t(\"access.form.baotapanel_api_key.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBaotaPanel, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBaotaPanelGo.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBaotaPanelGo = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:8888/\",\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n apiKey: z.string().nonempty(t(\"access.form.baotapanelgo_api_key.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBaotaPanelGo, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBaotaWAF.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBaotaWAF = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:8379/\",\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n apiKey: z.string().nonempty(t(\"access.form.baotawaf_api_key.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBaotaWAF, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBookMyName.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBookMyName = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n \n >> => {\n return {\n username: \"\",\n password: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n username: z.string().nonempty(t(\"access.form.bookmyname_username.placeholder\")),\n password: z.string().nonempty(t(\"access.form.bookmyname_password.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBookMyName, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBunny.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBunny = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n >> => {\n return {\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiKey: z.string().nonempty(t(\"access.form.bunny_api_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBunny, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderBytePlus.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderBytePlus = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n accessKey: \"\",\n secretKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessKey: z.string().nonempty(t(\"access.form.byteplus_access_key.placeholder\")),\n secretKey: z.string().nonempty(t(\"access.form.byteplus_secret_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderBytePlus, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderCMCCCloud.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderCMCCCloud = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n accessKeyId: \"\",\n accessKeySecret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessKeyId: z.string().nonempty(t(\"access.form.cmcccloud_access_key_id.placeholder\")),\n accessKeySecret: z.string().nonempty(t(\"access.form.cmcccloud_access_key_secret.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderCMCCCloud, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderCPanel.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderCPanel = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n \n \n\n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:2082/\",\n username: \"\",\n apiToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n username: z.string().nonempty(t(\"access.form.cpanel_username.placeholder\")),\n apiToken: z.string().nonempty(t(\"access.form.cpanel_api_token.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderCPanel, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderCTCCCloud.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderCTCCCloud = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n accessKeyId: \"\",\n secretAccessKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessKeyId: z.string().nonempty(t(\"access.form.ctcccloud_access_key_id.placeholder\")),\n secretAccessKey: z.string().nonempty(t(\"access.form.ctcccloud_secret_access_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderCTCCCloud, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderCacheFly.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderCacheFly = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n \n \n );\n};\n\nconst getInitialValues = (): Nullish>> => {\n return {\n apiToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiToken: z.string().nonempty(t(\"access.form.cachefly_api_token.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderCacheFly, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderCdnfly.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderCdnfly = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n }\n >\n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:88/\",\n apiKey: \"\",\n apiSecret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n apiKey: z.string().nonempty(t(\"access.form.cdnfly_api_key.placeholder\")),\n apiSecret: z.string().nonempty(t(\"access.form.cdnfly_api_secret.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderCdnfly, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderClouDNS.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderClouDNS = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n authId: \"\",\n authPassword: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n authId: z.string().nonempty(t(\"access.form.cloudns_auth_id.placeholder\")),\n authPassword: z.string().nonempty(t(\"access.form.cloudns_auth_password.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderClouDNS, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderCloudflare.