feat: allow insecure connections in cdnfly, goedge, powerdns

internal/applicant/providers.go

@@ -441,10 +441,11 @@ func createApplicantProvider(options *applicantProviderOptions) (challenge.Provi
 			}
 
 			applicant, err := pPowerDNS.NewChallengeProvider(&pPowerDNS.ChallengeProviderConfig{
-				ApiUrl:                access.ApiUrl,
+				ApiUrl:                   access.ApiUrl,
-				ApiKey:                access.ApiKey,
+				ApiKey:                   access.ApiKey,
-				DnsPropagationTimeout: options.DnsPropagationTimeout,
+				AllowInsecureConnections: access.AllowInsecureConnections,
-				DnsTTL:                options.DnsTTL,
+				DnsPropagationTimeout:    options.DnsPropagationTimeout,
+				DnsTTL:                   options.DnsTTL,
 			})
 			return applicant, err
 		}

internal/deployer/providers.go

@@ -509,12 +509,13 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 			}
 
 			deployer, err := pCdnfly.NewDeployer(&pCdnfly.DeployerConfig{
-				ApiUrl:        access.ApiUrl,
+				ApiUrl:                   access.ApiUrl,
-				ApiKey:        access.ApiKey,
+				ApiKey:                   access.ApiKey,
-				ApiSecret:     access.ApiSecret,
+				ApiSecret:                access.ApiSecret,
-				ResourceType:  pCdnfly.ResourceType(maputil.GetOrDefaultString(options.ProviderExtendedConfig, "resourceType", string(pCdnfly.RESOURCE_TYPE_SITE))),
+				AllowInsecureConnections: access.AllowInsecureConnections,
-				SiteId:        maputil.GetString(options.ProviderExtendedConfig, "siteId"),
+				ResourceType:             pCdnfly.ResourceType(maputil.GetOrDefaultString(options.ProviderExtendedConfig, "resourceType", string(pCdnfly.RESOURCE_TYPE_SITE))),
-				CertificateId: maputil.GetString(options.ProviderExtendedConfig, "certificateId"),
+				SiteId:                   maputil.GetString(options.ProviderExtendedConfig, "siteId"),
+				CertificateId:            maputil.GetString(options.ProviderExtendedConfig, "certificateId"),
 			})
 			return deployer, err
 		}
@@ -577,11 +578,12 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 			}
 
 			deployer, err := pGoEdge.NewDeployer(&pGoEdge.DeployerConfig{
-				ApiUrl:        access.ApiUrl,
+				ApiUrl:                   access.ApiUrl,
-				AccessKeyId:   access.AccessKeyId,
+				AccessKeyId:              access.AccessKeyId,
-				AccessKey:     access.AccessKey,
+				AccessKey:                access.AccessKey,
-				ResourceType:  pGoEdge.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+				AllowInsecureConnections: access.AllowInsecureConnections,
-				CertificateId: maputil.GetInt64(options.ProviderExtendedConfig, "certificateId"),
+				ResourceType:             pGoEdge.ResourceType(maputil.GetString(options.ProviderExtendedConfig, "resourceType")),
+				CertificateId:            maputil.GetInt64(options.ProviderExtendedConfig, "certificateId"),
 			})
 			return deployer, err
 		}

internal/domain/access.go

@@ -74,9 +74,10 @@ type AccessConfigForCacheFly struct {
 }
 
 type AccessConfigForCdnfly struct {
-	ApiUrl    string `json:"apiUrl"`
+	ApiUrl                   string `json:"apiUrl"`
-	ApiKey    string `json:"apiKey"`
+	ApiKey                   string `json:"apiKey"`
-	ApiSecret string `json:"apiSecret"`
+	ApiSecret                string `json:"apiSecret"`
+	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 
 type AccessConfigForCloudflare struct {
@@ -147,9 +148,10 @@ type AccessConfigForGoDaddy struct {
 }
 
 type AccessConfigForGoEdge struct {
-	ApiUrl      string `json:"apiUrl"`
+	ApiUrl                   string `json:"apiUrl"`
-	AccessKeyId string `json:"accessKeyId"`
+	AccessKeyId              string `json:"accessKeyId"`
-	AccessKey   string `json:"accessKey"`
+	AccessKey                string `json:"accessKey"`
+	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 
 type AccessConfigForGoogleTrustServices struct {
@@ -206,8 +208,9 @@ type AccessConfigForPorkbun struct {
 }
 
 type AccessConfigForPowerDNS struct {
-	ApiUrl string `json:"apiUrl"`
+	ApiUrl                   string `json:"apiUrl"`
-	ApiKey string `json:"apiKey"`
+	ApiKey                   string `json:"apiKey"`
+	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
 }
 
 type AccessConfigForQiniu struct {

internal/pkg/core/applicant/acme-dns-01/lego-providers/powerdns/powerdns.go

@@ -1,6 +1,8 @@
 package powerdns
 
 import (
+	"crypto/tls"
+	"net/http"
 	"net/url"
 	"time"
 
