Commit

2025-07-19 22:49:32 +08:00
commit c01fd9130d
30 changed files with 1332 additions and 0 deletions
--- a/internal/app/config/Config.go
+++ b/internal/app/config/Config.go
@ -0,0 +1,91 @@
+package config
+
+import (
+	"SafelineAPI/internal/app/logger"
+	"flag"
+	"github.com/go-jose/go-jose/v4/json"
+	"os"
+)
+
+type Config struct {
+	SafeLine  `json:"SafeLine"`
+	ApplyCert `json:"ApplyCert"`
+}
+
+func (config *Config) Read(path string) {
+	data, err := os.ReadFile(path)
+	if err != nil {
+		logger.Error.Printf("配置文件读取失败: %s%s%s", logger.Red, err, logger.Reset)
+		os.Exit(0)
+	}
+	err = json.Unmarshal(data, &config)
+	if err != nil {
+		logger.Error.Printf("配置文件读取失败: %s%s%s", logger.Red, err, logger.Reset)
+		os.Exit(0)
+	}
+	config.Verify()
+}
+func (config *Config) Write(path string) {
+	data, _ := json.MarshalIndent(config, "", "	")
+	_ = os.WriteFile(path, data, 0644)
+}
+
+func (config *Config) Command() {
+	var hostname, port, apiToken, save, email *string
+	var days *int
+	var DNSProvider *string
+
+	hostname = flag.String("h", "172.22.222.4", "-h <hostname>")
+	port = flag.String("p", "9443", "-p <port>")
+	apiToken = flag.String("t", "", "-t <apiToken>")
+	days = flag.Int("d", 30, "-t <days>")
+	save = flag.String("s", "/tmp/ssl", "-s <save file>")
+	email = flag.String("e", "", "-e <email>")
+	DNSProvider = flag.String("D", "", "-D <DNS Provider> (e.g., TencentCloud, AliCloud, HuaweiCloud, WestCN, RainYun)")
+	kvp := flag.String("kv", "", "-kv <key=value>,<key=value>...")
+	flag.Parse()
+
+	var KVP = make(KVPair)
+	if *kvp != "" {
+		KVP.Set(*kvp)
+	}
+
+	config.SafeLine = SafeLine{
+		Host: Host{
+			HostName: *hostname,
+			Port:     *port,
+		},
+		ApiToken: ApiToken(*apiToken),
+	}
+	config.ApplyCert = ApplyCert{
+		Days:     *days,
+		SavePath: *save,
+		Email:    *email,
+		DNSProviderConfig: DNSProviderConfig{
+			DNSProvider: *DNSProvider,
+			TencentCloud: TencentCloud{
+				SecretID:  KVP["SecretID"],
+				SecretKey: KVP["SecretKey"],
+			},
+			AliCloud: AliCloud{
+				AccessKeyId:     KVP["AccessKeyId"],
+				AccessKeySecret: KVP["AccessKeySecret"],
+				RAMRole:         KVP["RAMRole"],
+				STSToken:        KVP["STSToken"],
+			},
+			HuaweiCloud: HuaweiCloud{
+				AccessKeyId:     KVP["AccessKeyId"],
+				Region:          KVP["Region"],
+				SecretAccessKey: KVP["SecretAccessKey"],
+			},
+			WestCN: WestCN{
+				Username: KVP["Username"],
+				Password: KVP["Password"],
+			},
+			RainYun: RainYun{
+				ApiKey: KVP["ApiKey"],
+			},
+		},
+	}
+	config.VerifyCommand()
+}
--- a/internal/app/config/DNSProvider.go
+++ b/internal/app/config/DNSProvider.go
@ -0,0 +1,37 @@
+package config
+
+type DNSProviderConfig struct {
+	DNSProvider  string `json:"DNSProvider"`
+	TencentCloud `json:"TencentCloud,omitempty"`
+	AliCloud     `json:"AliCloud,omitempty"`
+	HuaweiCloud  `json:"HuaweiCloud,omitempty"`
+	WestCN       `json:"WestCN,omitempty"`
+	RainYun      `json:"RainYun,omitempty"`
+}
+
+type TencentCloud struct {
+	SecretID  string `json:"SecretId,omitempty"`
+	SecretKey string `json:"SecretKey,omitempty"`
+}
+
+type AliCloud struct {
+	AccessKeyId     string `json:"AccessKeyId,omitempty"`
+	AccessKeySecret string `json:"AccessKeySecret,omitempty"`
+	RAMRole         string `json:"RAMRole,omitempty"`
+	STSToken        string `json:"STSToken,omitempty"`
+}
+
+type HuaweiCloud struct {
