diff --git a/go.mod b/go.mod
index c9cdb902..e5038ab0 100644
--- a/go.mod
+++ b/go.mod
@@ -73,6 +73,8 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcegraph/armresourcegraph v0.9.0 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect
github.com/alibabacloud-go/alibabacloud-gateway-fc-util v0.0.7 // indirect
+ github.com/alibabacloud-go/apig-20240327/v3 v3.2.2 // indirect
+ github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.2 // indirect
github.com/alibabacloud-go/openplatform-20191219/v2 v2.0.1 // indirect
github.com/alibabacloud-go/tea-fileform v1.1.1 // indirect
github.com/alibabacloud-go/tea-oss-sdk v1.1.3 // indirect
@@ -108,6 +110,7 @@ require (
github.com/mailru/easyjson v0.9.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect
+ github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 // indirect
github.com/nrdcg/desec v0.10.0 // indirect
github.com/nrdcg/mailinabox v0.2.0 // indirect
github.com/nrdcg/porkbun v0.4.0 // indirect
diff --git a/go.sum b/go.sum
index f7267783..9caf29d6 100644
--- a/go.sum
+++ b/go.sum
@@ -95,10 +95,14 @@ github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do2
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc=
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8=
github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g=
+github.com/alibabacloud-go/apig-20240327/v3 v3.2.2 h1:yH84ePgqtA2tF3ly7Tf3AA5ogl2SC8kqCNG4+zz4yo4=
+github.com/alibabacloud-go/apig-20240327/v3 v3.2.2/go.mod h1:XLaCapbSH7olJTs42wisDO9JvX9BGy5acZk0bLNejDs=
github.com/alibabacloud-go/cas-20200407/v3 v3.0.4 h1:ngRlctbt135zoujwX0lXSv9m4h1/bmg/yalQS0z1EWc=
github.com/alibabacloud-go/cas-20200407/v3 v3.0.4/go.mod h1:6n9MZ9SH3HlSzfe2oKwjOqhJx3dxvW2gMDO+lq8t9U4=
github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2 h1:+KJOPukTM+xMyiLOW5qBwYKG2df3Ar7coRsqc1juKO8=
github.com/alibabacloud-go/cdn-20180510/v5 v5.2.2/go.mod h1:GnPiPL3HlzCi8SGiLiVgKrAFkP1vTtcF4yGtjsl4wfo=
+github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.2 h1:Ug50clztqiQAy5t0R9Vejibz2Xgxm1Tpw2Y6A9eAwRE=
+github.com/alibabacloud-go/cloudapi-20160714/v5 v5.7.2/go.mod h1:l9Zd2FanDUO2UqHJSPnOv+cY9DVT+YXcr97zfpSHywo=
github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY=
github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI=
github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE=
@@ -651,6 +655,8 @@ github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJm
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nikoksr/notify v1.3.0 h1:UxzfxzAYGQD9a5JYLBTVx0lFMxeHCke3rPCkfWdPgLs=
github.com/nikoksr/notify v1.3.0/go.mod h1:Xor2hMmkvrCfkCKvXGbcrESez4brac2zQjhd6U2BbeM=
+github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3 h1:ouZ2JWDl8IW5k1qugYbmpbmW8hn85Ig6buSMBRlz3KI=
+github.com/nrdcg/bunny-go v0.0.0-20240207213615-dde5bf4577a3/go.mod h1:ZwadWt7mVhMHMbAQ1w8IhDqtWO3eWqWq72W7trnaiE8=
github.com/nrdcg/desec v0.10.0 h1:qrEDiqnsvNU9QE7lXIXi/tIHAfyaFXKxF2/8/52O8uM=
github.com/nrdcg/desec v0.10.0/go.mod h1:5+4vyhMRTs49V9CNoODF/HwT8Mwxv9DJ6j+7NekUnBs=
github.com/nrdcg/mailinabox v0.2.0 h1:IKq8mfKiVwNW2hQii/ng1dJ4yYMMv3HAP3fMFIq2CFk=
diff --git a/internal/applicant/providers.go b/internal/applicant/providers.go
index 74a12678..ddecad7c 100644
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -11,6 +11,7 @@ import (
pAWSRoute53 "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws-route53"
pAzureDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/azure-dns"
pBaiduCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/baiducloud"
+ pBunny "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny"
pCloudflare "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare"
pClouDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudns"
pCMCCCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cmcccloud"
@@ -128,6 +129,21 @@ func createApplicant(options *applicantOptions) (challenge.Provider, error) {
return applicant, err
}
+ case domain.ApplyDNSProviderTypeBunny:
+ {
+ access := domain.AccessConfigForBunny{}
+ if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+ return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+ }
+
+ applicant, err := pBunny.NewChallengeProvider(&pBunny.ChallengeProviderConfig{
+ ApiKey: access.ApiKey,
+ DnsPropagationTimeout: options.DnsPropagationTimeout,
+ DnsTTL: options.DnsTTL,
+ })
+ return applicant, err
+ }
+
case domain.ApplyDNSProviderTypeCloudflare:
{
access := domain.AccessConfigForCloudflare{}
diff --git a/internal/deployer/providers.go b/internal/deployer/providers.go
index c2136d20..71874c90 100644
--- a/internal/deployer/providers.go
+++ b/internal/deployer/providers.go
@@ -9,6 +9,7 @@ import (
p1PanelConsole "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-console"
p1PanelSite "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/1panel-site"
pAliyunALB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-alb"
+ pAliyunAPIGW "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-apigw"
pAliyunCAS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cas"
pAliyunCASDeploy "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cas-deploy"
pAliyunCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cdn"
@@ -31,6 +32,7 @@ import (
pBaishanCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baishan-cdn"
pBaotaPanelConsole "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baotapanel-console"
pBaotaPanelSite "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baotapanel-site"
+ pBunnyCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/bunny-cdn"
pBytePlusCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/byteplus-cdn"
pCacheFly "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/cachefly"
pCdnfly "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/cdnfly"
@@ -108,7 +110,9 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
ApiUrl: access.ApiUrl,
ApiKey: access.ApiKey,
AllowInsecureConnections: access.AllowInsecureConnections,
+ ResourceType: p1PanelSite.ResourceType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "resourceType", string(p1PanelSite.RESOURCE_TYPE_WEBSITE))),
WebsiteId: maputil.GetInt64(options.ProviderDeployConfig, "websiteId"),
+ CertificateId: maputil.GetInt64(options.ProviderDeployConfig, "certificateId"),
})
return deployer, err
@@ -117,7 +121,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
}
}
- case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunCAS, domain.DeployProviderTypeAliyunCASDeploy, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunESA, domain.DeployProviderTypeAliyunFC, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS, domain.DeployProviderTypeAliyunVOD, domain.DeployProviderTypeAliyunWAF:
+ case domain.DeployProviderTypeAliyunALB, domain.DeployProviderTypeAliyunAPIGW, domain.DeployProviderTypeAliyunCAS, domain.DeployProviderTypeAliyunCASDeploy, domain.DeployProviderTypeAliyunCDN, domain.DeployProviderTypeAliyunCLB, domain.DeployProviderTypeAliyunDCDN, domain.DeployProviderTypeAliyunESA, domain.DeployProviderTypeAliyunFC, domain.DeployProviderTypeAliyunLive, domain.DeployProviderTypeAliyunNLB, domain.DeployProviderTypeAliyunOSS, domain.DeployProviderTypeAliyunVOD, domain.DeployProviderTypeAliyunWAF:
{
access := domain.AccessConfigForAliyun{}
if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -137,6 +141,18 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
})
return deployer, err
+ case domain.DeployProviderTypeAliyunAPIGW:
+ deployer, err := pAliyunAPIGW.NewDeployer(&pAliyunAPIGW.DeployerConfig{
+ AccessKeyId: access.AccessKeyId,
+ AccessKeySecret: access.AccessKeySecret,
+ Region: maputil.GetString(options.ProviderDeployConfig, "region"),
+ ServiceType: pAliyunAPIGW.ServiceType(maputil.GetString(options.ProviderDeployConfig, "serviceType")),
+ GatewayId: maputil.GetString(options.ProviderDeployConfig, "gatewayId"),
+ GroupId: maputil.GetString(options.ProviderDeployConfig, "groupId"),
+ Domain: maputil.GetString(options.ProviderDeployConfig, "domain"),
+ })
+ return deployer, err
+
case domain.DeployProviderTypeAliyunCAS:
deployer, err := pAliyunCAS.NewDeployer(&pAliyunCAS.DeployerConfig{
AccessKeyId: access.AccessKeyId,
@@ -297,11 +313,12 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
switch options.Provider {
case domain.DeployProviderTypeAzureKeyVault:
deployer, err := pAzureKeyVault.NewDeployer(&pAzureKeyVault.DeployerConfig{
- TenantId: access.TenantId,
- ClientId: access.ClientId,
- ClientSecret: access.ClientSecret,
- CloudName: access.CloudName,
- KeyVaultName: maputil.GetString(options.ProviderDeployConfig, "keyvaultName"),
+ TenantId: access.TenantId,
+ ClientId: access.ClientId,
+ ClientSecret: access.ClientSecret,
+ CloudName: access.CloudName,
+ KeyVaultName: maputil.GetString(options.ProviderDeployConfig, "keyvaultName"),
+ CertificateName: maputil.GetString(options.ProviderDeployConfig, "certificateName"),
})
return deployer, err
@@ -416,6 +433,21 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
}
}
+ case domain.DeployProviderTypeBunnyCDN:
+ {
+ access := domain.AccessConfigForBunny{}
+ if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
+ return nil, fmt.Errorf("failed to populate provider access config: %w", err)
+ }
+
+ deployer, err := pBunnyCDN.NewDeployer(&pBunnyCDN.DeployerConfig{
+ ApiKey: access.ApiKey,
+ PullZoneId: maputil.GetString(options.ProviderDeployConfig, "pullZoneId"),
+ HostName: maputil.GetString(options.ProviderDeployConfig, "hostName"),
+ })
+ return deployer, err
+ }
+
case domain.DeployProviderTypeBytePlusCDN:
{
access := domain.AccessConfigForBytePlus{}
@@ -461,7 +493,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
ApiUrl: access.ApiUrl,
ApiKey: access.ApiKey,
ApiSecret: access.ApiSecret,
- ResourceType: pCdnfly.ResourceType(maputil.GetString(options.ProviderDeployConfig, "resourceType")),
+ ResourceType: pCdnfly.ResourceType(maputil.GetOrDefaultString(options.ProviderDeployConfig, "resourceType", string(pCdnfly.RESOURCE_TYPE_SITE))),
SiteId: maputil.GetString(options.ProviderDeployConfig, "siteId"),
CertificateId: maputil.GetString(options.ProviderDeployConfig, "certificateId"),
})
@@ -1016,6 +1048,7 @@ func createDeployer(options *deployerOptions) (deployer.Deployer, error) {
deployer, err := pWangsuCDNPro.NewDeployer(&pWangsuCDNPro.DeployerConfig{
AccessKeyId: access.AccessKeyId,
AccessKeySecret: access.AccessKeySecret,
+ ApiKey: access.ApiKey,
Environment: maputil.GetOrDefaultString(options.ProviderDeployConfig, "environment", "production"),
Domain: maputil.GetString(options.ProviderDeployConfig, "domain"),
CertificateId: maputil.GetString(options.ProviderDeployConfig, "certificateId"),
diff --git a/internal/domain/access.go b/internal/domain/access.go
index 9e419eaa..fdceae48 100644
--- a/internal/domain/access.go
+++ b/internal/domain/access.go
@@ -64,6 +64,10 @@ type AccessConfigForBytePlus struct {
SecretKey string `json:"secretKey"`
}
+type AccessConfigForBunny struct {
+ ApiKey string `json:"apiKey"`
+}
+
type AccessConfigForCacheFly struct {
ApiToken string `json:"apiToken"`
}
@@ -231,6 +235,7 @@ type AccessConfigForVolcEngine struct {
type AccessConfigForWangsu struct {
AccessKeyId string `json:"accessKeyId"`
AccessKeySecret string `json:"accessKeySecret"`
+ ApiKey string `json:"apiKey"`
}
type AccessConfigForWebhook struct {
diff --git a/internal/domain/provider.go b/internal/domain/provider.go
index 668612f7..5c000b3d 100644
--- a/internal/domain/provider.go
+++ b/internal/domain/provider.go
@@ -104,6 +104,7 @@ const (
ApplyDNSProviderTypeAzureDNS = ApplyDNSProviderType("azure-dns")
ApplyDNSProviderTypeBaiduCloud = ApplyDNSProviderType("baiducloud") // 兼容旧值,等同于 [ApplyDNSProviderTypeBaiduCloudDNS]
ApplyDNSProviderTypeBaiduCloudDNS = ApplyDNSProviderType("baiducloud-dns")
+ ApplyDNSProviderTypeBunny = ApplyDNSProviderType("bunny")
ApplyDNSProviderTypeCloudflare = ApplyDNSProviderType("cloudflare")
ApplyDNSProviderTypeClouDNS = ApplyDNSProviderType("cloudns")
ApplyDNSProviderTypeCMCCCloud = ApplyDNSProviderType("cmcccloud")
@@ -146,6 +147,7 @@ const (
DeployProviderType1PanelConsole = DeployProviderType("1panel-console")
DeployProviderType1PanelSite = DeployProviderType("1panel-site")
DeployProviderTypeAliyunALB = DeployProviderType("aliyun-alb")
+ DeployProviderTypeAliyunAPIGW = DeployProviderType("aliyun-apigw")
DeployProviderTypeAliyunCAS = DeployProviderType("aliyun-cas")
DeployProviderTypeAliyunCASDeploy = DeployProviderType("aliyun-casdeploy")
DeployProviderTypeAliyunCDN = DeployProviderType("aliyun-cdn")
@@ -168,6 +170,7 @@ const (
DeployProviderTypeBaishanCDN = DeployProviderType("baishan-cdn")
