feat: support Profiles Extension

2025-07-18 01:11:55 +08:00 · 2025-06-25 11:26:44 +08:00 · 2025-06-25 11:26:44 +08:00 · 12ef573579
commit 12ef573579
parent 17be487958
7 changed files with 27 additions and 0 deletions
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@ -64,6 +64,7 @@ func NewWithWorkflowNode(config ApplicantWithWorkflowNodeConfig) (Applicant, err
 		CAProviderAccessConfig:  make(map[string]any),
 		CAProviderServiceConfig: nodeCfg.CAProviderConfig,
 		KeyAlgorithm:            nodeCfg.KeyAlgorithm,
+		ACMEProfile:             nodeCfg.ACMEProfile,
 		Nameservers:             xslices.Filter(strings.Split(nodeCfg.Nameservers, ";"), func(s string) bool { return s != "" }),
 		DnsPropagationWait:      nodeCfg.DnsPropagationWait,
 		DnsPropagationTimeout:   nodeCfg.DnsPropagationTimeout,
@ -235,6 +236,7 @@ func applyUseLego(legoProvider challenge.Provider, options *applicantProviderOpt
 	certRequest := certificate.ObtainRequest{
 		Domains: options.Domains,
 		Bundle:  true,
+		Profile: options.ACMEProfile,
 	}
 	if options.ARIReplaceAcct == user.Registration.URI {
 		certRequest.ReplacesCertID = options.ARIReplaceCert
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@ -63,6 +63,7 @@ type applicantProviderOptions struct {
 	DnsPropagationWait      int32
 	DnsPropagationTimeout   int32
 	DnsTTL                  int32
+	ACMEProfile             string
 	DisableFollowCNAME      bool
 	ARIReplaceAcct          string
 	ARIReplaceCert          string
--- a/internal/domain/workflow.go
+++ b/internal/domain/workflow.go
@ -75,6 +75,7 @@ type WorkflowNodeConfigForApply struct {
 	CAProviderAccessId    string         `json:"caProviderAccessId,omitempty"`    // CA 提供商授权记录 ID
 	CAProviderConfig      map[string]any `json:"caProviderConfig,omitempty"`      // CA 提供商额外配置
 	KeyAlgorithm          string         `json:"keyAlgorithm"`                    // 证书算法
+	ACMEProfile           string         `json:"acmeProfile,omitempty"`           // ACME Profiles Extension
 	Nameservers           string         `json:"nameservers,omitempty"`           // DNS 服务器列表，以半角分号分隔
 	DnsPropagationWait    int32          `json:"dnsPropagationWait,omitempty"`    // DNS 传播等待时间，等同于 lego 的 `--dns-propagation-wait` 参数
 	DnsPropagationTimeout int32          `json:"dnsPropagationTimeout,omitempty"` // DNS 传播检查超时时间（零值时使用提供商的默认值）
@ -130,6 +131,7 @@ func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
 		CAProviderAccessId:    xmaps.GetString(n.Config, "caProviderAccessId"),
 		CAProviderConfig:      xmaps.GetKVMapAny(n.Config, "caProviderConfig"),
 		KeyAlgorithm:          xmaps.GetOrDefaultString(n.Config, "keyAlgorithm", string(CertificateKeyAlgorithmTypeRSA2048)),
+		ACMEProfile:           xmaps.GetString(n.Config, "acmeProfile"),
 		Nameservers:           xmaps.GetString(n.Config, "nameservers"),
 		DnsPropagationWait:    xmaps.GetInt32(n.Config, "dnsPropagationWait"),
 		DnsPropagationTimeout: xmaps.GetInt32(n.Config, "dnsPropagationTimeout"),
--- a/ui/src/components/workflow/node/ApplyNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/ApplyNodeConfigForm.tsx
@ -113,6 +113,7 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
        (v) => (v == null || v === "" ? undefined : Number(v)),
        z.number().int(t("workflow_node.apply.form.dns_ttl.placeholder")).gte(1, t("workflow_node.apply.form.dns_ttl.placeholder")).nullish()