+	AccessKeyId     string `json:"AccessKeyId,omitempty"`
+	Region          string `json:"Region,omitempty"`
+	SecretAccessKey string `json:"SecretAccessKey,omitempty"`
+}
+
+type WestCN struct {
+	Username string `json:"Username,omitempty"`
+	Password string `json:"Password,omitempty"`
+}
+
+type RainYun struct {
+	ApiKey string `json:"ApiKey,omitempty"`
+}
--- a/internal/app/config/DNSProviderMethod.go
+++ b/internal/app/config/DNSProviderMethod.go
@ -0,0 +1,52 @@
+package config
+
+import (
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/providers/dns/alidns"
+	"github.com/go-acme/lego/v4/providers/dns/huaweicloud"
+	"github.com/go-acme/lego/v4/providers/dns/rainyun"
+	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
+	"github.com/go-acme/lego/v4/providers/dns/westcn"
+)
+
+func (tencent TencentCloud) Provider() (challenge.Provider, error) {
+	cfg := tencentcloud.NewDefaultConfig()
+	cfg.SecretID = tencent.SecretID
+	cfg.SecretKey = tencent.SecretKey
+	p, err := tencentcloud.NewDNSProviderConfig(cfg)
+	return p, err
+}
+
+func (ali AliCloud) Provider() (challenge.Provider, error) {
+	cfg := alidns.NewDefaultConfig()
+	cfg.SecurityToken = ali.STSToken
+	cfg.SecretKey = ali.AccessKeySecret
+	cfg.RAMRole = ali.RAMRole
+	cfg.APIKey = ali.AccessKeyId
+	p, err := alidns.NewDNSProviderConfig(cfg)
+	return p, err
+}
+
+func (huawei HuaweiCloud) Provider() (challenge.Provider, error) {
+	cfg := huaweicloud.NewDefaultConfig()
+	cfg.Region = huawei.Region
+	cfg.AccessKeyID = huawei.AccessKeyId
+	cfg.SecretAccessKey = huawei.SecretAccessKey
+	p, err := huaweicloud.NewDNSProviderConfig(cfg)
+	return p, err
+}
+
+func (west WestCN) Provider() (challenge.Provider, error) {
+	cfg := westcn.NewDefaultConfig()
+	cfg.Username = west.Username
+	cfg.Password = west.Password
+	p, err := westcn.NewDNSProviderConfig(cfg)
+	return p, err
+}
+
+func (rain RainYun) Provider() (challenge.Provider, error) {
+	cfg := rainyun.NewDefaultConfig()
+	cfg.APIKey = rain.ApiKey
+	p, err := rainyun.NewDNSProviderConfig(cfg)
+	return p, err
+}
--- a/internal/app/config/applyCert.go
+++ b/internal/app/config/applyCert.go
@ -0,0 +1,70 @@
+package config
+
+import (
+	"SafelineAPI/internal/app/logger"
+	"log"
+)
+
+type ApplyCert struct {
+	Days              int    `json:"Days"`
+	Email             string `json:"Email"`
+	SavePath          string `json:"SavePath"`
+	DNSProviderConfig `json:"DNSProviderConfig"`
+}
+
+func (applyCert *ApplyCert) GetDays() int {
+	return applyCert.Days
+}
+
+func (applyCert *ApplyCert) GetEmail() string {
+	return applyCert.Email
+}
+
+func (applyCert *ApplyCert) Verify() bool {
+	var flag = false
+	if applyCert.Days == 0 {
+		applyCert.Days = 30
+	}
+
+	if applyCert.SavePath == "" {
+		applyCert.SavePath = "/tmp/ssl"
+	}
+
+	if applyCert.DNSProvider == "" {
+		logger.Warning.Printf("未设置 %sDNS服务提供商%s: 请检查配置文件中的 %sApplyCert.DNSProviderConfig.DNSProvider%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		flag = true
+	}
+	if applyCert.Email == "" {
+		logger.Warning.Printf("未设置 %s证书申请邮箱%s: 请检查配置文件中的 %sApplyCert.Email%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		flag = true
+	}
+	if !flag {
+		log.Printf("%sApplyCert%s 相关配置检验完成!", logger.Cyan, logger.Reset)
+	}
+	return flag
+}
+
+func (applyCert *ApplyCert) VerifyCommand() bool {
+	var flag = false
+	if applyCert.Days == 0 {
+		applyCert.Days = 30
+	}
+
+	if applyCert.SavePath == "" {