@@ -9,10 +11,11 @@ import (
 )
 
 type ChallengeProviderConfig struct {
-	ApiUrl                string `json:"apiUrl"`
+	ApiUrl                   string `json:"apiUrl"`
-	ApiKey                string `json:"apiKey"`
+	ApiKey                   string `json:"apiKey"`
-	DnsPropagationTimeout int32  `json:"dnsPropagationTimeout,omitempty"`
+	AllowInsecureConnections bool   `json:"allowInsecureConnections,omitempty"`
-	DnsTTL                int32  `json:"dnsTTL,omitempty"`
+	DnsPropagationTimeout    int32  `json:"dnsPropagationTimeout,omitempty"`
+	DnsTTL                   int32  `json:"dnsTTL,omitempty"`
 }
 
 func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
@@ -24,6 +27,13 @@ func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider,
 	providerConfig := pdns.NewDefaultConfig()
 	providerConfig.Host = host
 	providerConfig.APIKey = config.ApiKey
+	if config.AllowInsecureConnections {
+		providerConfig.HTTPClient.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: true,
+			},
+		}
+	}
 	if config.DnsPropagationTimeout != 0 {
 		providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
 	}

internal/pkg/core/deployer/providers/1panel-console/1panel_console.go

@@ -79,7 +79,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	return &deployer.DeployResult{}, nil
 }
 
-func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) {
+func createSdkClient(apiUrl, apiKey string, skipTlsVerify bool) (*opsdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid 1panel api url")
 	}
@@ -89,7 +89,7 @@ func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client,
 	}
 
 	client := opsdk.NewClient(apiUrl, apiKey)
-	if allowInsecure {
+	if skipTlsVerify {
 		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}
 

internal/pkg/core/deployer/providers/1panel-site/1panel_site.go

@@ -173,7 +173,7 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	return nil
 }
 
-func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) {
+func createSdkClient(apiUrl, apiKey string, skipTlsVerify bool) (*opsdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid 1panel api url")
 	}
@@ -183,7 +183,7 @@ func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client,
 	}
 
 	client := opsdk.NewClient(apiUrl, apiKey)
-	if allowInsecure {
+	if skipTlsVerify {
 		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}
 

internal/pkg/core/deployer/providers/baotapanel-console/baotapanel_console.go

@@ -82,7 +82,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	return &deployer.DeployResult{}, nil
 }
 
-func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*btsdk.Client, error) {
+func createSdkClient(apiUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid baota api url")
 	}
@@ -92,7 +92,7 @@ func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*btsdk.Client,
 	}
 
 	client := btsdk.NewClient(apiUrl, apiKey)
-	if allowInsecure {
+	if skipTlsVerify {
 		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}
 

internal/pkg/core/deployer/providers/baotapanel-site/baotapanel_site.go

@@ -124,7 +124,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPE
 	return &deployer.DeployResult{}, nil
 }
 
-func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*btsdk.Client, error) {
+func createSdkClient(apiUrl, apiKey string, skipTlsVerify bool) (*btsdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid baota api url")
 	}
@@ -134,7 +134,7 @@ func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*btsdk.Client,
 	}
 
 	client := btsdk.NewClient(apiUrl, apiKey)
-	if allowInsecure {
+	if skipTlsVerify {
 		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}
 

internal/pkg/core/deployer/providers/cdnfly/cdnfly.go

@@ -2,6 +2,7 @@ package cdnfly
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -20,6 +21,8 @@ type DeployerConfig struct {
 	ApiKey string `json:"apiKey"`
 	// Cdnfly 用户端 API Secret。
 	ApiSecret string `json:"apiSecret"`
+	// 是否允许不安全的连接。
+	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
 	// 部署资源类型。
 	ResourceType ResourceType `json:"resourceType"`
 	// 网站 ID。
@@ -43,7 +46,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		panic("config is nil")
 	}
 