DeployProviderTypeBaotaPanelConsole = DeployProviderType("baotapanel-console")
DeployProviderTypeBaotaPanelSite = DeployProviderType("baotapanel-site")
+ DeployProviderTypeBunnyCDN = DeployProviderType("bunny-cdn")
DeployProviderTypeBytePlusCDN = DeployProviderType("byteplus-cdn")
DeployProviderTypeCacheFly = DeployProviderType("cachefly")
DeployProviderTypeCdnfly = DeployProviderType("cdnfly")
diff --git a/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go b/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go
new file mode 100644
index 00000000..558f7773
--- /dev/null
+++ b/internal/pkg/core/applicant/acme-dns-01/lego-providers/bunny/bunny.go
@@ -0,0 +1,36 @@
+package bunny
+
+import (
+ "time"
+
+ "github.com/go-acme/lego/v4/challenge"
+ "github.com/go-acme/lego/v4/providers/dns/bunny"
+)
+
+type ChallengeProviderConfig struct {
+ ApiKey string `json:"apiKey"`
+ DnsPropagationTimeout int32 `json:"dnsPropagationTimeout,omitempty"`
+ DnsTTL int32 `json:"dnsTTL,omitempty"`
+}
+
+func NewChallengeProvider(config *ChallengeProviderConfig) (challenge.Provider, error) {
+ if config == nil {
+ panic("config is nil")
+ }
+
+ providerConfig := bunny.NewDefaultConfig()
+ providerConfig.APIKey = config.ApiKey
+ if config.DnsPropagationTimeout != 0 {
+ providerConfig.PropagationTimeout = time.Duration(config.DnsPropagationTimeout) * time.Second
+ }
+ if config.DnsTTL != 0 {
+ providerConfig.TTL = int(config.DnsTTL)
+ }
+
+ provider, err := bunny.NewDNSProviderConfig(providerConfig)
+ if err != nil {
+ return nil, err
+ }
+
+ return provider, nil
+}
diff --git a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
index 6aa34607..24f5daa3 100644
--- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
+++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site.go
@@ -4,6 +4,7 @@ import (
"context"
"crypto/tls"
"errors"
+ "fmt"
"log/slog"
"net/url"
"strconv"
@@ -23,8 +24,14 @@ type DeployerConfig struct {
ApiKey string `json:"apiKey"`
// 是否允许不安全的连接。
AllowInsecureConnections bool `json:"allowInsecureConnections,omitempty"`
+ // 部署资源类型。
+ ResourceType ResourceType `json:"resourceType"`
// 网站 ID。
- WebsiteId int64 `json:"websiteId"`
+ // 部署资源类型为 [RESOURCE_TYPE_WEBSITE] 时必填。
+ WebsiteId int64 `json:"websiteId,omitempty"`
+ // 证书 ID。
+ // 部署资源类型为 [RESOURCE_TYPE_CERTIFICATE] 时必填。
+ CertificateId int64 `json:"certificateId,omitempty"`
}
type DeployerProvider struct {
@@ -73,6 +80,30 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
}
func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+ // 根据部署资源类型决定部署方式
+ switch d.config.ResourceType {
+ case RESOURCE_TYPE_WEBSITE:
+ if err := d.deployToWebsite(ctx, certPem, privkeyPem); err != nil {
+ return nil, err
+ }
+
+ case RESOURCE_TYPE_CERTIFICATE:
+ if err := d.deployToCertificate(ctx, certPem, privkeyPem); err != nil {
+ return nil, err
+ }
+
+ default:
+ return nil, fmt.Errorf("unsupported resource type: %s", d.config.ResourceType)
+ }
+
+ return &deployer.DeployResult{}, nil
+}
+
+func (d *DeployerProvider) deployToWebsite(ctx context.Context, certPem string, privkeyPem string) error {
+ if d.config.WebsiteId == 0 {
+ return errors.New("config `websiteId` is required")
+ }
+
// 获取网站 HTTPS 配置
getHttpsConfReq := &opsdk.GetHttpsConfRequest{
WebsiteID: d.config.WebsiteId,
@@ -80,13 +111,13 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
getHttpsConfResp, err := d.sdkClient.GetHttpsConf(getHttpsConfReq)
d.logger.Debug("sdk request '1panel.GetHttpsConf'", slog.Any("request", getHttpsConfReq), slog.Any("response", getHttpsConfResp))
if err != nil {
- return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.GetHttpsConf'")
+ return xerrors.Wrap(err, "failed to execute sdk request '1panel.GetHttpsConf'")
}
// 上传证书到面板
upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
if err != nil {
- return nil, xerrors.Wrap(err, "failed to upload certificate file")
+ return xerrors.Wrap(err, "failed to upload certificate file")
} else {
d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
}
@@ -106,10 +137,42 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
updateHttpsConfResp, err := d.sdkClient.UpdateHttpsConf(updateHttpsConfReq)
d.logger.Debug("sdk request '1panel.UpdateHttpsConf'", slog.Any("request", updateHttpsConfReq), slog.Any("response", updateHttpsConfResp))
if err != nil {
- return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateHttpsConf'")
+ return xerrors.Wrap(err, "failed to execute sdk request '1panel.UpdateHttpsConf'")
}
- return &deployer.DeployResult{}, nil
+ return nil
+}
+
+func (d *DeployerProvider) deployToCertificate(ctx context.Context, certPem string, privkeyPem string) error {
+ if d.config.CertificateId == 0 {
+ return errors.New("config `certificateId` is required")
+ }
+
+ // 获取证书详情
+ getWebsiteSSLReq := &opsdk.GetWebsiteSSLRequest{
+ SSLID: d.config.CertificateId,
+ }
+ getWebsiteSSLResp, err := d.sdkClient.GetWebsiteSSL(getWebsiteSSLReq)
+ d.logger.Debug("sdk request '1panel.GetWebsiteSSL'", slog.Any("request", getWebsiteSSLReq), slog.Any("response", getWebsiteSSLResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request '1panel.GetWebsiteSSL'")
+ }
+
+ // 更新证书
+ uploadWebsiteSSLReq := &opsdk.UploadWebsiteSSLRequest{
+ Type: "paste",
+ SSLID: d.config.CertificateId,
+ Description: getWebsiteSSLResp.Data.Description,
+ Certificate: certPem,
+ PrivateKey: privkeyPem,
+ }
+ uploadWebsiteSSLResp, err := d.sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
+ d.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request '1panel.UploadWebsiteSSL'")
+ }
+
+ return nil
}
func createSdkClient(apiUrl, apiKey string, allowInsecure bool) (*opsdk.Client, error) {
diff --git a/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go b/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go
index 1be2444d..5815fd5e 100644
--- a/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go
+++ b/internal/pkg/core/deployer/providers/1panel-site/1panel_site_test.go
@@ -20,7 +20,7 @@ var (
)
func init() {
- argsPrefix := "CERTIMATE_DEPLOYER_1PANELCONSOLE_"
+ argsPrefix := "CERTIMATE_DEPLOYER_1PANELSITE_"
flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
@@ -32,12 +32,12 @@ func init() {
/*
Shell command to run this test:
- go test -v ./1panel_console_test.go -args \
- --CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
- --CERTIMATE_DEPLOYER_1PANELCONSOLE_INPUTKEYPATH="/path/to/your-input-key.pem" \
- --CERTIMATE_DEPLOYER_1PANELCONSOLE_APIURL="http://127.0.0.1:20410" \
- --CERTIMATE_DEPLOYER_1PANELCONSOLE_APIKEY="your-api-key" \
- --CERTIMATE_DEPLOYER_1PANELCONSOLE_WEBSITEID="your-website-id"
+ go test -v ./1panel_site_test.go -args \
+ --CERTIMATE_DEPLOYER_1PANELSITE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+ --CERTIMATE_DEPLOYER_1PANELSITE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+ --CERTIMATE_DEPLOYER_1PANELSITE_APIURL="http://127.0.0.1:20410" \
+ --CERTIMATE_DEPLOYER_1PANELSITE_APIKEY="your-api-key" \
+ --CERTIMATE_DEPLOYER_1PANELSITE_WEBSITEID="your-website-id"
*/
func TestDeploy(t *testing.T) {
flag.Parse()
@@ -55,8 +55,9 @@ func TestDeploy(t *testing.T) {
deployer, err := provider.NewDeployer(&provider.DeployerConfig{
ApiUrl: fApiUrl,
ApiKey: fApiKey,
- WebsiteId: fWebsiteId,
AllowInsecureConnections: true,
+ ResourceType: provider.RESOURCE_TYPE_WEBSITE,
+ WebsiteId: fWebsiteId,
})
if err != nil {
t.Errorf("err: %+v", err)
diff --git a/internal/pkg/core/deployer/providers/1panel-site/consts.go b/internal/pkg/core/deployer/providers/1panel-site/consts.go
new file mode 100644
index 00000000..caba1d5c
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/1panel-site/consts.go
@@ -0,0 +1,10 @@
+package onepanelsite
+
+type ResourceType string
+
+const (
+ // 资源类型:替换指定网站的证书。
+ RESOURCE_TYPE_WEBSITE = ResourceType("website")
+ // 资源类型:替换指定证书。
+ RESOURCE_TYPE_CERTIFICATE = ResourceType("certificate")
+)
diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go
new file mode 100644
index 00000000..12b43616
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw.go
@@ -0,0 +1,269 @@
+package aliyunapigw
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "log/slog"
+ "strings"
+ "time"
+
+ aliapig "github.com/alibabacloud-go/apig-20240327/v3/client"
+ alicloudapi "github.com/alibabacloud-go/cloudapi-20160714/v5/client"
+ aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+ "github.com/alibabacloud-go/tea/tea"
+ xerrors "github.com/pkg/errors"
+
+ "github.com/usual2970/certimate/internal/pkg/core/deployer"
+ "github.com/usual2970/certimate/internal/pkg/core/uploader"
+ uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
+)
+
+type DeployerConfig struct {
+ // 阿里云 AccessKeyId。
+ AccessKeyId string `json:"accessKeyId"`
+ // 阿里云 AccessKeySecret。
+ AccessKeySecret string `json:"accessKeySecret"`
+ // 阿里云地域。
+ Region string `json:"region"`
+ // 服务类型。
+ ServiceType ServiceType `json:"serviceType"`
+ // API 网关 ID。
+ // 服务类型为 [SERVICE_TYPE_CLOUDNATIVE] 时必填。
+ GatewayId string `json:"gatewayId,omitempty"`
+ // API 分组 ID。
+ // 服务类型为 [SERVICE_TYPE_TRADITIONAL] 时必填。
+ GroupId string `json:"groupId,omitempty"`
+ // 自定义域名(支持泛域名)。
+ Domain string `json:"domain"`
+}
+
+type DeployerProvider struct {
+ config *DeployerConfig
+ logger *slog.Logger
+ sdkClients *wSdkClients
+ sslUploader uploader.Uploader
+}
+
+type wSdkClients struct {
+ CloudNativeAPIGateway *aliapig.Client
+ TraditionalAPIGateway *alicloudapi.Client
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+ if config == nil {
+ panic("config is nil")
+ }
+
+ clients, err := createSdkClients(config.AccessKeyId, config.AccessKeySecret, config.Region)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to create sdk clients")
+ }
+
+ uploader, err := createSslUploader(config.AccessKeyId, config.AccessKeySecret, config.Region)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+ }
+
+ return &DeployerProvider{
+ config: config,
+ logger: slog.Default(),
+ sdkClients: clients,
+ sslUploader: uploader,
+ }, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
+ if logger == nil {
+ d.logger = slog.Default()
+ } else {
+ d.logger = logger
+ }
+ return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+ switch d.config.ServiceType {
+ case SERVICE_TYPE_TRADITIONAL:
+ if err := d.deployToTraditional(ctx, certPem, privkeyPem); err != nil {
+ return nil, err
+ }
+
+ case SERVICE_TYPE_CLOUDNATIVE:
+ if err := d.deployToCloudNative(ctx, certPem, privkeyPem); err != nil {
+ return nil, err
+ }
+
+ default:
+ return nil, xerrors.Errorf("unsupported service type: %s", string(d.config.ServiceType))
+ }
+
+ return &deployer.DeployResult{}, nil
+}
+
+func (d *DeployerProvider) deployToTraditional(ctx context.Context, certPem string, privkeyPem string) error {
+ if d.config.GroupId == "" {
+ return errors.New("config `groupId` is required")
+ }
+ if d.config.Domain == "" {
+ return errors.New("config `domain` is required")
+ }
+
+ // 为自定义域名添加 SSL 证书
+ // REF: https://help.aliyun.com/zh/api-gateway/traditional-api-gateway/developer-reference/api-cloudapi-2016-07-14-setdomaincertificate
+ setDomainCertificateReq := &alicloudapi.SetDomainCertificateRequest{
+ GroupId: tea.String(d.config.GroupId),
+ DomainName: tea.String(d.config.Domain),
+ CertificateName: tea.String(fmt.Sprintf("certimate_%d", time.Now().UnixMilli())),
+ CertificateBody: tea.String(certPem),
+ CertificatePrivateKey: tea.String(privkeyPem),
+ }
+ setDomainCertificateResp, err := d.sdkClients.TraditionalAPIGateway.SetDomainCertificate(setDomainCertificateReq)
+ d.logger.Debug("sdk request 'apigateway.SetDomainCertificate'", slog.Any("request", setDomainCertificateReq), slog.Any("response", setDomainCertificateResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'apigateway.SetDomainCertificate'")
+ }
+
+ return nil
+}
+
+func (d *DeployerProvider) deployToCloudNative(ctx context.Context, certPem string, privkeyPem string) error {
+ if d.config.GatewayId == "" {
+ return errors.New("config `gatewayId` is required")
+ }
+ if d.config.Domain == "" {
+ return errors.New("config `domain` is required")
+ }
+
+ // 遍历查询域名列表,获取域名 ID
+ // REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-listdomains
+ var domainId string
+ listDomainsPageNumber := int32(1)
+ listDomainsPageSize := int32(10)
+ for {
+ listDomainsReq := &aliapig.ListDomainsRequest{
+ GatewayId: tea.String(d.config.GatewayId),
+ NameLike: tea.String(d.config.Domain),
+ PageNumber: tea.Int32(listDomainsPageNumber),
+ PageSize: tea.Int32(listDomainsPageSize),
+ }
+ listDomainsResp, err := d.sdkClients.CloudNativeAPIGateway.ListDomains(listDomainsReq)