      ),
+      acmeProfile: z.string().nullish(),
      disableFollowCNAME: z.boolean().nullish(),
      disableARI: z.boolean().nullish(),
      skipBeforeExpiryDays: z.preprocess(
@ -454,6 +455,20 @@ const ApplyNodeConfigForm = forwardRef<ApplyNodeConfigFormInstance, ApplyNodeCon
              placeholder={t("workflow_node.apply.form.key_algorithm.placeholder")}
            />
          </Form.Item>
+
+          <Form.Item
+            name="acmeProfile"
+            label={t("workflow_node.apply.form.acme_profile.label")}
+            rules={[formRule]}
+            tooltip={<span dangerouslySetInnerHTML={{ __html: t("workflow_node.apply.form.acme_profile.tooltip") }}></span>}
+          >
+            <AutoComplete
+              allowClear
+              options={["classic", "tlsserver", "shortlived"].map((value) => ({ value }))}
+              placeholder={t("workflow_node.apply.form.acme_profile.placeholder")}
+              filterOption={(inputValue, option) => option!.value.toLowerCase().includes(inputValue.toLowerCase())}
+            />
+          </Form.Item>
        </Form>

        <Divider size="small">
--- a/ui/src/domain/workflow.ts
+++ b/ui/src/domain/workflow.ts
@ -151,6 +151,7 @@ export type WorkflowNodeConfigForApply = {
  caProviderAccessId?: string;
  caProviderConfig?: Record<string, unknown>;
  keyAlgorithm: string;
+  acmeProfile?: string;
  nameservers?: string;
  dnsPropagationTimeout?: number;
  dnsTTL?: number;
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@ -71,6 +71,9 @@
  "workflow_node.apply.form.ca_provider_access.button": "Create",
  "workflow_node.apply.form.key_algorithm.label": "Certificate key algorithm",
  "workflow_node.apply.form.key_algorithm.placeholder": "Please select certificate key algorithm",
+  "workflow_node.apply.form.acme_profile.label": "ACME certificate profile (Optional)",
+  "workflow_node.apply.form.acme_profile.placeholder": "Please enter ACME certificate profile",
+  "workflow_node.apply.form.acme_profile.tooltip": "It determines the ACME profile which will be used to affect issuance of the certificate requested. If you don't understand this option, just keep it by default.<a href=\"https://letsencrypt.org/docs/profiles/\" target=\"_blank\">Learn more</a>.",
  "workflow_node.apply.form.advanced_config.label": "Advanced settings",
  "workflow_node.apply.form.nameservers.label": "DNS recursive nameservers (Optional)",
  "workflow_node.apply.form.nameservers.placeholder": "Please enter DNS recursive nameservers (separated by semicolons)",
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@ -70,6 +70,9 @@
  "workflow_node.apply.form.ca_provider_access.button": "新建",
  "workflow_node.apply.form.key_algorithm.label": "证书算法",
  "workflow_node.apply.form.key_algorithm.placeholder": "请选择证书算法",
+  "workflow_node.apply.form.acme_profile.label": "ACME 证书配置（可选）",
+  "workflow_node.apply.form.acme_profile.placeholder": "请输入 ACME 证书配置",
+  "workflow_node.apply.form.acme_profile.tooltip": "表示证书颁发时使用的 ACME 证书配置。如果你不了解该选项的用途，保持默认即可。<a href=\"https://letsencrypt.org/zh-cn/docs/profiles/\" target=\"_blank\">点此了解更多</a>。",
  "workflow_node.apply.form.advanced_config.label": "高级设置",
  "workflow_node.apply.form.nameservers.label": "DNS 递归服务器（可选）",
  "workflow_node.apply.form.nameservers.placeholder": "请输入 DNS 递归服务器（多个值请用半角分号隔开）",