-	client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.ApiSecret)
+	client, err := createSdkClient(config.ApiUrl, config.ApiKey, config.ApiSecret, config.AllowInsecureConnections)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
@@ -157,7 +160,7 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	return nil
 }
 
-func createSdkClient(apiUrl, apiKey, apiSecret string) (*cfsdk.Client, error) {
+func createSdkClient(apiUrl, apiKey, apiSecret string, skipTlsVerify bool) (*cfsdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid cachefly api url")
 	}
@@ -171,5 +174,9 @@ func createSdkClient(apiUrl, apiKey, apiSecret string) (*cfsdk.Client, error) {
 	}
 
 	client := cfsdk.NewClient(apiUrl, apiKey, apiSecret)
+	if skipTlsVerify {
+		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+	}
+
 	return client, nil
 }

internal/pkg/core/deployer/providers/cdnfly/cdnfly_test.go

@@ -57,11 +57,12 @@ func TestDeploy(t *testing.T) {
 		}, "\n"))
 
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
-			ApiUrl:        fApiUrl,
+			ApiUrl:                   fApiUrl,
-			ApiKey:        fApiKey,
+			ApiKey:                   fApiKey,
-			ApiSecret:     fApiSecret,
+			ApiSecret:                fApiSecret,
-			ResourceType:  provider.RESOURCE_TYPE_CERTIFICATE,
+			AllowInsecureConnections: true,
-			CertificateId: fCertificateId,
+			ResourceType:             provider.RESOURCE_TYPE_CERTIFICATE,
+			CertificateId:            fCertificateId,
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)

internal/pkg/core/deployer/providers/goedge/goedge.go

@@ -2,6 +2,7 @@ package goedge
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -21,6 +22,8 @@ type DeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// GoEdge 用户 AccessKey。
 	AccessKey string `json:"accessKey"`
+	// 是否允许不安全的连接。
+	AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
 	// 部署资源类型。
 	ResourceType ResourceType `json:"resourceType"`
 	// 证书 ID。
@@ -41,7 +44,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
 		panic("config is nil")
 	}
 
-	client, err := createSdkClient(config.ApiUrl, config.AccessKeyId, config.AccessKey)
+	client, err := createSdkClient(config.ApiUrl, config.AccessKeyId, config.AccessKey, config.AllowInsecureConnections)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create sdk client: %w", err)
 	}
@@ -113,7 +116,7 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	return nil
 }
 
-func createSdkClient(apiUrl, accessKeyId, accessKey string) (*goedgesdk.Client, error) {
+func createSdkClient(apiUrl, accessKeyId, accessKey string, skipTlsVerify bool) (*goedgesdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid goedge api url")
 	}
@@ -127,5 +130,9 @@ func createSdkClient(apiUrl, accessKeyId, accessKey string) (*goedgesdk.Client,
 	}
 
 	client := goedgesdk.NewClient(apiUrl, "user", accessKeyId, accessKey)
+	if skipTlsVerify {
+		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
+	}
+
 	return client, nil
 }

internal/pkg/core/deployer/providers/goedge/goedge_test.go

@@ -57,11 +57,12 @@ func TestDeploy(t *testing.T) {
 		}, "\n"))
 
 		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
-			ApiUrl:        fApiUrl,
+			ApiUrl:                   fApiUrl,
-			AccessKeyId:   fAccessKeyId,
+			AccessKeyId:              fAccessKeyId,
-			AccessKey:     fAccessKey,
+			AccessKey:                fAccessKey,
-			ResourceType:  provider.RESOURCE_TYPE_CERTIFICATE,
+			AllowInsecureConnections: true,
-			CertificateId: int64(fCertificateId),
+			ResourceType:             provider.RESOURCE_TYPE_CERTIFICATE,
+			CertificateId:            int64(fCertificateId),
 		})
 		if err != nil {
 			t.Errorf("err: %+v", err)

internal/pkg/core/deployer/providers/safeline/safeline.go

@@ -98,7 +98,7 @@ func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPEM stri
 	return nil
 }
 
-func createSdkClient(apiUrl, apiToken string, allowInsecure bool) (*safelinesdk.Client, error) {
+func createSdkClient(apiUrl, apiToken string, skipTlsVerify bool) (*safelinesdk.Client, error) {
 	if _, err := url.Parse(apiUrl); err != nil {
 		return nil, errors.New("invalid safeline api url")
 	}
@@ -108,7 +108,7 @@ func createSdkClient(apiUrl, apiToken string, allowInsecure bool) (*safelinesdk.
 	}
 
 	client := safelinesdk.NewClient(apiUrl, apiToken)
-	if allowInsecure {
+	if skipTlsVerify {
 		client.WithTLSConfig(&tls.Config{InsecureSkipVerify: true})
 	}
 

internal/pkg/sdk3rd/cdnfly/client.go

@@ -1,6 +1,7 @@
 package cdnflysdk
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -34,6 +35,11 @@ func (c *Client) WithTimeout(timeout time.Duration) *Client {
 	return c
 }
 