+ d.logger.Debug("sdk request 'apig.ListDomains'", slog.Any("request", listDomainsReq), slog.Any("response", listDomainsResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'apig.ListDomains'")
+ }
+
+ if listDomainsResp.Body.Data.Items != nil {
+ for _, domainInfo := range listDomainsResp.Body.Data.Items {
+ if strings.EqualFold(tea.StringValue(domainInfo.Name), d.config.Domain) {
+ domainId = tea.StringValue(domainInfo.DomainId)
+ break
+ }
+ }
+
+ if domainId != "" {
+ break
+ }
+ }
+
+ if listDomainsResp.Body.Data.Items == nil || len(listDomainsResp.Body.Data.Items) < int(listDomainsPageSize) {
+ break
+ } else {
+ listDomainsPageNumber++
+ }
+ }
+ if domainId == "" {
+ return errors.New("domain not found")
+ }
+
+ // 查询域名
+ // REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-getdomain
+ getDomainReq := &aliapig.GetDomainRequest{}
+ getDomainResp, err := d.sdkClients.CloudNativeAPIGateway.GetDomain(tea.String(domainId), getDomainReq)
+ d.logger.Debug("sdk request 'apig.GetDomain'", slog.Any("domainId", domainId), slog.Any("request", getDomainReq), slog.Any("response", getDomainResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'apig.GetDomain'")
+ }
+
+ // 上传证书到 CAS
+ upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+ if err != nil {
+ return xerrors.Wrap(err, "failed to upload certificate file")
+ } else {
+ d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
+ }
+
+ // 更新域名
+ // REF: https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/developer-reference/api-apig-2024-03-27-updatedomain
+ updateDomainReq := &aliapig.UpdateDomainRequest{
+ Protocol: tea.String("HTTPS"),
+ ForceHttps: getDomainResp.Body.Data.ForceHttps,
+ MTLSEnabled: getDomainResp.Body.Data.MTLSEnabled,
+ Http2Option: getDomainResp.Body.Data.Http2Option,
+ TlsMin: getDomainResp.Body.Data.TlsMin,
+ TlsMax: getDomainResp.Body.Data.TlsMax,
+ TlsCipherSuitesConfig: getDomainResp.Body.Data.TlsCipherSuitesConfig,
+ CertIdentifier: tea.String(upres.ExtendedData["certIdentifier"].(string)),
+ }
+ updateDomainResp, err := d.sdkClients.CloudNativeAPIGateway.UpdateDomain(tea.String(domainId), updateDomainReq)
+ d.logger.Debug("sdk request 'apig.UpdateDomain'", slog.Any("domainId", domainId), slog.Any("request", updateDomainReq), slog.Any("response", updateDomainResp))
+ if err != nil {
+ return xerrors.Wrap(err, "failed to execute sdk request 'apig.UpdateDomain'")
+ }
+
+ return nil
+}
+
+func createSdkClients(accessKeyId, accessKeySecret, region string) (*wSdkClients, error) {
+ // 接入点一览 https://api.aliyun.com/product/APIG
+ cloudNativeAPIGEndpoint := fmt.Sprintf("apig.%s.aliyuncs.com", region)
+ cloudNativeAPIGConfig := &aliopen.Config{
+ AccessKeyId: tea.String(accessKeyId),
+ AccessKeySecret: tea.String(accessKeySecret),
+ Endpoint: tea.String(cloudNativeAPIGEndpoint),
+ }
+ cloudNativeAPIGClient, err := aliapig.NewClient(cloudNativeAPIGConfig)
+ if err != nil {
+ return nil, err
+ }
+
+ // 接入点一览 https://api.aliyun.com/product/CloudAPI
+ traditionalAPIGEndpoint := fmt.Sprintf("apigateway.%s.aliyuncs.com", region)
+ traditionalAPIGConfig := &aliopen.Config{
+ AccessKeyId: tea.String(accessKeyId),
+ AccessKeySecret: tea.String(accessKeySecret),
+ Endpoint: tea.String(traditionalAPIGEndpoint),
+ }
+ traditionalAPIGClient, err := alicloudapi.NewClient(traditionalAPIGConfig)
+ if err != nil {
+ return nil, err
+ }
+
+ return &wSdkClients{
+ CloudNativeAPIGateway: cloudNativeAPIGClient,
+ TraditionalAPIGateway: traditionalAPIGClient,
+ }, nil
+}
+
+func createSslUploader(accessKeyId, accessKeySecret, region string) (uploader.Uploader, error) {
+ casRegion := region
+ if casRegion != "" {
+ // 阿里云 CAS 服务接入点是独立于 APIGateway 服务的
+ // 国内版固定接入点:华东一杭州
+ // 国际版固定接入点:亚太东南一新加坡
+ if casRegion != "" && !strings.HasPrefix(casRegion, "cn-") {
+ casRegion = "ap-southeast-1"
+ } else {
+ casRegion = "cn-hangzhou"
+ }
+ }
+
+ uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+ AccessKeyId: accessKeyId,
+ AccessKeySecret: accessKeySecret,
+ Region: casRegion,
+ })
+ return uploader, err
+}
diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go
new file mode 100644
index 00000000..dab028e2
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/aliyun-apigw/aliyun_apigw_test.go
@@ -0,0 +1,95 @@
+package aliyunapigw_test
+
+import (
+ "context"
+ "flag"
+ "fmt"
+ "os"
+ "strings"
+ "testing"
+
+ provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-apigw"
+)
+
+var (
+ fInputCertPath string
+ fInputKeyPath string
+ fAccessKeyId string
+ fAccessKeySecret string
+ fRegion string
+ fServiceType string
+ fGatewayId string
+ fGroupId string
+ fDomain string
+)
+
+func init() {
+ argsPrefix := "CERTIMATE_DEPLOYER_ALIYUNAPIGW_"
+
+ flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+ flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+ flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+ flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+ flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
+ flag.StringVar(&fGatewayId, argsPrefix+"GATEWARYID", "", "")
+ flag.StringVar(&fGroupId, argsPrefix+"GROUPID", "", "")
+ flag.StringVar(&fServiceType, argsPrefix+"SERVICETYPE", "", "")
+ flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
+}
+
+/*
+Shell command to run this test:
+
+ go test -v ./aliyun_apigw_test.go -args \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_INPUTKEYPATH="/path/to/your-input-key.pem" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_ACCESSKEYID="your-access-key-id" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_ACCESSKEYSECRET="your-access-key-secret" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_REGION="cn-hangzhou" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_GATEWAYID="your-api-gateway-id" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_GROUPID="your-api-group-id" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_SERVICETYPE="cloudnative" \
+ --CERTIMATE_DEPLOYER_ALIYUNAPIGW_DOMAIN="example.com"
+*/
+func TestDeploy(t *testing.T) {
+ flag.Parse()
+
+ t.Run("Deploy", func(t *testing.T) {
+ t.Log(strings.Join([]string{
+ "args:",
+ fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+ fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+ fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+ fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+ fmt.Sprintf("REGION: %v", fRegion),
+ fmt.Sprintf("GATEWAYID: %v", fGatewayId),
+ fmt.Sprintf("GROUPID: %v", fGroupId),
+ fmt.Sprintf("SERVICETYPE: %v", fServiceType),
+ fmt.Sprintf("DOMAIN: %v", fDomain),
+ }, "\n"))
+
+ deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+ AccessKeyId: fAccessKeyId,
+ AccessKeySecret: fAccessKeySecret,
+ Region: fRegion,
+ ServiceType: provider.ServiceType(fServiceType),
+ GatewayId: fGatewayId,
+ GroupId: fGroupId,
+ Domain: fDomain,
+ })
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ fInputCertData, _ := os.ReadFile(fInputCertPath)
+ fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+ res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ t.Logf("ok: %v", res)
+ })
+}
diff --git a/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go b/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go
new file mode 100644
index 00000000..b53c7645
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/aliyun-apigw/consts.go
@@ -0,0 +1,10 @@
+package aliyunapigw
+
+type ServiceType string
+
+const (
+ // 服务类型:原 API 网关。
+ SERVICE_TYPE_TRADITIONAL = ServiceType("traditional")
+ // 服务类型:云原生 API 网关。
+ SERVICE_TYPE_CLOUDNATIVE = ServiceType("cloudnative")
+)
diff --git a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go
index 4439aa68..422d39d5 100644
--- a/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go
+++ b/internal/pkg/core/deployer/providers/azure-keyvault/azure_keyvault.go
@@ -2,13 +2,23 @@
import (
"context"
+ "crypto/x509"
+ "encoding/base64"
+ "errors"
+ "fmt"
"log/slog"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore"
+ "github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
+ "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+ "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azcertificates"
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/deployer"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/azure-keyvault"
+ "github.com/usual2970/certimate/internal/pkg/utils/certutil"
+ azcommon "github.com/usual2970/certimate/internal/pkg/vendors/azure-sdk/common"
)
type DeployerConfig struct {
@@ -22,11 +32,15 @@ type DeployerConfig struct {
CloudName string `json:"cloudName,omitempty"`
// Key Vault 名称。
KeyVaultName string `json:"keyvaultName"`
+ // Key Vault 证书名称。
+ // 选填。
+ CertificateName string `json:"certificateName,omitempty"`
}
type DeployerProvider struct {
config *DeployerConfig
logger *slog.Logger
+ sdkClient *azcertificates.Client
sslUploader uploader.Uploader
}
@@ -37,6 +51,11 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
panic("config is nil")
}
+ client, err := createSdkClient(config.TenantId, config.ClientId, config.ClientSecret, config.CloudName, config.KeyVaultName)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to create sdk client")
+ }
+
uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
TenantId: config.TenantId,
ClientId: config.ClientId,
@@ -51,6 +70,7 @@ func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
return &DeployerProvider{
config: config,
logger: slog.Default(),
+ sdkClient: client,
sslUploader: uploader,
}, nil
}
@@ -66,13 +86,93 @@ func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
}
func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
- // 上传证书到 KeyVault
- upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+ // 解析证书内容
+ certX509, err := certutil.ParseCertificateFromPEM(certPem)
if err != nil {
- return nil, xerrors.Wrap(err, "failed to upload certificate file")
+ return nil, err
+ }
+
+ // 转换证书格式
+ certPfx, err := certutil.TransformCertificateFromPEMToPFX(certPem, privkeyPem, "")
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to transform certificate from PEM to PFX")
+ }
+
+ if d.config.CertificateName == "" {
+ // 上传证书到 KeyVault
+ upres, err := d.sslUploader.Upload(ctx, certPem, privkeyPem)
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to upload certificate file")
+ } else {
+ d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
+ }
} else {
- d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
+ // 获取证书
+ // REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/get-certificate/get-certificate
+ getCertificateResp, err := d.sdkClient.GetCertificate(context.TODO(), d.config.CertificateName, "", nil)
+ d.logger.Debug("sdk request 'keyvault.GetCertificate'", slog.String("request.certificateName", d.config.CertificateName), slog.Any("response", getCertificateResp))
+ if err != nil {
+ var respErr *azcore.ResponseError
+ if !errors.As(err, &respErr) || (respErr.ErrorCode != "ResourceNotFound" && respErr.ErrorCode != "CertificateNotFound") {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'keyvault.GetCertificate'")
+ }
+ } else {
+ oldCertX509, err := x509.ParseCertificate(getCertificateResp.CER)
+ if err == nil {
+ if certutil.EqualCertificate(certX509, oldCertX509) {
+ return &deployer.DeployResult{}, nil
+ }
+ }
+ }
+
+ // 导入证书
+ // REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate
+ importCertificateParams := azcertificates.ImportCertificateParameters{
+ Base64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(certPfx)),
+ CertificatePolicy: &azcertificates.CertificatePolicy{
+ SecretProperties: &azcertificates.SecretProperties{
+ ContentType: to.Ptr("application/x-pkcs12"),
+ },
+ },
+ Tags: map[string]*string{
+ "certimate/cert-cn": to.Ptr(certX509.Subject.CommonName),
+ "certimate/cert-sn": to.Ptr(certX509.SerialNumber.Text(16)),
+ },
+ }
+ importCertificateResp, err := d.sdkClient.ImportCertificate(context.TODO(), d.config.CertificateName, importCertificateParams, nil)
+ d.logger.Debug("sdk request 'keyvault.ImportCertificate'", slog.String("request.certificateName", d.config.CertificateName), slog.Any("request.parameters", importCertificateParams), slog.Any("response", importCertificateResp))
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'keyvault.ImportCertificate'")
+ }
}
return &deployer.DeployResult{}, nil
}
+
+func createSdkClient(tenantId, clientId, clientSecret, cloudName, keyvaultName string) (*azcertificates.Client, error) {
+ env, err := azcommon.GetCloudEnvironmentConfiguration(cloudName)
+ if err != nil {
+ return nil, err
+ }
+ clientOptions := azcore.ClientOptions{Cloud: env}
+
+ credential, err := azidentity.NewClientSecretCredential(tenantId, clientId, clientSecret,