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderCloudflare = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n rules={[formRule]}\n tooltip={>> => {\n return {\n dnsApiToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n dnsApiToken: z.string().nonempty(t(\"access.form.cloudflare_dns_api_token.placeholder\")),\n zoneApiToken: z.string().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderCloudflare, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderConstellix.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderConstellix = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n apiKey: \"\",\n secretKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiKey: z.string().nonempty(t(\"access.form.constellix_api_key.placeholder\")),\n secretKey: z.string().nonempty(t(\"access.form.constellix_secret_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderConstellix, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDNSExit.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\r\nimport { Form, Input } from \"antd\";\r\nimport { createSchemaFieldRule } from \"antd-zod\";\r\nimport { z } from \"zod\";\r\n\r\nimport { useFormNestedFieldsContext } from \"./_context\";\r\n\r\nconst AccessConfigFormFieldsProviderDNSExit = () => {\r\n const { i18n, t } = useTranslation();\r\n\r\n const { parentNamePath } = useFormNestedFieldsContext();\r\n const formSchema = z.object({\r\n [parentNamePath]: getSchema({ i18n }),\r\n });\r\n const formRule = createSchemaFieldRule(formSchema);\r\n const initialValues = getInitialValues();\r\n\r\n return (\r\n <>\r\n }\r\n >\r\n >> => {\r\n return {\r\n apiKey: \"\",\r\n };\r\n};\r\n\r\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\r\n const { t } = i18n;\r\n\r\n return z.object({\r\n apiKey: z.string().nonempty(t(\"access.form.dnsexit_api_key.placeholder\")),\r\n });\r\n};\r\n\r\nconst _default = Object.assign(AccessConfigFormFieldsProviderDNSExit, {\r\n getInitialValues,\r\n getSchema,\r\n});\r\n\r\nexport default _default;\r\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDNSLA.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDNSLA = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n apiId: \"\",\n apiSecret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiId: z.string().nonempty(t(\"access.form.dnsla_api_id.placeholder\")),\n apiSecret: z.string().nonempty(t(\"access.form.dnsla_api_secret.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDNSLA, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDNSMadeEasy.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDNSMadeEasy = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n apiKey: \"\",\n apiSecret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiKey: z.string().nonempty(t(\"access.form.dnsmadeeasy_api_key.placeholder\")),\n apiSecret: z.string().nonempty(t(\"access.form.dnsmadeeasy_api_secret.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDNSMadeEasy, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDeSEC.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDeSEC = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n >> => {\n return {\n token: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n token: z.string().nonempty(t(\"access.form.desec_token.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDeSEC, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDigiCert.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport Tips from \"@/components/Tips\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDigiCert = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n \n\n \n \n } />\n \n \n );\n};\n\nconst getInitialValues = (): Nullish>> => {\n return {\n eabKid: \"\",\n eabHmacKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n eabKid: z.string().nonempty(t(\"access.form.shared_acme_eab_kid.placeholder\")),\n eabHmacKey: z.string().nonempty(t(\"access.form.shared_acme_eab_hmac_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDigiCert, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDigitalOcean.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDigitalOcean = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n >> => {\n return {\n accessToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessToken: z.string().nonempty(t(\"access.form.digitalocean_access_token.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDigitalOcean, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDingTalkBot.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Checkbox, Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport CodeTextInput from \"@/components/CodeTextInput\";\nimport { isJsonObject } from \"@/utils/validator\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDingTalkBot = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const formInst = Form.useFormInstance>();\n const initialValues = getInitialValues();\n\n const fieldUseCustomPayload = Form.useWatch([parentNamePath, \"useCustomPayload\"], formInst);\n\n const handleCustomPayloadChecked = (checked: boolean) => {\n formInst.setFieldValue([parentNamePath, \"useCustomPayload\"], checked);\n if (checked) {\n formInst.setFieldValue([parentNamePath, \"customPayload\"], commonPayloadString);\n } else {\n formInst.setFieldValue([parentNamePath, \"customPayload\"], void 0);\n }\n };\n\n const handleCustomPayloadBlur = () => {\n const value = formInst.getFieldValue([parentNamePath, \"customPayload\"]);\n try {\n const json = JSON.stringify(JSON.parse(value), null, 2);\n formInst.setFieldValue([parentNamePath, \"customPayload\"], json);\n } catch {\n return;\n }\n };\n\n return (\n <>\n }\n >\n }\n >\n \n \n handleCustomPayloadChecked(e.target.checked)}>\n {t(\"access.form.dingtalkbot_custom_payload.checkbox\")}\n \n \n \n \n \n \n );\n};\n\nconst getInitialValues = (): Nullish>> => {\n return {\n webhookUrl: \"\",\n secret: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z\n .object({\n webhookUrl: z.url(t(\"common.errmsg.url_invalid\")),\n secret: z.string().nullish(),\n useCustomPayload: z.boolean().nullish(),\n customPayload: z.string().nullish(),\n })\n .superRefine((values, ctx) => {\n if (values.useCustomPayload) {\n if (!isJsonObject(values.customPayload!)) {\n ctx.addIssue({\n code: \"custom\",\n message: t(\"common.errmsg.json_invalid\"),\n path: [\"customPayload\"],\n });\n }\n }\n });\n};\n\nconst commonPayloadString = JSON.stringify(\n {\n msgtype: \"text\",\n text: {\n content: \"${CERTIMATE_NOTIFIER_SUBJECT}\\n\\n${CERTIMATE_NOTIFIER_MESSAGE}\",\n },\n },\n null,\n 2\n);\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDingTalkBot, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDiscordBot.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDiscordBot = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n botToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n botToken: z.string().nonempty(t(\"access.form.discordbot_token.placeholder\")),\n channelId: z.string().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDiscordBot, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDogeCloud.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDogeCloud = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n }\n >\n >> => {\n return {\n accessKey: \"\",\n secretKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n accessKey: z.string().nonempty(t(\"access.form.dogecloud_access_key.placeholder\")),\n secretKey: z.string().nonempty(t(\"access.form.dogecloud_secret_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDogeCloud, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDokploy.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDokploy = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n \n }\n >\n \n >> => {\n return {\n serverUrl: \"http://:3000/\",\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n serverUrl: z.url(t(\"common.errmsg.url_invalid\")),\n apiKey: z.string().nonempty(t(\"access.form.dokploy_api_key.placeholder\")),\n allowInsecureConnections: z.boolean().nullish(),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDokploy, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDuckDNS.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDuckDNS = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n >> => {\n return {\n token: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n token: z.string().nonempty(t(\"access.form.duckdns_token.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDuckDNS, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDynu.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDynu = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n >> => {\n return {\n apiKey: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n apiKey: z.string().nonempty(t(\"access.form.dynu_api_key.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDynu, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderDynv6.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderDynv6 = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const initialValues = getInitialValues();\n\n return (\n <>\n }\n >\n >> => {\n return {\n httpToken: \"\",\n };\n};\n\nconst getSchema = ({ i18n = getI18n() }: { i18n: ReturnType }) => {\n const { t } = i18n;\n\n return z.object({\n httpToken: z.string().nonempty(t(\"access.form.dynv6_http_token.placeholder\")),\n });\n};\n\nconst _default = Object.assign(AccessConfigFormFieldsProviderDynv6, {\n getInitialValues,\n getSchema,\n});\n\nexport default _default;\n"
},
{
"path": "ui/src/components/access/forms/AccessConfigFieldsProviderEmail.tsx",
"content": "import { getI18n, useTranslation } from \"react-i18next\";\nimport { Form, Input, InputNumber, Select, Switch } from \"antd\";\nimport { createSchemaFieldRule } from \"antd-zod\";\nimport { z } from \"zod\";\n\nimport Show from \"@/components/Show\";\nimport { isEmail, isHostname, isPortNumber } from \"@/utils/validator\";\n\nimport { useFormNestedFieldsContext } from \"./_context\";\n\nconst AccessConfigFormFieldsProviderEmail = () => {\n const { i18n, t } = useTranslation();\n\n const { parentNamePath } = useFormNestedFieldsContext();\n const formSchema = z.object({\n [parentNamePath]: getSchema({ i18n }),\n });\n const formRule = createSchemaFieldRule(formSchema);\n const formInst = Form.useFormInstance();\n const initialValues = getInitialValues();\n\n const fieldSmtpTls = Form.useWatch([parentNamePath, \"smtpTls\"], formInst);\n\n return (\n <>\n ![](\"https://i.imgur.com/8xwsLTA.png\")
\n\n## ⭐ Star History\n\nStar Certificate on GitHub and be instantly notified of new releases.\n\n[](https://starchart.cc/certimate-go/certimate)\n"
},
{
"path": "README_zh.md",
"content": "