+func (c *Client) WithTLSConfig(config *tls.Config) *Client {
+	c.client.SetTLSClientConfig(config)
+	return c
+}
+
 func (c *Client) sendRequest(method string, path string, params interface{}) (*resty.Response, error) {
 	req := c.client.R()
 	req.Method = method

internal/pkg/sdk3rd/goedge/client.go

@@ -1,6 +1,7 @@
 package goedge
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -41,6 +42,11 @@ func (c *Client) WithTimeout(timeout time.Duration) *Client {
 	return c
 }
 
+func (c *Client) WithTLSConfig(config *tls.Config) *Client {
+	c.client.SetTLSClientConfig(config)
+	return c
+}
+
 func (c *Client) sendRequest(method string, path string, params interface{}) (*resty.Response, error) {
 	req := c.client.R().SetBasicAuth(c.accessKeyId, c.accessKey)
 	req.Method = method

ui/src/components/access/AccessForm1PanelConfig.tsx

@@ -67,12 +67,7 @@ const AccessForm1PanelConfig = ({ form: formInst, formName, disabled, initialVal
         <Input.Password autoComplete="new-password" placeholder={t("access.form.1panel_api_key.placeholder")} />
       </Form.Item>
 
-      <Form.Item
+      <Form.Item name="allowInsecureConnections" label={t("access.form.1panel_allow_insecure_conns.label")} rules={[formRule]}>
-        name="allowInsecureConnections"
-        label={t("access.form.1panel_allow_insecure_conns.label")}
-        rules={[formRule]}
-        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.1panel_allow_insecure_conns.tooltip") }}></span>}
-      >
         <Switch
           checkedChildren={t("access.form.1panel_allow_insecure_conns.switch.on")}
           unCheckedChildren={t("access.form.1panel_allow_insecure_conns.switch.off")}

ui/src/components/access/AccessFormBaotaPanelConfig.tsx

@@ -67,12 +67,7 @@ const AccessFormBaotaPanelConfig = ({ form: formInst, formName, disabled, initia
         <Input.Password autoComplete="new-password" placeholder={t("access.form.baotapanel_api_key.placeholder")} />
       </Form.Item>
 
-      <Form.Item
+      <Form.Item name="allowInsecureConnections" label={t("access.form.baotapanel_allow_insecure_conns.label")} rules={[formRule]}>
-        name="allowInsecureConnections"
-        label={t("access.form.baotapanel_allow_insecure_conns.label")}
-        rules={[formRule]}
-        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.baotapanel_allow_insecure_conns.tooltip") }}></span>}
-      >
         <Switch
           checkedChildren={t("access.form.baotapanel_allow_insecure_conns.switch.on")}
           unCheckedChildren={t("access.form.baotapanel_allow_insecure_conns.switch.off")}

ui/src/components/access/AccessFormCdnflyConfig.tsx

@@ -1,5 +1,5 @@
 import { useTranslation } from "react-i18next";
-import { Form, type FormInstance, Input } from "antd";
+import { Form, type FormInstance, Input, Switch } from "antd";
 import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
@@ -38,6 +38,7 @@ const AccessFormCdnflyConfig = ({ form: formInst, formName, disabled, initialVal
       .min(1, t("access.form.cdnfly_api_secret.placeholder"))
       .max(64, t("common.errmsg.string_max", { max: 64 }))
       .trim(),
+    allowInsecureConnections: z.boolean().nullish(),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -80,6 +81,13 @@ const AccessFormCdnflyConfig = ({ form: formInst, formName, disabled, initialVal
       >
         <Input.Password autoComplete="new-password" placeholder={t("access.form.cdnfly_api_secret.placeholder")} />
       </Form.Item>
+
+      <Form.Item name="allowInsecureConnections" label={t("access.form.cdnfly_allow_insecure_conns.label")} rules={[formRule]}>
+        <Switch
+          checkedChildren={t("access.form.cdnfly_allow_insecure_conns.switch.on")}
+          unCheckedChildren={t("access.form.cdnfly_allow_insecure_conns.switch.off")}
+        />
+      </Form.Item>
     </Form>
   );
 };