+ &azidentity.ClientSecretCredentialOptions{ClientOptions: clientOptions})
+ if err != nil {
+ return nil, err
+ }
+
+ endpoint := fmt.Sprintf("https://%s.vault.azure.net", keyvaultName)
+ if azcommon.IsEnvironmentGovernment(cloudName) {
+ endpoint = fmt.Sprintf("https://%s.vault.usgovcloudapi.net", keyvaultName)
+ } else if azcommon.IsEnvironmentChina(cloudName) {
+ endpoint = fmt.Sprintf("https://%s.vault.azure.cn", keyvaultName)
+ }
+
+ client, err := azcertificates.NewClient(endpoint, credential, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ return client, nil
+}
diff --git a/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go
new file mode 100644
index 00000000..bcf22635
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn.go
@@ -0,0 +1,70 @@
+package bunnycdn
+
+import (
+ "context"
+ "encoding/base64"
+ "log/slog"
+
+ xerrors "github.com/pkg/errors"
+
+ "github.com/usual2970/certimate/internal/pkg/core/deployer"
+ bunnysdk "github.com/usual2970/certimate/internal/pkg/vendors/bunny-sdk"
+)
+
+type DeployerConfig struct {
+ // Bunny API Key
+ ApiKey string `json:"apiKey"`
+ // Bunny Pull Zone ID
+ PullZoneId string `json:"pullZoneId"`
+ // Bunny CDN Hostname(支持泛域名)
+ HostName string `json:"hostName"`
+}
+
+type DeployerProvider struct {
+ config *DeployerConfig
+ logger *slog.Logger
+ sdkClient *bunnysdk.Client
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+ if config == nil {
+ panic("config is nil")
+ }
+
+ return &DeployerProvider{
+ config: config,
+ logger: slog.Default(),
+ sdkClient: bunnysdk.NewClient(config.ApiKey),
+ }, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
+ if logger == nil {
+ d.logger = slog.Default()
+ } else {
+ d.logger = logger
+ }
+ return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+ // Prepare
+ certPemBase64 := base64.StdEncoding.EncodeToString([]byte(certPem))
+ privkeyPemBase64 := base64.StdEncoding.EncodeToString([]byte(privkeyPem))
+ // 上传证书
+ createCertificateReq := &bunnysdk.AddCustomCertificateRequest{
+ Hostname: d.config.HostName,
+ PullZoneId: d.config.PullZoneId,
+ Certificate: certPemBase64,
+ CertificateKey: privkeyPemBase64,
+ }
+ createCertificateResp, err := d.sdkClient.AddCustomCertificate(createCertificateReq)
+ d.logger.Debug("sdk request 'bunny-cdn.AddCustomCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to execute sdk request 'bunny-cdn.AddCustomCertificate'")
+ }
+
+ return &deployer.DeployResult{}, nil
+}
diff --git a/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go
new file mode 100644
index 00000000..e4e54a20
--- /dev/null
+++ b/internal/pkg/core/deployer/providers/bunny-cdn/bunny_cdn_test.go
@@ -0,0 +1,75 @@
+package bunnycdn_test
+
+import (
+ "context"
+ "flag"
+ "fmt"
+ "os"
+ "strings"
+ "testing"
+
+ provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/bunny-cdn"
+)
+
+var (
+ fInputCertPath string
+ fInputKeyPath string
+ fApiKey string
+ fPullZoneId string
+ fHostName string
+)
+
+func init() {
+ argsPrefix := "CERTIMATE_DEPLOYER_BUNNYCDN_"
+
+ flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+ flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+ flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "")
+ flag.StringVar(&fPullZoneId, argsPrefix+"PULLZONEID", "", "")
+ flag.StringVar(&fHostName, argsPrefix+"HOSTNAME", "", "")
+}
+
+/*
+Shell command to run this test:
+
+ go test -v ./bunny_cdn_test.go -args \
+ --CERTIMATE_DEPLOYER_BUNNYCDN_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+ --CERTIMATE_DEPLOYER_BUNNYCDN_INPUTKEYPATH="/path/to/your-input-key.pem" \
+ --CERTIMATE_DEPLOYER_BUNNYCDN_APITOKEN="your-api-token" \
+ --CERTIMATE_DEPLOYER_BUNNYCDN_PULLZONEID="your-pull-zone-id" \
+ --CERTIMATE_DEPLOYER_BUNNYCDN_HOSTNAME="example.com"
+*/
+func TestDeploy(t *testing.T) {
+ flag.Parse()
+
+ t.Run("Deploy", func(t *testing.T) {
+ t.Log(strings.Join([]string{
+ "args:",
+ fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+ fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+ fmt.Sprintf("APIKEY: %v", fApiKey),
+ fmt.Sprintf("PULLZONEID: %v", fPullZoneId),
+ fmt.Sprintf("HOSTNAME: %v", fHostName),
+ }, "\n"))
+
+ deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+ ApiKey: fApiKey,
+ PullZoneId: fPullZoneId,
+ HostName: fHostName,
+ })
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ fInputCertData, _ := os.ReadFile(fInputCertPath)
+ fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+ res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ t.Logf("ok: %v", res)
+ })
+}
diff --git a/internal/pkg/core/deployer/providers/ssh/ssh.go b/internal/pkg/core/deployer/providers/ssh/ssh.go
index 8fba9490..3093ab42 100644
--- a/internal/pkg/core/deployer/providers/ssh/ssh.go
+++ b/internal/pkg/core/deployer/providers/ssh/ssh.go
@@ -243,7 +243,6 @@ func writeFileWithSCP(sshCli *ssh.Client, path string, data []byte) error {
if err != nil {
return xerrors.Wrap(err, "failed to create scp client")
}
- defer scpCli.Close()
reader := bytes.NewReader(data)
err = scpCli.CopyToRemote(reader, path, &scp.FileTransferOption{})
diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
index c5ac15b9..a0c1e586 100644
--- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
+++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go
@@ -13,6 +13,7 @@ import (
"fmt"
"log/slog"
"regexp"
+ "strconv"
"time"
"github.com/alibabacloud-go/tea/tea"
@@ -28,6 +29,8 @@ type DeployerConfig struct {
AccessKeyId string `json:"accessKeyId"`
// 网宿云 AccessKeySecret。
AccessKeySecret string `json:"accessKeySecret"`
+ // 网宿云 API Key。
+ ApiKey string `json:"apiKey"`
// 网宿云环境。
Environment string `json:"environment"`
// 加速域名(支持泛域名)。
@@ -93,7 +96,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
}
// 生成网宿云证书参数
- encryptedPrivateKey, err := encryptPrivateKey(privkeyPem, d.config.AccessKeySecret, time.Now().Unix())
+ encryptedPrivateKey, err := encryptPrivateKey(privkeyPem, d.config.ApiKey, time.Now().Unix())
if err != nil {
return nil, xerrors.Wrap(err, "failed to encrypt private key")
}
@@ -111,7 +114,8 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
// http://open.chinanetcenter.com/cdn/certificates/5dca2205f9e9cc0001df7b33
// http://open.chinanetcenter.com/cdn/certificates/329f12c1fe6708c23c31e91f/versions/5
var wangsuCertUrl string
- var wangsuCertId, wangsuCertVer string
+ var wangsuCertId string
+ var wangsuCertVer int32
// 如果原证书 ID 为空,则创建证书;否则更新证书。
timestamp := time.Now().Unix()
@@ -137,7 +141,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
wangsuCertId = wangsuCertIdMatches[1]
}
- wangsuCertVer = "1"
+ wangsuCertVer = 1
} else {
// 更新证书
updateCertificateReq := &wangsucdn.UpdateCertificateRequest{
@@ -162,7 +166,8 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
wangsuCertVerMatches := regexp.MustCompile(`/versions/(\d+)`).FindStringSubmatch(wangsuCertUrl)
if len(wangsuCertVerMatches) > 1 {
- wangsuCertVer = wangsuCertVerMatches[1]
+ n, _ := strconv.ParseInt(wangsuCertVerMatches[1], 10, 32)
+ wangsuCertVer = int32(n)
}
}
@@ -175,7 +180,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
{
Action: tea.String("deploy_cert"),
CertificateId: tea.String(wangsuCertId),
- Version: tea.String(wangsuCertVer),
+ Version: tea.Int32(wangsuCertVer),
},
},
}
@@ -191,7 +196,7 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
// 循环获取部署任务详细信息,等待任务状态变更
// REF: https://www.wangsu.com/document/api-doc/27038
var wangsuTaskId string
- wangsuTaskMatches := regexp.MustCompile(`/deploymentTasks/([a-zA-Z0-9-]+)`).FindStringSubmatch(wangsuCertUrl)
+ wangsuTaskMatches := regexp.MustCompile(`/deploymentTasks/([a-zA-Z0-9-]+)`).FindStringSubmatch(createDeploymentTaskResp.DeploymentTaskUrl)
if len(wangsuTaskMatches) > 1 {
wangsuTaskId = wangsuTaskMatches[1]
}
@@ -201,19 +206,19 @@ func (d *DeployerProvider) Deploy(ctx context.Context, certPem string, privkeyPe
}
getDeploymentTaskDetailResp, err := d.sdkClient.GetDeploymentTaskDetail(wangsuTaskId)
- d.logger.Debug("sdk request 'cdn.GetDeploymentTaskDetail'", slog.Any("taskId", wangsuTaskId), slog.Any("response", getDeploymentTaskDetailResp))
+ d.logger.Info("sdk request 'cdn.GetDeploymentTaskDetail'", slog.Any("taskId", wangsuTaskId), slog.Any("response", getDeploymentTaskDetailResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.GetDeploymentTaskDetail'")
}
if getDeploymentTaskDetailResp.Status == "failed" {
return nil, errors.New("unexpected deployment task status")
- } else if getDeploymentTaskDetailResp.Status == "succeeded" {
+ } else if getDeploymentTaskDetailResp.Status == "succeeded" || getDeploymentTaskDetailResp.FinishTime != "" {
break
}
- d.logger.Info("waiting for deployment task completion ...")
- time.Sleep(time.Second * 15)
+ d.logger.Info(fmt.Sprintf("waiting for deployment task completion (current status: %s) ...", getDeploymentTaskDetailResp.Status))
+ time.Sleep(time.Second * 5)
}
return &deployer.DeployResult{}, nil
@@ -231,11 +236,11 @@ func createSdkClient(accessKeyId, accessKeySecret string) (*wangsucdn.Client, er
return wangsucdn.NewClient(accessKeyId, accessKeySecret), nil
}
-func encryptPrivateKey(privkeyPem string, secretKey string, timestamp int64) (string, error) {
+func encryptPrivateKey(privkeyPem string, apiKey string, timestamp int64) (string, error) {
date := time.Unix(timestamp, 0).UTC()
dateStr := date.Format("Mon, 02 Jan 2006 15:04:05 GMT")
- mac := hmac.New(sha256.New, []byte(secretKey))
+ mac := hmac.New(sha256.New, []byte(apiKey))
mac.Write([]byte(dateStr))
aesivkey := mac.Sum(nil)
aesivkeyHex := hex.EncodeToString(aesivkey)
diff --git a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go
index 25dd7b1e..2a868fab 100644
--- a/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go
+++ b/internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro_test.go
@@ -16,6 +16,7 @@ var (
fInputKeyPath string
fAccessKeyId string
fAccessKeySecret string
+ fApiKey string
fEnvironment string
fDomain string
fCertificateId string
@@ -29,6 +30,7 @@ func init() {
flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+ flag.StringVar(&fApiKey, argsPrefix+"APIKEY", "", "")
flag.StringVar(&fEnvironment, argsPrefix+"ENVIRONMENT", "production", "")
flag.StringVar(&fDomain, argsPrefix+"DOMAIN", "", "")
flag.StringVar(&fCertificateId, argsPrefix+"CERTIFICATEID", "", "")
@@ -43,9 +45,10 @@ Shell command to run this test:
--CERTIMATE_DEPLOYER_WANGSUCDNPRO_INPUTKEYPATH="/path/to/your-input-key.pem" \
--CERTIMATE_DEPLOYER_WANGSUCDNPRO_ACCESSKEYID="your-access-key-id" \
--CERTIMATE_DEPLOYER_WANGSUCDNPRO_ACCESSKEYSECRET="your-access-key-secret" \
+ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_APIKEY="your-api-key" \
--CERTIMATE_DEPLOYER_WANGSUCDNPRO_ENVIRONMENT="production" \
--CERTIMATE_DEPLOYER_WANGSUCDNPRO_DOMAIN="example.com" \
- --CERTIMATE_DEPLOYER_WANGSUCDNPRO_CERTIFICATEID="your-certificate-id"\
+ --CERTIMATE_DEPLOYER_WANGSUCDNPRO_CERTIFICATEID="your-certificate-id" \
--CERTIMATE_DEPLOYER_WANGSUCDNPRO_WEBHOOKID="your-webhook-id"
*/
func TestDeploy(t *testing.T) {
@@ -58,6 +61,7 @@ func TestDeploy(t *testing.T) {
fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+ fmt.Sprintf("APIKEY: %v", fApiKey),
fmt.Sprintf("ENVIRONMENT: %v", fEnvironment),
fmt.Sprintf("DOMAIN: %v", fDomain),
fmt.Sprintf("CERTIFICATEID: %v", fCertificateId),
@@ -67,6 +71,7 @@ func TestDeploy(t *testing.T) {
deployer, err := provider.NewDeployer(&provider.DeployerConfig{
AccessKeyId: fAccessKeyId,
AccessKeySecret: fAccessKeySecret,
+ ApiKey: fApiKey,
Environment: fEnvironment,
Domain: fDomain,
CertificateId: fCertificateId,
diff --git a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go
index 5f6f998a..36af11c7 100644
--- a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go
+++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go
@@ -3,6 +3,7 @@
import (
"context"
"crypto/x509"
+ "encoding/base64"
"fmt"
"log/slog"
"time"
@@ -141,13 +142,21 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 生成新证书名(需符合 Azure 命名规则)
certName := fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+ // Azure Key Vault 不支持导入带有 Certificiate Chain 的 PEM 证书。
+ // Issue Link: https://github.com/Azure/azure-cli/issues/19017
+ // 暂时的解决方法是,将 PEM 证书转换成 PFX 格式,然后再导入。
+ certPfx, err := certutil.TransformCertificateFromPEMToPFX(certPem, privkeyPem, "")
+ if err != nil {
+ return nil, xerrors.Wrap(err, "failed to transform certificate from PEM to PFX")
+ }
+
// 导入证书
// REF: https://learn.microsoft.com/en-us/rest/api/keyvault/certificates/import-certificate/import-certificate
importCertificateParams := azcertificates.ImportCertificateParameters{
- Base64EncodedCertificate: to.Ptr(certPem),
+ Base64EncodedCertificate: to.Ptr(base64.StdEncoding.EncodeToString(certPfx)),