ui/src/components/access/AccessFormGoEdgeConfig.tsx

@@ -1,5 +1,5 @@
 import { useTranslation } from "react-i18next";
-import { Form, type FormInstance, Input } from "antd";
+import { Form, type FormInstance, Input, Switch } from "antd";
 import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
@@ -38,6 +38,7 @@ const AccessFormGoEdgeConfig = ({ form: formInst, formName, disabled, initialVal
       .min(1, t("access.form.goedge_access_key.placeholder"))
       .max(64, t("common.errmsg.string_max", { max: 64 }))
       .trim(),
+    allowInsecureConnections: z.boolean().nullish(),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -80,6 +81,13 @@ const AccessFormGoEdgeConfig = ({ form: formInst, formName, disabled, initialVal
       >
         <Input.Password autoComplete="new-password" placeholder={t("access.form.goedge_access_key.placeholder")} />
       </Form.Item>
+
+      <Form.Item name="allowInsecureConnections" label={t("access.form.goedge_allow_insecure_conns.label")} rules={[formRule]}>
+        <Switch
+          checkedChildren={t("access.form.goedge_allow_insecure_conns.switch.on")}
+          unCheckedChildren={t("access.form.goedge_allow_insecure_conns.switch.off")}
+        />
+      </Form.Item>
     </Form>
   );
 };

ui/src/components/access/AccessFormPowerDNSConfig.tsx

@@ -1,5 +1,5 @@
 import { useTranslation } from "react-i18next";
-import { Form, type FormInstance, Input } from "antd";
+import { Form, type FormInstance, Input, Switch } from "antd";
 import { createSchemaFieldRule } from "antd-zod";
 import { z } from "zod";
 
@@ -32,6 +32,7 @@ const AccessFormPowerDNSConfig = ({ form: formInst, formName, disabled, initialV
       .min(1, t("access.form.powerdns_api_key.placeholder"))
       .max(64, t("common.errmsg.string_max", { max: 64 }))
       .trim(),
+    allowInsecureConnections: z.boolean().nullish(),
   });
   const formRule = createSchemaFieldRule(formSchema);
 
@@ -65,6 +66,13 @@ const AccessFormPowerDNSConfig = ({ form: formInst, formName, disabled, initialV
       >
         <Input.Password autoComplete="new-password" placeholder={t("access.form.powerdns_api_key.placeholder")} />
       </Form.Item>
+
+      <Form.Item name="allowInsecureConnections" label={t("access.form.powerdns_allow_insecure_conns.label")} rules={[formRule]}>
+        <Switch
+          checkedChildren={t("access.form.powerdns_allow_insecure_conns.switch.on")}
+          unCheckedChildren={t("access.form.powerdns_allow_insecure_conns.switch.off")}
+        />
+      </Form.Item>
     </Form>
   );
 };

ui/src/components/access/AccessFormSafeLineConfig.tsx

@@ -67,12 +67,7 @@ const AccessFormSafeLineConfig = ({ form: formInst, formName, disabled, initialV
         <Input.Password autoComplete="new-password" placeholder={t("access.form.safeline_api_token.placeholder")} />
       </Form.Item>
 
-      <Form.Item
+      <Form.Item name="allowInsecureConnections" label={t("access.form.safeline_allow_insecure_conns.label")} rules={[formRule]}>
-        name="allowInsecureConnections"
-        label={t("access.form.safeline_allow_insecure_conns.label")}
-        rules={[formRule]}
-        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.safeline_allow_insecure_conns.tooltip") }}></span>}
-      >
         <Switch
           checkedChildren={t("access.form.safeline_allow_insecure_conns.switch.on")}
           unCheckedChildren={t("access.form.safeline_allow_insecure_conns.switch.off")}

ui/src/components/access/AccessFormWebhookConfig.tsx

@@ -352,12 +352,7 @@ const AccessFormWebhookConfig = ({ form: formInst, formName, disabled, initialVa
         </Form.Item>
       </Show>
 
-      <Form.Item
+      <Form.Item name="allowInsecureConnections" label={t("access.form.webhook_allow_insecure_conns.label")} rules={[formRule]}>
-        name="allowInsecureConnections"
-        label={t("access.form.webhook_allow_insecure_conns.label")}
-        rules={[formRule]}
-        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.webhook_allow_insecure_conns.tooltip") }}></span>}
-      >
         <Switch
           checkedChildren={t("access.form.webhook_allow_insecure_conns.switch.on")}
           unCheckedChildren={t("access.form.webhook_allow_insecure_conns.switch.off")}

ui/src/domain/access.ts

@@ -126,6 +126,7 @@ export type AccessConfigForCdnfly = {
   apiUrl: string;
   apiKey: string;
   apiSecret: string;
+  allowInsecureConnections?: boolean;
 };
 
 export type AccessConfigForCloudflare = {
@@ -199,6 +200,7 @@ export type AccessConfigForGoEdge = {
   apiUrl: string;
   accessKeyId: string;
   accessKey: string;
+  allowInsecureConnections?: boolean;
 };
 
 export type AccessConfigForGoogleTrustServices = {
@@ -257,6 +259,7 @@ export type AccessConfigForPorkbun = {
 export type AccessConfigForPowerDNS = {
   apiUrl: string;
   apiKey: string;
+  allowInsecureConnections?: boolean;
 };
 
 export type AccessConfigForQiniu = {

ui/src/i18n/locales/en/nls.access.json

@@ -40,7 +40,6 @@
   "access.form.1panel_api_key.placeholder": "Please enter 1Panel API key",
   "access.form.1panel_api_key.tooltip": "For more information, see <a href=\"https://docs.1panel.pro/dev_manual/api_manual/\" target=\"_blank\">https://docs.1panel.pro/dev_manual/api_manual/</a>",
   "access.form.1panel_allow_insecure_conns.label": "Insecure SSL/TLS connections",
-  "access.form.1panel_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.",
   "access.form.1panel_allow_insecure_conns.switch.on": "Allow",
   "access.form.1panel_allow_insecure_conns.switch.off": "Disallow",
   "access.form.acmehttpreq_endpoint.label": "Endpoint",
@@ -103,7 +102,6 @@
   "access.form.baotapanel_api_key.placeholder": "Please enter aaPanel API key",
   "access.form.baotapanel_api_key.tooltip": "For more information, see <a href=\"https://www.bt.cn/bbs/thread-20376-1-1.html\" target=\"_blank\">https://www.bt.cn/bbs/thread-20376-1-1.html</a>",
   "access.form.baotapanel_allow_insecure_conns.label": "Insecure SSL/TLS connections",
-  "access.form.baotapanel_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.",
   "access.form.baotapanel_allow_insecure_conns.switch.on": "Allow",
   "access.form.baotapanel_allow_insecure_conns.switch.off": "Disallow",
   "access.form.byteplus_access_key.label": "BytePlus AccessKey",
@@ -124,6 +122,9 @@
   "access.form.cdnfly_api_secret.label": "Cdnfly user API secret",
   "access.form.cdnfly_api_secret.placeholder": "Please enter Cdnfly user API secret",
   "access.form.cdnfly_api_secret.tooltip": "For more information, see <a href=\"https://doc.cdnfly.cn/shiyongjieshao.html\" target=\"_blank\">https://doc.cdnfly.cn/shiyongjieshao.html</a>",
+  "access.form.cdnfly_allow_insecure_conns.label": "Insecure SSL/TLS connections",
+  "access.form.cdnfly_allow_insecure_conns.switch.on": "Allow",
+  "access.form.cdnfly_allow_insecure_conns.switch.off": "Disallow",
   "access.form.cloudflare_dns_api_token.label": "Cloudflare DNS API token",
   "access.form.cloudflare_dns_api_token.placeholder": "Please enter Cloudflare DNS API token",