CertificatePolicy: &azcertificates.CertificatePolicy{
SecretProperties: &azcertificates.SecretProperties{
- ContentType: to.Ptr("application/x-pem-file"),
+ ContentType: to.Ptr("application/x-pkcs12"),
},
},
Tags: map[string]*string{
diff --git a/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go
new file mode 100644
index 00000000..8ef63a80
--- /dev/null
+++ b/internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault_test.go
@@ -0,0 +1,87 @@
+package azurekeyvault_test
+
+import (
+ "context"
+ "encoding/json"
+ "flag"
+ "fmt"
+ "os"
+ "strings"
+ "testing"
+
+ provider "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/azure-keyvault"
+)
+
+var (
+ fInputCertPath string
+ fInputKeyPath string
+ fTenantId string
+ fClientId string
+ fClientSecret string
+ fCloudName string
+ fKeyVaultName string
+)
+
+func init() {
+ argsPrefix := "CERTIMATE_UPLOADER_AZUREKEYVAULT_"
+
+ flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+ flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+ flag.StringVar(&fTenantId, argsPrefix+"TENANTID", "", "")
+ flag.StringVar(&fClientId, argsPrefix+"CLIENTID", "", "")
+ flag.StringVar(&fClientSecret, argsPrefix+"CLIENTSECRET", "", "")
+ flag.StringVar(&fCloudName, argsPrefix+"CLOUDNAME", "", "")
+ flag.StringVar(&fKeyVaultName, argsPrefix+"KEYVAULTNAME", "", "")
+}
+
+/*
+Shell command to run this test:
+
+ go test -v ./azure_keyvault_test.go -args \
+ --CERTIMATE_UPLOADER_AZUREKEYVAULT_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+ --CERTIMATE_UPLOADER_AZUREKEYVAULT_INPUTKEYPATH="/path/to/your-input-key.pem" \
+ --CERTIMATE_UPLOADER_AZUREKEYVAULT_TENANTID="your-tenant-id" \
+ --CERTIMATE_UPLOADER_AZUREKEYVAULT_CLIENTID="your-app-registration-client-id" \
+ --CERTIMATE_UPLOADER_AZUREKEYVAULT_CLIENTSECRET="your-app-registration-client-secret" \
+ --CERTIMATE_UPLOADER_AZUREKEYVAULT_CLOUDNAME="china" \
+ --CERTIMATE_UPLOADER_AZUREKEYVAULT_KEYVAULTNAME="your-keyvault-name"
+*/
+func TestDeploy(t *testing.T) {
+ flag.Parse()
+
+ t.Run("Deploy", func(t *testing.T) {
+ t.Log(strings.Join([]string{
+ "args:",
+ fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+ fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+ fmt.Sprintf("TENANTID: %v", fTenantId),
+ fmt.Sprintf("CLIENTID: %v", fClientId),
+ fmt.Sprintf("CLIENTSECRET: %v", fClientSecret),
+ fmt.Sprintf("CLOUDNAME: %v", fCloudName),
+ fmt.Sprintf("KEYVAULTNAME: %v", fKeyVaultName),
+ }, "\n"))
+
+ uploader, err := provider.NewUploader(&provider.UploaderConfig{
+ TenantId: fTenantId,
+ ClientId: fClientId,
+ ClientSecret: fClientSecret,
+ CloudName: fCloudName,
+ KeyVaultName: fKeyVaultName,
+ })
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ fInputCertData, _ := os.ReadFile(fInputCertPath)
+ fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+ res, err := uploader.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))
+ if err != nil {
+ t.Errorf("err: %+v", err)
+ return
+ }
+
+ sres, _ := json.Marshal(res)
+ t.Logf("ok: %s", string(sres))
+ })
+}
diff --git a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go
index 990d9550..66540699 100644
--- a/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go
+++ b/internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go
@@ -72,12 +72,17 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}
var certId string
- if importCertificateResp.InstanceId != nil {
+ if importCertificateResp.InstanceId != nil && *importCertificateResp.InstanceId != "" {
certId = *importCertificateResp.InstanceId
}
- if importCertificateResp.RepeatId != nil {
+ if importCertificateResp.RepeatId != nil && *importCertificateResp.RepeatId != "" {
certId = *importCertificateResp.RepeatId
}
+
+ if certId == "" {
+ return nil, xerrors.New("failed to get certificate id, both `InstanceId` and `RepeatId` are empty")
+ }
+
return &uploader.UploadResult{
CertId: certId,
}, nil
diff --git a/internal/pkg/vendors/1panel-sdk/api.go b/internal/pkg/vendors/1panel-sdk/api.go
index 8b0a6d09..8fa15393 100644
--- a/internal/pkg/vendors/1panel-sdk/api.go
+++ b/internal/pkg/vendors/1panel-sdk/api.go
@@ -17,6 +17,12 @@ func (c *Client) SearchWebsiteSSL(req *SearchWebsiteSSLRequest) (*SearchWebsiteS
return resp, err
}
+func (c *Client) GetWebsiteSSL(req *GetWebsiteSSLRequest) (*GetWebsiteSSLResponse, error) {
+ resp := &GetWebsiteSSLResponse{}
+ err := c.sendRequestWithResult(http.MethodGet, fmt.Sprintf("/websites/ssl/%d", req.SSLID), req, resp)
+ return resp, err
+}
+
func (c *Client) UploadWebsiteSSL(req *UploadWebsiteSSLRequest) (*UploadWebsiteSSLResponse, error) {
resp := &UploadWebsiteSSLResponse{}
err := c.sendRequestWithResult(http.MethodPost, "/websites/ssl/upload", req, resp)
diff --git a/internal/pkg/vendors/1panel-sdk/models.go b/internal/pkg/vendors/1panel-sdk/models.go
index af1bdbe9..13f144d9 100644
--- a/internal/pkg/vendors/1panel-sdk/models.go
+++ b/internal/pkg/vendors/1panel-sdk/models.go
@@ -59,6 +59,28 @@ type SearchWebsiteSSLResponse struct {
} `json:"data,omitempty"`
}
+type GetWebsiteSSLRequest struct {
+ SSLID int64 `json:"-"`
+}
+
+type GetWebsiteSSLResponse struct {
+ baseResponse
+ Data *struct {
+ ID int64 `json:"id"`
+ Provider string `json:"provider"`
+ Description string `json:"description"`
+ PrimaryDomain string `json:"primaryDomain"`
+ Domains string `json:"domains"`
+ Type string `json:"type"`
+ Organization string `json:"organization"`
+ Status string `json:"status"`
+ StartDate string `json:"startDate"`
+ ExpireDate string `json:"expireDate"`
+ CreatedAt string `json:"createdAt"`
+ UpdatedAt string `json:"updatedAt"`
+ } `json:"data,omitempty"`
+}
+
type UploadWebsiteSSLRequest struct {
Type string `json:"type"`
SSLID int64 `json:"sslID"`
diff --git a/internal/pkg/vendors/bunny-sdk/api.go b/internal/pkg/vendors/bunny-sdk/api.go
new file mode 100644
index 00000000..8cff90b4
--- /dev/null
+++ b/internal/pkg/vendors/bunny-sdk/api.go
@@ -0,0 +1,11 @@
+package bunnysdk
+
+import (
+ "fmt"
+ "net/http"
+)
+
+func (c *Client) AddCustomCertificate(req *AddCustomCertificateRequest) ([]byte, error) {
+ resp, err := c.sendRequest(http.MethodPost, fmt.Sprintf("/pullzone/%s/addCertificate", req.PullZoneId), req)
+ return resp.Body(), err
+}
diff --git a/internal/pkg/vendors/bunny-sdk/client.go b/internal/pkg/vendors/bunny-sdk/client.go
new file mode 100644
index 00000000..398d5cb2
--- /dev/null
+++ b/internal/pkg/vendors/bunny-sdk/client.go
@@ -0,0 +1,66 @@
+package bunnysdk
+
+import (
+ "encoding/json"
+ "fmt"
+ "net/http"
+ "strings"
+ "time"
+
+ "github.com/go-resty/resty/v2"
+)
+
+type Client struct {
+ apiToken string
+
+ client *resty.Client
+}
+
+func NewClient(apiToken string) *Client {
+ client := resty.New()
+
+ return &Client{
+ apiToken: apiToken,
+ client: client,
+ }
+}
+
+func (c *Client) WithTimeout(timeout time.Duration) *Client {
+ c.client.SetTimeout(timeout)
+ return c
+}
+
+func (c *Client) sendRequest(method string, path string, params interface{}) (*resty.Response, error) {
+ req := c.client.R()
+ req.Method = method
+ req.URL = "https://api.bunny.net" + path
+ req = req.SetHeader("AccessKey", c.apiToken)
+ if strings.EqualFold(method, http.MethodGet) {
+ qs := make(map[string]string)
+ if params != nil {
+ temp := make(map[string]any)
+ jsonb, _ := json.Marshal(params)
+ json.Unmarshal(jsonb, &temp)
+ for k, v := range temp {
+ if v != nil {
+ qs[k] = fmt.Sprintf("%v", v)
+ }
+ }
+ }
+
+ req = req.SetQueryParams(qs)
+ } else {
+ req = req.
+ SetHeader("Content-Type", "application/json").
+ SetBody(params)
+ }
+
+ resp, err := req.Send()
+ if err != nil {
+ return resp, fmt.Errorf("bunny api error: failed to send request: %w", err)
+ } else if resp.IsError() {
+ return resp, fmt.Errorf("bunny api error: unexpected status code: %d, %s", resp.StatusCode(), resp.Body())
+ }
+
+ return resp, nil
+}
diff --git a/internal/pkg/vendors/bunny-sdk/models.go b/internal/pkg/vendors/bunny-sdk/models.go
new file mode 100644
index 00000000..3306cf5b
--- /dev/null
+++ b/internal/pkg/vendors/bunny-sdk/models.go
@@ -0,0 +1,8 @@
+package bunnysdk
+
+type AddCustomCertificateRequest struct {
+ Hostname string `json:"Hostname"`
+ PullZoneId string `json:"-"`
+ Certificate string `json:"Certificate"`
+ CertificateKey string `json:"CertificateKey"`
+}
diff --git a/internal/pkg/vendors/cdnfly-sdk/models.go b/internal/pkg/vendors/cdnfly-sdk/models.go
index 07497cd3..9622627a 100644
--- a/internal/pkg/vendors/cdnfly-sdk/models.go
+++ b/internal/pkg/vendors/cdnfly-sdk/models.go
@@ -1,6 +1,6 @@
package cdnflysdk
-import "encoding/json"
+import "fmt"
type BaseResponse interface {
GetCode() string
@@ -8,12 +8,24 @@ type BaseResponse interface {
}
type baseResponse struct {
- Code json.Number `json:"code"`
- Message string `json:"msg"`
+ Code any `json:"code"`
+ Message string `json:"msg"`
}
func (r *baseResponse) GetCode() string {
- return r.Code.String()
+ if r.Code == nil {
+ return ""
+ }
+
+ if code, ok := r.Code.(int); ok {
+ return fmt.Sprintf("%d", code)
+ }
+
+ if code, ok := r.Code.(string); ok {
+ return code
+ }
+
+ return ""
}
func (r *baseResponse) GetMessage() string {
diff --git a/internal/pkg/vendors/wangsu-sdk/cdn/api.go b/internal/pkg/vendors/wangsu-sdk/cdn/api.go
index dff719f1..92a05cfa 100644
--- a/internal/pkg/vendors/wangsu-sdk/cdn/api.go
+++ b/internal/pkg/vendors/wangsu-sdk/cdn/api.go
@@ -22,6 +22,10 @@ func (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertif
}
func (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {
+ if certificateId == "" {
+ return nil, fmt.Errorf("invalid parameter: certificateId")
+ }
+
resp := &UpdateCertificateResponse{}
r, err := c.client.SendRequestWithResult(http.MethodPatch, fmt.Sprintf("/cdn/certificates/%s", url.PathEscape(certificateId)), req, resp, func(r *resty.Request) {
r.SetHeader("x-cnc-timestamp", fmt.Sprintf("%d", req.Timestamp))
@@ -35,6 +39,10 @@ func (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateR
}
func (c *Client) GetHostnameDetail(hostname string) (*GetHostnameDetailResponse, error) {
+ if hostname == "" {
+ return nil, fmt.Errorf("invalid parameter: hostname")
+ }
+
resp := &GetHostnameDetailResponse{}
_, err := c.client.SendRequestWithResult(http.MethodGet, fmt.Sprintf("/cdn/hostnames/%s", url.PathEscape(hostname)), nil, resp)
return resp, err
@@ -52,7 +60,11 @@ func (c *Client) CreateDeploymentTask(req *CreateDeploymentTaskRequest) (*Create
}
func (c *Client) GetDeploymentTaskDetail(deploymentTaskId string) (*GetDeploymentTaskDetailResponse, error) {
+ if deploymentTaskId == "" {
+ return nil, fmt.Errorf("invalid parameter: deploymentTaskId")
+ }
+
resp := &GetDeploymentTaskDetailResponse{}
- _, err := c.client.SendRequestWithResult(http.MethodGet, fmt.Sprintf("/cdn/deploymentTasks/%s", deploymentTaskId), nil, resp)
+ _, err := c.client.SendRequestWithResult(http.MethodGet, fmt.Sprintf("/cdn/deploymentTasks/%s", url.PathEscape(deploymentTaskId)), nil, resp)
return resp, err
}
diff --git a/internal/pkg/vendors/wangsu-sdk/cdn/models.go b/internal/pkg/vendors/wangsu-sdk/cdn/models.go
index 0126418a..2bebced2 100644
--- a/internal/pkg/vendors/wangsu-sdk/cdn/models.go
+++ b/internal/pkg/vendors/wangsu-sdk/cdn/models.go
@@ -80,7 +80,7 @@ type DeploymentTaskAction struct {
Action *string `json:"action,omitempty" required:"true"`
PropertyId *string `json:"propertyId,omitempty"`
CertificateId *string `json:"certificateId,omitempty"`
- Version *string `json:"version,omitempty"`
+ Version *int32 `json:"version,omitempty"`
}
type CreateDeploymentTaskRequest struct {
@@ -97,6 +97,7 @@ type CreateDeploymentTaskResponse struct {
type GetDeploymentTaskDetailResponse struct {
baseResponse
+ Name string `json:"name"`
Target string `json:"target"`
Actions []DeploymentTaskAction `json:"actions"`
Status string `json:"status"`
diff --git a/internal/pkg/vendors/wangsu-sdk/openapi/client.go b/internal/pkg/vendors/wangsu-sdk/openapi/client.go
index 6492aba8..d63c20c7 100644
--- a/internal/pkg/vendors/wangsu-sdk/openapi/client.go
+++ b/internal/pkg/vendors/wangsu-sdk/openapi/client.go
@@ -111,7 +111,7 @@ func NewClient(accessKey, secretKey string) *Client {
signHex := strings.ToLower(hex.EncodeToString(sign))
// Step 9: Add headers to request
- req.Header.Set("x-cnc-accessKey", accessKey)
+ req.Header.Set("x-cnc-accesskey", accessKey)
req.Header.Set("x-cnc-timestamp", timestampString)
req.Header.Set("x-cnc-auth-method", "AKSK")
req.Header.Set("Authorization", fmt.Sprintf("%s Credential=%s, SignedHeaders=%s, Signature=%s", SignAlgorithmHeader, accessKey, signedHeaders, signHex))