   "access.form.cloudflare_dns_api_token.tooltip": "For more information, see <a href=\"https://developers.cloudflare.com/fundamentals/api/get-started/create-token/\" target=\"_blank\">https://developers.cloudflare.com/fundamentals/api/get-started/create-token/</a>",
@@ -209,6 +210,9 @@
   "access.form.goedge_access_key.label": "GoEdge user AccessKey",
   "access.form.goedge_access_key.placeholder": "Please enter GoEdge user AccessKey",
   "access.form.goedge_access_key.tooltip": "For more information, see <a href=\"https://goedge.cloud/docs/API/Auth.md\" target=\"_blank\">https://goedge.cloud/docs/API/Auth.md</a>",
+  "access.form.goedge_allow_insecure_conns.label": "Insecure SSL/TLS connections",
+  "access.form.goedge_allow_insecure_conns.switch.on": "Allow",
+  "access.form.goedge_allow_insecure_conns.switch.off": "Disallow",
   "access.form.googletrustservices_eab_kid.label": "ACME EAB KID",
   "access.form.googletrustservices_eab_kid.placeholder": "Please enter ACME EAB KID",
   "access.form.googletrustservices_eab_kid.tooltip": "For more information, see <a href=\"https://cloud.google.com/certificate-manager/docs/public-ca-tutorial\" target=\"_blank\">https://cloud.google.com/certificate-manager/docs/public-ca-tutorial</a>",
@@ -273,6 +277,9 @@
   "access.form.powerdns_api_key.label": "PowerDNS API key",
   "access.form.powerdns_api_key.placeholder": "Please enter PowerDNS API key",
   "access.form.powerdns_api_key.tooltip": "For more information, see <a href=\"https://doc.powerdns.com/authoritative/http-api/index.html#enabling-the-api\" target=\"_blank\">https://doc.powerdns.com/authoritative/http-api/index.html#enabling-the-api</a>",
+  "access.form.powerdns_allow_insecure_conns.label": "Insecure SSL/TLS connections",
+  "access.form.powerdns_allow_insecure_conns.switch.on": "Allow",
+  "access.form.powerdns_allow_insecure_conns.switch.off": "Disallow",
   "access.form.qiniu_access_key.label": "Qiniu AccessKey",
   "access.form.qiniu_access_key.placeholder": "Please enter Qiniu AccessKey",
   "access.form.qiniu_access_key.tooltip": "For more information, see <a href=\"https://portal.qiniu.com/\" target=\"_blank\">https://portal.qiniu.com/</a>",
@@ -289,7 +296,6 @@
   "access.form.safeline_api_token.placeholder": "Please enter SafeLine API token",
   "access.form.safeline_api_token.tooltip": "For more information, see <a href=\"https://docs.waf.chaitin.com/en/reference/articles/openapi\" target=\"_blank\">https://docs.waf.chaitin.com/en/reference/articles/openapi</a>",
   "access.form.safeline_allow_insecure_conns.label": "Insecure SSL/TLS connections",
-  "access.form.safeline_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.",
   "access.form.safeline_allow_insecure_conns.switch.on": "Allow",
   "access.form.safeline_allow_insecure_conns.switch.off": "Disallow",
   "access.form.ssh_host.label": "Server host",
@@ -380,7 +386,6 @@
   "access.form.webhook_preset_data.option.serverchan.label": "ServerChan",
   "access.form.webhook_preset_data.option.common.label": "General template",
   "access.form.webhook_allow_insecure_conns.label": "Insecure SSL/TLS connections",
-  "access.form.webhook_allow_insecure_conns.tooltip": "Allowing insecure connections may lead to data leak or tampering. Use this option only when under trusted networks.",
   "access.form.webhook_allow_insecure_conns.switch.on": "Allow",
   "access.form.webhook_allow_insecure_conns.switch.off": "Disallow",
   "access.form.wecombot_webhook_url.label": "WeCom bot Webhook URL",