@@ -178,8 +178,11 @@ func (c *Client) SendRequestWithResult(method string, path string, params interf
return resp, err
}
- if err := json.Unmarshal(resp.Body(), &result); err != nil {
- return resp, fmt.Errorf("wangsu api error: failed to parse response: %w", err)
+ respBody := resp.Body()
+ if len(respBody) != 0 {
+ if err := json.Unmarshal(respBody, &result); err != nil {
+ return resp, fmt.Errorf("wangsu api error: failed to parse response: %w", err)
+ }
}
result.SetRequestId(resp.Header().Get("x-cnc-request-id"))
diff --git a/migrations/1744459000_upgrade.go b/migrations/1744459000_upgrade.go
new file mode 100644
index 00000000..d2f95004
--- /dev/null
+++ b/migrations/1744459000_upgrade.go
@@ -0,0 +1,98 @@
+package migrations
+
+import (
+ "github.com/pocketbase/pocketbase/core"
+ m "github.com/pocketbase/pocketbase/migrations"
+)
+
+func init() {
+ m.Register(func(app core.App) error {
+ // update collection `access`
+ {
+ collection, err := app.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+ if err != nil {
+ return err
+ }
+
+ // update field
+ if err := collection.Fields.AddMarshaledJSONAt(2, []byte(`{
+ "hidden": false,
+ "id": "hwy7m03o",
+ "maxSelect": 1,
+ "name": "provider",
+ "presentable": false,
+ "required": false,
+ "system": false,
+ "type": "select",
+ "values": [
+ "1panel",
+ "acmehttpreq",
+ "akamai",
+ "aliyun",
+ "aws",
+ "azure",
+ "baiducloud",
+ "baishan",
+ "baotapanel",
+ "bunny",
+ "byteplus",
+ "buypass",
+ "cachefly",
+ "cdnfly",
+ "cloudflare",
+ "cloudns",
+ "cmcccloud",
+ "ctcccloud",
+ "cucccloud",
+ "desec",
+ "dnsla",
+ "dogecloud",
+ "dynv6",
+ "edgio",
+ "fastly",
+ "gname",
+ "gcore",
+ "godaddy",
+ "goedge",
+ "googletrustservices",
+ "huaweicloud",
+ "jdcloud",
+ "k8s",
+ "letsencrypt",
+ "letsencryptstaging",
+ "local",
+ "namecheap",
+ "namedotcom",
+ "namesilo",
+ "ns1",
+ "porkbun",
+ "powerdns",
+ "qiniu",
+ "qingcloud",
+ "rainyun",
+ "safeline",
+ "ssh",
+ "sslcom",
+ "tencentcloud",
+ "ucloud",
+ "upyun",
+ "vercel",
+ "volcengine",
+ "webhook",
+ "westcn",
+ "zerossl"
+ ]
+ }`)); err != nil {
+ return err
+ }
+
+ if err := app.Save(collection); err != nil {
+ return err
+ }
+ }
+
+ return nil
+ }, func(app core.App) error {
+ return nil
+ })
+}
diff --git a/ui/public/imgs/providers/bunny.svg b/ui/public/imgs/providers/bunny.svg
new file mode 100644
index 00000000..edbbab32
--- /dev/null
+++ b/ui/public/imgs/providers/bunny.svg
@@ -0,0 +1,108 @@
+
\ No newline at end of file
diff --git a/ui/src/components/access/AccessForm.tsx b/ui/src/components/access/AccessForm.tsx
index bffb1f49..a00b0f2e 100644
--- a/ui/src/components/access/AccessForm.tsx
+++ b/ui/src/components/access/AccessForm.tsx
@@ -17,6 +17,7 @@ import AccessFormAzureConfig from "./AccessFormAzureConfig";
import AccessFormBaiduCloudConfig from "./AccessFormBaiduCloudConfig";
import AccessFormBaishanConfig from "./AccessFormBaishanConfig";
import AccessFormBaotaPanelConfig from "./AccessFormBaotaPanelConfig";
+import AccessFormBunnyConfig from "./AccessFormBunnyConfig";
import AccessFormBytePlusConfig from "./AccessFormBytePlusConfig";
import AccessFormCacheFlyConfig from "./AccessFormCacheFlyConfig";
import AccessFormCdnflyConfig from "./AccessFormCdnflyConfig";
@@ -162,6 +163,8 @@ const AccessForm = forwardRef(({ className,
return ;
case ACCESS_PROVIDERS.BAOTAPANEL:
return ;
+ case ACCESS_PROVIDERS.BUNNY:
+ return ;
case ACCESS_PROVIDERS.BYTEPLUS:
return ;
case ACCESS_PROVIDERS.CACHEFLY:
diff --git a/ui/src/components/access/AccessFormBunnyConfig.tsx b/ui/src/components/access/AccessFormBunnyConfig.tsx
new file mode 100644
index 00000000..0906d3d0
--- /dev/null
+++ b/ui/src/components/access/AccessFormBunnyConfig.tsx
@@ -0,0 +1,62 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AccessConfigForBunny } from "@/domain/access";
+
+type AccessFormBunnyConfigFieldValues = Nullish;
+
+export type AccessFormBunnyConfigProps = {
+ form: FormInstance;
+ formName: string;
+ disabled?: boolean;
+ initialValues?: AccessFormBunnyConfigFieldValues;
+ onValuesChange?: (values: AccessFormBunnyConfigFieldValues) => void;
+};
+
+const initFormModel = (): AccessFormBunnyConfigFieldValues => {
+ return {
+ apiKey: "",
+ };
+};
+
+const AccessFormBunnyConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: AccessFormBunnyConfigProps) => {
+ const { t } = useTranslation();
+
+ const formSchema = z.object({
+ apiKey: z
+ .string()
+ .nonempty(t("access.form.bunny_api_key.placeholder"))
+ .trim(),
+ });
+ const formRule = createSchemaFieldRule(formSchema);
+
+ const handleFormChange = (_: unknown, values: z.infer) => {
+ onValuesChange?.(values);
+ };
+
+ return (
+
+ );
+};
+
+export default AccessFormBunnyConfig;
diff --git a/ui/src/components/access/AccessFormWangsuConfig.tsx b/ui/src/components/access/AccessFormWangsuConfig.tsx
index f9676829..bb4f699c 100644
--- a/ui/src/components/access/AccessFormWangsuConfig.tsx
+++ b/ui/src/components/access/AccessFormWangsuConfig.tsx
@@ -19,6 +19,7 @@ const initFormModel = (): AccessFormWangsuConfigFieldValues => {
return {
accessKeyId: "",
accessKeySecret: "",
+ apiKey: "",
};
};
@@ -36,6 +37,11 @@ const AccessFormWangsuConfig = ({ form: formInst, formName, disabled, initialVal
.min(1, t("access.form.wangsu_access_key_secret.placeholder"))
.max(64, t("common.errmsg.string_max", { max: 64 }))
.trim(),
+ apiKey: z
+ .string()
+ .min(1, t("access.form.wangsu_api_key.placeholder"))
+ .max(256, t("common.errmsg.string_max", { max: 256 }))
+ .trim(),
});
const formRule = createSchemaFieldRule(formSchema);
@@ -69,6 +75,15 @@ const AccessFormWangsuConfig = ({ form: formInst, formName, disabled, initialVal
>
+
+ }
+ >
+
+
);
};
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
index 5565c985..24d256de 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm.tsx
@@ -18,6 +18,7 @@ import { useWorkflowStore } from "@/stores/workflow";
import DeployNodeConfigForm1PanelConsoleConfig from "./DeployNodeConfigForm1PanelConsoleConfig";
import DeployNodeConfigForm1PanelSiteConfig from "./DeployNodeConfigForm1PanelSiteConfig";
import DeployNodeConfigFormAliyunALBConfig from "./DeployNodeConfigFormAliyunALBConfig";
+import DeployNodeConfigFormAliyunAPIGWConfig from "./DeployNodeConfigFormAliyunAPIGWConfig";
import DeployNodeConfigFormAliyunCASConfig from "./DeployNodeConfigFormAliyunCASConfig";
import DeployNodeConfigFormAliyunCASDeployConfig from "./DeployNodeConfigFormAliyunCASDeployConfig";
import DeployNodeConfigFormAliyunCDNConfig from "./DeployNodeConfigFormAliyunCDNConfig";
@@ -39,6 +40,7 @@ import DeployNodeConfigFormBaiduCloudCDNConfig from "./DeployNodeConfigFormBaidu
import DeployNodeConfigFormBaishanCDNConfig from "./DeployNodeConfigFormBaishanCDNConfig";
import DeployNodeConfigFormBaotaPanelConsoleConfig from "./DeployNodeConfigFormBaotaPanelConsoleConfig";
import DeployNodeConfigFormBaotaPanelSiteConfig from "./DeployNodeConfigFormBaotaPanelSiteConfig";
+import DeployNodeConfigFormBunnyCDNConfig from "./DeployNodeConfigFormBunnyCDNConfig.tsx";
import DeployNodeConfigFormBytePlusCDNConfig from "./DeployNodeConfigFormBytePlusCDNConfig";
import DeployNodeConfigFormCdnflyConfig from "./DeployNodeConfigFormCdnflyConfig";
import DeployNodeConfigFormDogeCloudCDNConfig from "./DeployNodeConfigFormDogeCloudCDNConfig";
@@ -177,6 +179,8 @@ const DeployNodeConfigForm = forwardRef;
case DEPLOY_PROVIDERS.ALIYUN_ALB:
return ;
+ case DEPLOY_PROVIDERS.ALIYUN_APIGW:
+ return ;
case DEPLOY_PROVIDERS.ALIYUN_CAS:
return ;
case DEPLOY_PROVIDERS.ALIYUN_CAS_DEPLOY:
@@ -219,6 +223,8 @@ const DeployNodeConfigForm = forwardRef;
case DEPLOY_PROVIDERS.BAOTAPANEL_SITE:
return ;
+ case DEPLOY_PROVIDERS.BUNNY_CDN:
+ return ;
case DEPLOY_PROVIDERS.BYTEPLUS_CDN:
return ;
case DEPLOY_PROVIDERS.CDNFLY:
diff --git a/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx
index f5a26450..94a9bce2 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigForm1PanelSiteConfig.tsx
@@ -1,10 +1,14 @@
import { useTranslation } from "react-i18next";
-import { Form, type FormInstance, Input } from "antd";
+import { Form, type FormInstance, Input, Select } from "antd";
import { createSchemaFieldRule } from "antd-zod";
import { z } from "zod";
+import Show from "@/components/Show";
+
type DeployNodeConfigForm1PanelSiteConfigFieldValues = Nullish<{
- websiteId: string | number;
+ resourceType: string;
+ websiteId?: string | number;
+ certificateId?: string | number;
}>;
export type DeployNodeConfigForm1PanelSiteConfigProps = {
@@ -15,8 +19,13 @@ export type DeployNodeConfigForm1PanelSiteConfigProps = {
onValuesChange?: (values: DeployNodeConfigForm1PanelSiteConfigFieldValues) => void;
};
+const RESOURCE_TYPE_WEBSITE = "website" as const;
+const RESOURCE_TYPE_CERTIFICATE = "certificate" as const;
+
const initFormModel = (): DeployNodeConfigForm1PanelSiteConfigFieldValues => {
- return {};
+ return {
+ resourceType: RESOURCE_TYPE_WEBSITE,
+ };
};
const DeployNodeConfigForm1PanelSiteConfig = ({
@@ -29,12 +38,28 @@ const DeployNodeConfigForm1PanelSiteConfig = ({
const { t } = useTranslation();
const formSchema = z.object({
- websiteId: z.union([z.string(), z.number()]).refine((v) => {
- return /^\d+$/.test(v + "") && +v > 0;
- }, t("workflow_node.deploy.form.1panel_site_website_id.placeholder")),
+ resourceType: z.union([z.literal(RESOURCE_TYPE_WEBSITE), z.literal(RESOURCE_TYPE_CERTIFICATE)], {
+ message: t("workflow_node.deploy.form.1panel_site_resource_type.placeholder"),
+ }),
+ websiteId: z
+ .union([z.string(), z.number().int()])
+ .nullish()
+ .refine((v) => {
+ if (fieldResourceType !== RESOURCE_TYPE_WEBSITE) return true;
+ return /^\d+$/.test(v + "") && +v! > 0;
+ }, t("workflow_node.deploy.form.1panel_site_website_id.placeholder")),
+ certificateId: z
+ .union([z.string(), z.number().int()])
+ .nullish()
+ .refine((v) => {
+ if (fieldResourceType !== RESOURCE_TYPE_CERTIFICATE) return true;
+ return /^\d+$/.test(v + "") && +v! > 0;
+ }, t("workflow_node.deploy.form.1panel_site_certificate_id.placeholder")),
});
const formRule = createSchemaFieldRule(formSchema);
+ const fieldResourceType = Form.useWatch("resourceType", formInst);
+
const handleFormChange = (_: unknown, values: z.infer) => {
onValuesChange?.(values);
};
@@ -48,14 +73,38 @@ const DeployNodeConfigForm1PanelSiteConfig = ({
name={formName}
onValuesChange={handleFormChange}
>
- }
- >
-
+
+
+
+
+ }
+ >
+
+
+
+
+
+ }
+ >
+
+
+
);
};
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAliyunAPIGWConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunAPIGWConfig.tsx
new file mode 100644
index 00000000..430859a7
--- /dev/null
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormAliyunAPIGWConfig.tsx
@@ -0,0 +1,133 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input, Select } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import Show from "@/components/Show";
+import { validDomainName } from "@/utils/validators";
+
+type DeployNodeConfigFormAliyunAPIGWConfigFieldValues = Nullish<{
+ serviceType: string;
+ region: string;
+ gatewayId?: string;
+ groupId?: string;
+ domain?: string;
+}>;
+
+export type DeployNodeConfigFormAliyunAPIGWConfigProps = {
+ form: FormInstance;
+ formName: string;
+ disabled?: boolean;
+ initialValues?: DeployNodeConfigFormAliyunAPIGWConfigFieldValues;
+ onValuesChange?: (values: DeployNodeConfigFormAliyunAPIGWConfigFieldValues) => void;
+};
+
+const SERVICE_TYPE_CLOUDNATIVE = "cloudnative" as const;
+const SERVICE_TYPE_TRADITIONAL = "traditional" as const;
+
+const initFormModel = (): DeployNodeConfigFormAliyunAPIGWConfigFieldValues => {
+ return {};
+};
+
+const DeployNodeConfigFormAliyunAPIGWConfig = ({
+ form: formInst,
+ formName,
+ disabled,
+ initialValues,
+ onValuesChange,
+}: DeployNodeConfigFormAliyunAPIGWConfigProps) => {
+ const { t } = useTranslation();
+
+ const formSchema = z.object({
+ serviceType: z.union([z.literal(SERVICE_TYPE_CLOUDNATIVE), z.literal(SERVICE_TYPE_TRADITIONAL)], {
+ message: t("workflow_node.deploy.form.aliyun_apigw_service_type.placeholder"),
+ }),
+ region: z
+ .string({ message: t("workflow_node.deploy.form.aliyun_apigw_region.placeholder") })
+ .nonempty(t("workflow_node.deploy.form.aliyun_apigw_region.placeholder"))
+ .trim(),
+ gatewayId: z
+ .string()
+ .nullish()
+ .refine((v) => fieldServiceType !== SERVICE_TYPE_CLOUDNATIVE || !!v?.trim(), t("workflow_node.deploy.form.aliyun_apigw_gateway_id.placeholder")),
+ groupId: z
+ .string()
+ .nullish()
+ .refine((v) => fieldServiceType !== SERVICE_TYPE_TRADITIONAL || !!v?.trim(), t("workflow_node.deploy.form.aliyun_apigw_group_id.placeholder")),
+ domain: z
+ .string()