ui/src/i18n/locales/zh/nls.access.json

@@ -40,7 +40,6 @@
   "access.form.1panel_api_key.placeholder": "请输入 1Panel 接口密钥",
   "access.form.1panel_api_key.tooltip": "这是什么？请参阅 <a href=\"https://1panel.cn/docs/dev_manual/api_manual/\" target=\"_blank\">https://1panel.cn/docs/dev_manual/api_manual/</a>",
   "access.form.1panel_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
-  "access.form.1panel_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。",
   "access.form.1panel_allow_insecure_conns.switch.on": "允许",
   "access.form.1panel_allow_insecure_conns.switch.off": "不允许",
   "access.form.acmehttpreq_endpoint.label": "服务端点",
@@ -94,7 +93,6 @@
   "access.form.baotapanel_api_key.placeholder": "请输入宝塔面板接口密钥",
   "access.form.baotapanel_api_key.tooltip": "这是什么？请参阅 <a href=\"https://www.bt.cn/bbs/thread-113890-1-1.html\" target=\"_blank\">https://www.bt.cn/bbs/thread-113890-1-1.html</a>",
   "access.form.baotapanel_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
-  "access.form.baotapanel_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。",
   "access.form.baotapanel_allow_insecure_conns.switch.on": "允许",
   "access.form.baotapanel_allow_insecure_conns.switch.off": "不允许",
   "access.form.bunny_api_key.label": "Bunny API Key",
@@ -118,6 +116,9 @@
   "access.form.cdnfly_api_secret.label": "Cdnfly 用户端 API Secret",
   "access.form.cdnfly_api_secret.placeholder": "请输入 Cdnfly 用户端 API Secret",
   "access.form.cdnfly_api_secret.tooltip": "这是什么？请参阅 <a href=\"https://doc.cdnfly.cn/shiyongjieshao.html\" target=\"_blank\">https://doc.cdnfly.cn/shiyongjieshao.html</a>",
+  "access.form.cdnfly_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
+  "access.form.cdnfly_allow_insecure_conns.switch.on": "允许",
+  "access.form.cdnfly_allow_insecure_conns.switch.off": "不允许",
   "access.form.cloudflare_dns_api_token.label": "Cloudflare DNS API 令牌",
   "access.form.cloudflare_dns_api_token.placeholder": "请输入 Cloudflare DNS API 令牌",
   "access.form.cloudflare_dns_api_token.tooltip": "这是什么？请参阅 <a href=\"https://developers.cloudflare.com/fundamentals/api/get-started/create-token/\" target=\"_blank\">https://developers.cloudflare.com/fundamentals/api/get-started/create-token/</a>",
@@ -203,6 +204,9 @@
   "access.form.goedge_access_key.label": "GoEdge 用户 AccessKey",
   "access.form.goedge_access_key.placeholder": "请输入 GoEdge 用户 AccessKey",
   "access.form.goedge_access_key.tooltip": "这是什么？请参阅 <a href=\"https://goedge.cloud/docs/API/Auth.md\" target=\"_blank\">https://goedge.cloud/docs/API/Auth.md</a>",
+  "access.form.goedge_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
+  "access.form.goedge_allow_insecure_conns.switch.on": "允许",
+  "access.form.goedge_allow_insecure_conns.switch.off": "不允许",
   "access.form.googletrustservices_eab_kid.label": "ACME EAB KID",
   "access.form.googletrustservices_eab_kid.placeholder": "请输入 ACME EAB KID",
   "access.form.googletrustservices_eab_kid.tooltip": "这是什么？请参阅 <a href=\"https://cloud.google.com/certificate-manager/docs/public-ca-tutorial\" target=\"_blank\">https://cloud.google.com/certificate-manager/docs/public-ca-tutorial</a>",
@@ -267,6 +271,9 @@
   "access.form.powerdns_api_key.label": "PowerDNS API Key",
   "access.form.powerdns_api_key.placeholder": "请输入 PowerDNS API Key",
   "access.form.powerdns_api_key.tooltip": "这是什么？请参阅 <a href=\"https://doc.powerdns.com/authoritative/http-api/index.html#enabling-the-api\" target=\"_blank\">https://doc.powerdns.com/authoritative/http-api/index.html#enabling-the-api</a>",
+  "access.form.powerdns_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
+  "access.form.powerdns_allow_insecure_conns.switch.on": "允许",
+  "access.form.powerdns_allow_insecure_conns.switch.off": "不允许",
   "access.form.qiniu_access_key.label": "七牛云 AccessKey",
   "access.form.qiniu_access_key.placeholder": "请输入七牛云 AccessKey",
   "access.form.qiniu_access_key.tooltip": "这是什么？请参阅 <a href=\"https://portal.qiniu.com/\" target=\"_blank\">https://portal.qiniu.com/</a>",
@@ -283,7 +290,6 @@
   "access.form.safeline_api_token.placeholder": "请输入雷池 API Token",
   "access.form.safeline_api_token.tooltip": "这是什么？请参阅 <a href=\"https://docs.waf-ce.chaitin.cn/zh/%E6%9B%B4%E5%A4%9A%E6%8A%80%E6%9C%AF%E6%96%87%E6%A1%A3/OPENAPI\" target=\"_blank\">https://docs.waf-ce.chaitin.cn/zh/更多技术文档/OPENAPI</a>",
   "access.form.safeline_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
-  "access.form.safeline_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。",
   "access.form.safeline_allow_insecure_conns.switch.on": "允许",
   "access.form.safeline_allow_insecure_conns.switch.off": "不允许",
   "access.form.ssh_host.label": "服务器地址",
@@ -380,7 +386,6 @@
   "access.form.webhook_preset_data.option.serverchan.label": "Server 酱",
   "access.form.webhook_preset_data.option.common.label": "通用模板",
   "access.form.webhook_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
-  "access.form.webhook_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。",
   "access.form.webhook_allow_insecure_conns.switch.on": "允许",
   "access.form.webhook_allow_insecure_conns.switch.off": "不允许",
   "access.form.wecombot_webhook_url.label": "企业微信群机器人 Webhook 地址",