+ .nonempty(t("workflow_node.deploy.form.aliyun_apigw_domain.placeholder"))
+ .refine((v) => validDomainName(v!, { allowWildcard: true }), t("common.errmsg.domain_invalid")),
+ });
+ const formRule = createSchemaFieldRule(formSchema);
+
+ const fieldServiceType = Form.useWatch("serviceType", formInst);
+
+ const handleFormChange = (_: unknown, values: z.infer) => {
+ onValuesChange?.(values);
+ };
+
+ return (
+
+ );
+};
+
+export default DeployNodeConfigFormAliyunAPIGWConfig;
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx
index 91d48cdf..6826d277 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormAzureKeyVaultConfig.tsx
@@ -5,6 +5,7 @@ import { z } from "zod";
type DeployNodeConfigFormAzureKeyVaultConfigFieldValues = Nullish<{
keyvaultName: string;
+ certificateName?: string;
}>;
export type DeployNodeConfigFormAzureKeyVaultConfigProps = {
@@ -33,6 +34,13 @@ const DeployNodeConfigFormAzureKeyVaultConfig = ({
.string({ message: t("workflow_node.deploy.form.azure_keyvault_name.placeholder") })
.nonempty(t("workflow_node.deploy.form.azure_keyvault_name.placeholder"))
.trim(),
+ certificateName: z
+ .string({ message: t("workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder") })
+ .nullish()
+ .refine((v) =>{
+ if (!v) return true;
+ return /^[a-zA-Z0-9-]{1,127}$/.test(v);
+ }, t("workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid")),
});
const formRule = createSchemaFieldRule(formSchema);
@@ -57,6 +65,15 @@ const DeployNodeConfigFormAzureKeyVaultConfig = ({
>
+
+ }
+ >
+
+
);
};
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormBunnyCDNConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormBunnyCDNConfig.tsx
new file mode 100644
index 00000000..3b68f811
--- /dev/null
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormBunnyCDNConfig.tsx
@@ -0,0 +1,76 @@
+import { useTranslation } from "react-i18next";
+import { Form, type FormInstance, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+import { validDomainName } from "@/utils/validators";
+
+type DeployNodeConfigFormBunnyCDNConfigFieldValues = Nullish<{
+ pullZoneId: string | number;
+ hostName: string;
+}>;
+
+export type DeployNodeConfigFormBunnyCDNConfigProps = {
+ form: FormInstance;
+ formName: string;
+ disabled?: boolean;
+ initialValues?: DeployNodeConfigFormBunnyCDNConfigFieldValues;
+ onValuesChange?: (values: DeployNodeConfigFormBunnyCDNConfigFieldValues) => void;
+};
+
+const initFormModel = (): DeployNodeConfigFormBunnyCDNConfigFieldValues => {
+ return {};
+};
+
+const DeployNodeConfigFormBunnyCDNConfig = ({ form: formInst, formName, disabled, initialValues, onValuesChange }: DeployNodeConfigFormBunnyCDNConfigProps) => {
+ const { t } = useTranslation();
+
+ const formSchema = z.object({
+ pullZoneId: z
+ .union([z.string(), z.number().int()])
+ .refine((v) => {
+ return /^\d+$/.test(v + "") && +v! > 0;
+ }, t("workflow_node.deploy.form.bunny_cdn_pull_zone_id.placeholder")),
+ hostName: z
+ .string({ message: t("workflow_node.deploy.form.bunny_cdn_host_name.placeholder") })
+ .nonempty(t("workflow_node.deploy.form.bunny_cdn_host_name.placeholder"))
+ .refine((v) => {
+ return !v || validDomainName(v!, { allowWildcard: true });
+ }, t("common.errmsg.domain_invalid")),
+ });
+ const formRule = createSchemaFieldRule(formSchema);
+
+ const handleFormChange = (_: unknown, values: z.infer) => {
+ onValuesChange?.(values);
+ };
+
+ return (
+
+ );
+};
+
+export default DeployNodeConfigFormBunnyCDNConfig;
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx
index 4ce459ac..45662e75 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormCdnflyConfig.tsx
@@ -7,6 +7,7 @@ import Show from "@/components/Show";
type DeployNodeConfigFormCdnflyConfigFieldValues = Nullish<{
resourceType: string;
+ siteId?: string | number;
certificateId?: string | number;
}>;
@@ -34,10 +35,13 @@ const DeployNodeConfigFormCdnflyConfig = ({ form: formInst, formName, disabled,
resourceType: z.union([z.literal(RESOURCE_TYPE_SITE), z.literal(RESOURCE_TYPE_CERTIFICATE)], {
message: t("workflow_node.deploy.form.cdnfly_resource_type.placeholder"),
}),
- siteId: z.union([z.string(), z.number().int()]).refine((v) => {
- if (fieldResourceType !== RESOURCE_TYPE_SITE) return true;
- return /^\d+$/.test(v + "") && +v > 0;
- }, t("workflow_node.deploy.form.cdnfly_site_id.placeholder")),
+ siteId: z
+ .union([z.string(), z.number().int()])
+ .nullish()
+ .refine((v) => {
+ if (fieldResourceType !== RESOURCE_TYPE_SITE) return true;
+ return /^\d+$/.test(v + "") && +v! > 0;
+ }, t("workflow_node.deploy.form.cdnfly_site_id.placeholder")),
certificateId: z
.union([z.string(), z.number().int()])
.nullish()
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx
index cc8648c1..bf9386cc 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormLocalConfig.tsx
@@ -39,8 +39,8 @@ const SHELLENV_POWERSHELL = "powershell" as const;
const initFormModel = (): DeployNodeConfigFormLocalConfigFieldValues => {
return {
format: FORMAT_PEM,
- certPath: "/etc/ssl/certs/cert.crt",
- keyPath: "/etc/ssl/certs/cert.key",
+ certPath: "/etc/ssl/certimate/cert.crt",
+ keyPath: "/etc/ssl/certimate/cert.key",
shellEnv: SHELLENV_SH,
};
};
diff --git a/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx b/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
index 8d4619eb..5f13e29d 100644
--- a/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
+++ b/ui/src/components/workflow/node/DeployNodeConfigFormSSHConfig.tsx
@@ -35,8 +35,8 @@ const FORMAT_JKS = CERTIFICATE_FORMATS.JKS;
const initFormModel = (): DeployNodeConfigFormSSHConfigFieldValues => {
return {
format: FORMAT_PEM,
- certPath: "/etc/ssl/certs/cert.crt",
- keyPath: "/etc/ssl/certs/cert.key",
+ certPath: "/etc/ssl/certimate/cert.crt",
+ keyPath: "/etc/ssl/certimate/cert.key",
};
};
diff --git a/ui/src/domain/access.ts b/ui/src/domain/access.ts
index 3015e4d0..2b217e11 100644
--- a/ui/src/domain/access.ts
+++ b/ui/src/domain/access.ts
@@ -14,6 +14,7 @@ export interface AccessModel extends BaseModel {
| AccessConfigForBaiduCloud
| AccessConfigForBaishan
| AccessConfigForBaotaPanel
+ | AccessConfigForBunny
| AccessConfigForBytePlus
| AccessConfigForCacheFly
| AccessConfigForCdnfly
@@ -100,6 +101,10 @@ export type AccessConfigForBaotaPanel = {
allowInsecureConnections?: boolean;
};
+export type AccessConfigForBunny = {
+ apiKey: string;
+};
+
export type AccessConfigForBytePlus = {
accessKey: string;
secretKey: string;
@@ -272,6 +277,7 @@ export type AccessConfigForVolcEngine = {
export type AccessConfigForWangsu = {
accessKeyId: string;
accessKeySecret: string;
+ apiKey: string;
};
export type AccessConfigForWebhook = {
diff --git a/ui/src/domain/provider.ts b/ui/src/domain/provider.ts
index dbd81a0f..a91e34cf 100644
--- a/ui/src/domain/provider.ts
+++ b/ui/src/domain/provider.ts
@@ -12,6 +12,7 @@ export const ACCESS_PROVIDERS = Object.freeze({
BAIDUCLOUD: "baiducloud",
BAISHAN: "baishan",
BAOTAPANEL: "baotapanel",
+ BUNNY: "bunny",
BYTEPLUS: "byteplus",
BUYPASS: "buypass",
CACHEFLY: "cachefly",
@@ -94,6 +95,7 @@ export const accessProvidersMap: Maphttps://intl.cloud.baidu.com/doc/Reference/s/jjwvz2e3p-en",
+ "access.form.bunny_api_key.label": "Bunny API Key",
+ "access.form.bunny_api_key.placeholder": "Please enter Bunny API key",
+ "access.form.bunny_api_key.tooltip": "For more information, see https://docs.bunny.net/reference/bunnynet-api-overview",
"access.form.upyun_username.label": "UPYUN subaccount username",
"access.form.upyun_username.placeholder": "Please enter UPYUN subaccount username",
"access.form.upyun_username.tooltip": "For more information, see https://console.upyun.com/account/subaccount/",
@@ -304,6 +307,9 @@
"access.form.wangsu_access_key_secret.label": "Wangsu Cloud AccessKeySecret",
"access.form.wangsu_access_key_secret.placeholder": "Please enter Wangsu Cloud AccessKeySecret",
"access.form.wangsu_access_key_secret.tooltip": "For more information, see https://en.wangsu.com/document/account-manage/15775",
+ "access.form.wangsu_api_key.label": "Wangsu Cloud API key",
+ "access.form.wangsu_api_key.placeholder": "Please enter Wangsu Cloud API key",
+ "access.form.wangsu_api_key.tooltip": "For more information, see https://en.wangsu.com/document/account-manage/15776",
"access.form.webhook_url.label": "Webhook URL",
"access.form.webhook_url.placeholder": "Please enter Webhook URL",
"access.form.webhook_allow_insecure_conns.label": "Insecure SSL/TLS connections",
diff --git a/ui/src/i18n/locales/en/nls.provider.json b/ui/src/i18n/locales/en/nls.provider.json
index b4c866d9..1d4b9c2b 100644
--- a/ui/src/i18n/locales/en/nls.provider.json
+++ b/ui/src/i18n/locales/en/nls.provider.json
@@ -5,6 +5,7 @@
"provider.acmehttpreq": "Http Request (ACME Proxy)",
"provider.aliyun": "Alibaba Cloud",
"provider.aliyun.alb": "Alibaba Cloud - ALB (Application Load Balancer)",
+ "provider.aliyun.apigw": "Alibaba Cloud - API Gateway",
"provider.aliyun.cas_upload": "Alibaba Cloud - Upload to CAS (Certificate Management Service)",
"provider.aliyun.cas_deploy": "Alibaba Cloud - Deploy via CAS (Certificate Management Service)",
"provider.aliyun.cdn": "Alibaba Cloud - CDN (Content Delivery Network)",
@@ -38,6 +39,8 @@
"provider.baotapanel": "aaPanel (aka BaoTaPanel)",
"provider.baotapanel.console": "aaPanel (aka BaoTaPanel) - Console",
"provider.baotapanel.site": "aaPanel (aka BaoTaPanel) - Website",
+ "provider.bunny": "Bunny",
+ "provider.bunny.cdn": "Bunny - CDN (Content Delivery Network)",
"provider.byteplus": "BytePlus",
"provider.byteplus.cdn": "BytePlus - CDN (Content Delivery Network)",
"provider.buypass": "Buypass AS",
diff --git a/ui/src/i18n/locales/en/nls.workflow.nodes.json b/ui/src/i18n/locales/en/nls.workflow.nodes.json
index 4ac796b3..f322c3df 100644
--- a/ui/src/i18n/locales/en/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/en/nls.workflow.nodes.json
@@ -103,9 +103,16 @@
"workflow_node.deploy.form.certificate.tooltip": "The certificate to be deployed comes from the previous nodes of application or upload.",
"workflow_node.deploy.form.params_config.label": "Parameter settings",
"workflow_node.deploy.form.1panel_console_auto_restart.label": "Auto restart after deployment",
+ "workflow_node.deploy.form.1panel_site_resource_type.label": "Resource type",
+ "workflow_node.deploy.form.1panel_site_resource_type.placeholder": "Please select resource type",
+ "workflow_node.deploy.form.1panel_site_resource_type.option.website.label": "Website",
+ "workflow_node.deploy.form.1panel_site_resource_type.option.certificate.label": "Certificate",
"workflow_node.deploy.form.1panel_site_website_id.label": "1Panel website ID",
"workflow_node.deploy.form.1panel_site_website_id.placeholder": "Please enter 1Panel website ID",
"workflow_node.deploy.form.1panel_site_website_id.tooltip": "You can find it on 1Panel WebUI.",
+ "workflow_node.deploy.form.1panel_site_certificate_id.label": "1Panel certificate ID",
+ "workflow_node.deploy.form.1panel_site_certificate_id.placeholder": "Please enter 1Panel certificate ID",
+ "workflow_node.deploy.form.1panel_site_certificate_id.tooltip": "You can find it on 1Panel WebUI.",
"workflow_node.deploy.form.aliyun_alb_resource_type.label": "Resource type",
"workflow_node.deploy.form.aliyun_alb_resource_type.placeholder": "Please select resource type",
"workflow_node.deploy.form.aliyun_alb_resource_type.option.loadbalancer.label": "ALB load balancer",
@@ -122,6 +129,22 @@
"workflow_node.deploy.form.aliyun_alb_snidomain.label": "Alibaba Cloud ALB SNI domain (Optional)",
"workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "Please enter Alibaba Cloud ALB SNI domain name",
"workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "For more information, see https://slb.console.aliyun.com/alb",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.label": "Alibaba Cloud API gateway type",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.placeholder": "Please select Alibaba Cloud API gateway type",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.option.cloudnative.label": "Cloud-native API gateway",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.option.traditional.label": "Traditional API gateway",
+ "workflow_node.deploy.form.aliyun_apigw_region.label": "Alibaba Cloud API gateway region",
+ "workflow_node.deploy.form.aliyun_apigw_region.placeholder": "Please enter Alibaba Cloud API gateway region (e.g. cn-hangzhou)",
+ "workflow_node.deploy.form.aliyun_apigw_region.tooltip": "For more information, see https://www.alibabacloud.com/help/en/api-gateway/cloud-native-api-gateway/product-overview/regions",
+ "workflow_node.deploy.form.aliyun_apigw_gateway_id.label": "Alibaba Cloud API gateway ID",
+ "workflow_node.deploy.form.aliyun_apigw_gateway_id.placeholder": "Please enter Alibaba Cloud API gateway ID",
+ "workflow_node.deploy.form.aliyun_apigw_gateway_id.tooltip": "For more information, see https://apigw.console.aliyun.com",
+ "workflow_node.deploy.form.aliyun_apigw_group_id.label": "Alibaba Cloud API group ID",
+ "workflow_node.deploy.form.aliyun_apigw_group_id.placeholder": "Please enter Alibaba Cloud API group ID",
+ "workflow_node.deploy.form.aliyun_apigw_group_id.tooltip": "For more information, see https://apigateway.console.aliyun.com",
+ "workflow_node.deploy.form.aliyun_apigw_domain.label": "Alibaba Cloud API gateway domain",
+ "workflow_node.deploy.form.aliyun_apigw_domain.placeholder": "Please enter Alibaba Cloud API gateway domain",
+ "workflow_node.deploy.form.aliyun_apigw_domain.tooltip": "For more information, see https://apigw.console.aliyun.com or https://apigateway.console.aliyun.com",
"workflow_node.deploy.form.aliyun_cas_region.label": "Alibaba Cloud CAS region",
"workflow_node.deploy.form.aliyun_cas_region.placeholder": "Please enter Alibaba Cloud CAS region (e.g. cn-hangzhou)",
"workflow_node.deploy.form.aliyun_cas_region.tooltip": "For more information, see https://www.alibabacloud.com/help/en/ssl-certificate/developer-reference/endpoints",
@@ -234,6 +257,10 @@
"workflow_node.deploy.form.azure_keyvault_name.label": "Azure KeyVault name",
"workflow_node.deploy.form.azure_keyvault_name.placeholder": "Please enter Azure KeyVault name",
"workflow_node.deploy.form.azure_keyvault_name.tooltip": "For more information, see https://learn.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault certificate name (Optional)",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "Please enter Azure KeyVault certificate name",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "Leave it blank to use a default name generated by Certimate.",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid": "Certificate name can only contain letters, numbers, and hyphens (-), with a length limit of 1 to 127 characters",
"workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "Resource type",
"workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "Please select resource type",
"workflow_node.deploy.form.baiducloud_appblb_resource_type.option.loadbalancer.label": "BLB load balancer",
@@ -289,6 +316,12 @@
"workflow_node.deploy.form.baotapanel_site_names.tooltip": "Usually equal to the websites domain name.",
"workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.title": "Change aaPanel site names",
"workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.placeholder": "Please enter aaPanel site name",
+ "workflow_node.deploy.form.bunny_cdn_pull_zone_id.label": "Bunny CDN pull zone ID",
+ "workflow_node.deploy.form.bunny_cdn_pull_zone_id.placeholder": "Please enter Bunny CDN pull zone ID",
+ "workflow_node.deploy.form.bunny_cdn_pull_zone_id.tooltip": "What is this? See https://dash.bunny.net/cdn",
+ "workflow_node.deploy.form.bunny_cdn_host_name.label": "Bunny CDN hostname",
+ "workflow_node.deploy.form.bunny_cdn_host_name.placeholder": "Please enter Bunny CDN hostname",
+ "workflow_node.deploy.form.bunny_cdn_host_name.tooltip": "What is this? See https://dash.bunny.net/cdn",
"workflow_node.deploy.form.byteplus_cdn_domain.label": "BytePlus CDN domain",
"workflow_node.deploy.form.byteplus_cdn_domain.placeholder": "Please enter BytePlus CDN domain name",
"workflow_node.deploy.form.byteplus_cdn_domain.tooltip": "For more information, see https://console.byteplus.com/cdn",
diff --git a/ui/src/i18n/locales/zh/nls.access.json b/ui/src/i18n/locales/zh/nls.access.json
index bf068260..ce6ad588 100644
--- a/ui/src/i18n/locales/zh/nls.access.json
+++ b/ui/src/i18n/locales/zh/nls.access.json
@@ -97,6 +97,9 @@
"access.form.baotapanel_allow_insecure_conns.tooltip": "忽略 SSL/TLS 证书错误可能导致数据泄露或被篡改。建议仅在可信网络下启用。",
"access.form.baotapanel_allow_insecure_conns.switch.on": "允许",
"access.form.baotapanel_allow_insecure_conns.switch.off": "不允许",
+ "access.form.bunny_api_key.label": "Bunny API Key",
+ "access.form.bunny_api_key.placeholder": "请输入 Bunny API Key",
+ "access.form.bunny_api_key.tooltip": "这是什么?请参阅 https://docs.bunny.net/reference/bunnynet-api-overview",
"access.form.byteplus_access_key.label": "BytePlus AccessKey",
"access.form.byteplus_access_key.placeholder": "请输入 BytePlus AccessKey",
"access.form.byteplus_access_key.tooltip": "这是什么?请参阅 https://docs.byteplus.com/zh-CN/docs/byteplus-platform/docs-managing-keys",
@@ -299,11 +302,14 @@
"access.form.volcengine_secret_access_key.placeholder": "请输入火山引擎 SecretAccessKey",
"access.form.volcengine_secret_access_key.tooltip": "这是什么?请参阅 https://www.volcengine.com/docs/6291/216571",
"access.form.wangsu_access_key_id.label": "网宿云 AccessKeyId",
- "access.form.wangsu_access_key_id.placeholder": "请输入网宿科技 AccessKeyId",
+ "access.form.wangsu_access_key_id.placeholder": "请输入网宿云 AccessKeyId",
"access.form.wangsu_access_key_id.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15775",
- "access.form.wangsu_access_key_secret.label": "网宿科技 AccessKeySecret",
- "access.form.wangsu_access_key_secret.placeholder": "请输入网宿科技 AccessKeySecret",
+ "access.form.wangsu_access_key_secret.label": "网宿云 AccessKeySecret",
+ "access.form.wangsu_access_key_secret.placeholder": "请输入网宿云 AccessKeySecret",
"access.form.wangsu_access_key_secret.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15775",
+ "access.form.wangsu_api_key.label": "网宿云 API 接口密码",
+ "access.form.wangsu_api_key.placeholder": "请输入网宿云 API 接口密码",
+ "access.form.wangsu_api_key.tooltip": "这是什么?请参阅 https://www.wangsu.com/document/account-manage/15776",
"access.form.webhook_url.label": "Webhook 回调地址",
"access.form.webhook_url.placeholder": "请输入 Webhook 回调地址",
"access.form.webhook_allow_insecure_conns.label": "忽略 SSL/TLS 证书错误",
diff --git a/ui/src/i18n/locales/zh/nls.provider.json b/ui/src/i18n/locales/zh/nls.provider.json
index 216d3363..86fd3e5b 100644
--- a/ui/src/i18n/locales/zh/nls.provider.json
+++ b/ui/src/i18n/locales/zh/nls.provider.json
@@ -5,6 +5,7 @@
"provider.acmehttpreq": "Http Request (ACME Proxy)",
"provider.aliyun": "阿里云",
"provider.aliyun.alb": "阿里云 - 应用型负载均衡 ALB",
+ "provider.aliyun.apigw": "阿里云 - API 网关",
"provider.aliyun.cas_upload": "阿里云 - 上传到数字证书管理服务 CAS",
"provider.aliyun.cas_deploy": "阿里云 - 通过数字证书管理服务 CAS 创建部署任务",
"provider.aliyun.cdn": "阿里云 - 内容分发网络 CDN",
@@ -38,6 +39,8 @@
"provider.baotapanel": "宝塔面板",
"provider.baotapanel.console": "宝塔面板 - 面板",
"provider.baotapanel.site": "宝塔面板 - 网站",
+ "provider.bunny": "Bunny",
+ "provider.bunny.cdn": "Bunny - 内容分发网络 CDN",
"provider.byteplus": "BytePlus",
"provider.byteplus.cdn": "BytePlus - 内容分发网络 CDN",
"provider.buypass": "Buypass AS",
diff --git a/ui/src/i18n/locales/zh/nls.workflow.nodes.json b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
index 5fcb201d..d3b5b494 100644
--- a/ui/src/i18n/locales/zh/nls.workflow.nodes.json
+++ b/ui/src/i18n/locales/zh/nls.workflow.nodes.json
@@ -102,9 +102,16 @@
"workflow_node.deploy.form.certificate.tooltip": "待部署证书来自之前的申请或上传节点。如果选项为空请先确保前序节点配置正确。",
"workflow_node.deploy.form.params_config.label": "参数设置",
"workflow_node.deploy.form.1panel_console_auto_restart.label": "部署后自动重启面板服务",
+ "workflow_node.deploy.form.1panel_site_resource_type.label": "证书替换方式",
+ "workflow_node.deploy.form.1panel_site_resource_type.placeholder": "请选择证书替换方式",
+ "workflow_node.deploy.form.1panel_site_resource_type.option.website.label": "替换指定网站的证书",
+ "workflow_node.deploy.form.1panel_site_resource_type.option.certificate.label": "替换指定证书",
"workflow_node.deploy.form.1panel_site_website_id.label": "1Panel 网站 ID",
"workflow_node.deploy.form.1panel_site_website_id.placeholder": "请输入 1Panel 网站 ID",
"workflow_node.deploy.form.1panel_site_website_id.tooltip": "请在 1Panel 管理面板查看。",
+ "workflow_node.deploy.form.1panel_site_certificate_id.label": "1Panel 证书 ID",
+ "workflow_node.deploy.form.1panel_site_certificate_id.placeholder": "请输入 1Panel 证书 ID",
+ "workflow_node.deploy.form.1panel_site_certificate_id.tooltip": "请在 1Panel 管理面板查看。",
"workflow_node.deploy.form.aliyun_alb_resource_type.label": "证书替换方式",
"workflow_node.deploy.form.aliyun_alb_resource_type.placeholder": "请选择证书替换方式",
"workflow_node.deploy.form.aliyun_alb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/QUIC 监听的证书",
@@ -121,6 +128,22 @@
"workflow_node.deploy.form.aliyun_alb_snidomain.label": "阿里云 ALB 扩展域名(可选)",
"workflow_node.deploy.form.aliyun_alb_snidomain.placeholder": "请输入阿里云 ALB 扩展域名(支持泛域名)",
"workflow_node.deploy.form.aliyun_alb_snidomain.tooltip": "这是什么?请参阅 https://slb.console.aliyun.com/alb
不填写时,将替换监听器的默认证书;否则,将替换扩展域名证书。",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.label": "阿里云 API 网关服务类型",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.placeholder": "请选择阿里云 API 网关服务类型",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.option.cloudnative.label": "云原生 API 网关",
+ "workflow_node.deploy.form.aliyun_apigw_service_type.option.traditional.label": "原 API 网关",
+ "workflow_node.deploy.form.aliyun_apigw_region.label": "阿里云 API 网关服务地域",
+ "workflow_node.deploy.form.aliyun_apigw_region.placeholder": "请输入阿里云 API 网关地域(例如:cn-hangzhou)",
+ "workflow_node.deploy.form.aliyun_apigw_region.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/api-gateway/cloud-native-api-gateway/product-overview/regions",
+ "workflow_node.deploy.form.aliyun_apigw_gateway_id.label": "阿里云 API 网关 ID",
+ "workflow_node.deploy.form.aliyun_apigw_gateway_id.placeholder": "请输入阿里云 API 网关 ID",
+ "workflow_node.deploy.form.aliyun_apigw_gateway_id.tooltip": "这是什么?请参阅 https://apigw.console.aliyun.com",
+ "workflow_node.deploy.form.aliyun_apigw_group_id.label": "阿里云 API 分组 ID",
+ "workflow_node.deploy.form.aliyun_apigw_group_id.placeholder": "请输入阿里云 API 分组 ID",
+ "workflow_node.deploy.form.aliyun_apigw_group_id.tooltip": "这是什么?请参阅 https://apigateway.console.aliyun.com",
+ "workflow_node.deploy.form.aliyun_apigw_domain.label": "阿里云 API 网关自定义域名",
+ "workflow_node.deploy.form.aliyun_apigw_domain.placeholder": "请输入阿里云 API 网关自定义域名(支持泛域名)",
+ "workflow_node.deploy.form.aliyun_apigw_domain.tooltip": "这是什么?请参阅 https://apigw.console.aliyun.com 或 https://apigateway.console.aliyun.com",
"workflow_node.deploy.form.aliyun_cas_region.label": "阿里云 CAS 服务地域",
"workflow_node.deploy.form.aliyun_cas_region.placeholder": "请输入阿里云 CAS 服务地域(例如:cn-hangzhou)",
"workflow_node.deploy.form.aliyun_cas_region.tooltip": "这是什么?请参阅 https://help.aliyun.com/zh/ssl-certificate/developer-reference/endpoints",
@@ -233,6 +256,10 @@
"workflow_node.deploy.form.azure_keyvault_name.label": "Azure KeyVault 名称",
"workflow_node.deploy.form.azure_keyvault_name.placeholder": "请输入 Azure KeyVault 名称",
"workflow_node.deploy.form.azure_keyvault_name.tooltip": "这是什么?请参阅 https://learn.microsoft.com/zh-cn/azure/key-vault/general/about-keys-secrets-certificates",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.label": "Azure KeyVault 证书名称(可选)",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.placeholder": "请输入 Azure KeyVault 证书名称",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.tooltip": "不填写时,将由 Certimate 自动生成证书名称。",
+ "workflow_node.deploy.form.azure_keyvault_certificate_name.errmsg.invalid": "证书名称只能包含字母、数字和连字符(-),长度限制为 1 到 127 个字符",
"workflow_node.deploy.form.baiducloud_appblb_resource_type.label": "证书替换方式",
"workflow_node.deploy.form.baiducloud_appblb_resource_type.placeholder": "请选择证书替换方式",
"workflow_node.deploy.form.baiducloud_appblb_resource_type.option.loadbalancer.label": "替换指定负载均衡器下的全部 HTTPS/SSL 监听的证书",
@@ -288,6 +315,12 @@
"workflow_node.deploy.form.baotapanel_site_names.tooltip": "通常为网站域名。",
"workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.title": "修改宝塔面板网站名称",
"workflow_node.deploy.form.baotapanel_site_names.multiple_input_modal.placeholder": "请输入宝塔面板网站名称",
+ "workflow_node.deploy.form.bunny_cdn_pull_zone_id.label": "Bunny CDN 拉取区域 ID",
+ "workflow_node.deploy.form.bunny_cdn_pull_zone_id.placeholder": "请输入 Bunny CDN 拉取区域 ID",
+ "workflow_node.deploy.form.bunny_cdn_pull_zone_id.tooltip": "这是什么?请参阅 https://dash.bunny.net/cdn",
+ "workflow_node.deploy.form.bunny_cdn_host_name.label": "Bunny CDN 主机名",
+ "workflow_node.deploy.form.bunny_cdn_host_name.placeholder": "请输入 Bunny CDN 主机名",
+ "workflow_node.deploy.form.bunny_cdn_host_name.tooltip": "这是什么?请参阅 https://dash.bunny.net/cdn",
"workflow_node.deploy.form.byteplus_cdn_domain.label": "BytePlus CDN 域名",
"workflow_node.deploy.form.byteplus_cdn_domain.placeholder": "请输入 BytePlus CDN 域名(支持泛域名)",
"workflow_node.deploy.form.byteplus_cdn_domain.tooltip": "这是什么?请参阅 https://console.byteplus.com/cdn",