+		applyCert.SavePath = "/tmp/ssl"
+	}
+
+	if applyCert.DNSProvider == "" {
+		logger.Warning.Printf("未设置 %sDNS服务提供商%s: 请检查命令中的 %s-D%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		flag = true
+	}
+	if applyCert.Email == "" {
+		logger.Warning.Printf("未设置 %s证书申请邮箱%s: 请检查命令中的 %s-e%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		flag = true
+	}
+	if !flag {
+		log.Printf("%sApplyCert%s 相关配置检验完成!", logger.Cyan, logger.Reset)
+	}
+	return flag
+
+}
--- a/internal/app/config/default.go
+++ b/internal/app/config/default.go
@ -0,0 +1,44 @@
+package config
+
+func (config *Config) Default() {
+	a := Config{
+		SafeLine: SafeLine{
+			Host: Host{
+				HostName: "192.168.1.4",
+				Port:     "1443",
+			},
+			ApiToken: "xxx",
+		},
+		ApplyCert: ApplyCert{
+			Days:     30,
+			Email:    "xxx",
+			SavePath: "/tmp/ssl",
+			DNSProviderConfig: DNSProviderConfig{
+				DNSProvider: "xxx",
+				TencentCloud: TencentCloud{
+					SecretID:  "xxx",
+					SecretKey: "xxx",
+				},
+				AliCloud: AliCloud{
+					AccessKeyId:     "xxx",
+					AccessKeySecret: "xxx",
+					RAMRole:         "xxx(可选)",
+					STSToken:        "xxx(可选)",
+				},
+				HuaweiCloud: HuaweiCloud{
+					AccessKeyId:     "xxx",
+					Region:          "xxx",
+					SecretAccessKey: "xxx",
+				},
+				WestCN: WestCN{
+					Username: "xxx",
+					Password: "xxx",
+				},
+				RainYun: RainYun{
+					ApiKey: "xxx",
+				},
+			},
+		},
+	}
+	a.Write("./config.json")
+}
--- a/internal/app/config/host.go
+++ b/internal/app/config/host.go
@ -0,0 +1,46 @@
+package config
+
+import (
+	"SafelineAPI/internal/app/logger"
+	"SafelineAPI/internal/app/safeLineApi"
+	"fmt"
+	"net/url"
+)
+
+type Host struct {
+	HostName string `json:"HostName"`
+	Port     string `json:"Port"`
+}
+
+func (host Host) String() string {
+	if host.Port == "" {
+		return host.HostName
+	}
+	return host.HostName + ":" + host.Port
+}
+
+func (host Host) Verify() bool {
+	if host.HostName == "" {
+		logger.Warning.Printf("未设置 %s主机名称%s: 请检查配置文件中的 %sSafeLine.Host.HostName%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		return true
+	}
+	return false
+}
+
+func (host Host) VerifyCommand() bool {
+	if host.HostName == "" {
+		logger.Warning.Printf("未设置 %s主机名称%s: 请检查命令中的 %s-h%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		return true
+	}
+	return false
+}
+
+func (host Host) Url() *safeLineApi.URL {
+	var u *url.URL
+	if host.Port == "" {
+		u, _ = url.Parse(fmt.Sprintf("https://%s", host.HostName))
+	} else {
+		u, _ = url.Parse(fmt.Sprintf("https://%s:%s", host.HostName, host.Port))
+	}
+	return (*safeLineApi.URL)(u)
+}
--- a/internal/app/config/method.go
+++ b/internal/app/config/method.go
@ -0,0 +1,26 @@
+package config
+
+import (
+	"log"
+	"os"
+)
+
+func (config *Config) Verify() {
+	a := config.SafeLine.Verify()
+	b := config.ApplyCert.Verify()
+	if a || b {
+		log.Printf("配置检查完毕,请检查相关配置后重新运行！")
+		os.Exit(0)
+	}
+	log.Printf("配置检查完毕,即将开始更新证书！")
+}
+
+func (config *Config) VerifyCommand() {
+	a := config.SafeLine.VerifyCommand()
+	b := config.ApplyCert.VerifyCommand()
+	if a || b {
+		log.Printf("配置检查完毕,请检查相关配置后重新运行！")
+		os.Exit(0)
+	}
+	log.Printf("配置检查完毕,即将开始更新证书！")
+}
--- a/internal/app/config/other.go
+++ b/internal/app/config/other.go
@ -0,0 +1,15 @@
+package config
+
+import (
+	"strings"
+)
+
+type KVPair map[string]string
+
+func (kvp *KVPair) Set(str string) {
+	kvps := strings.Split(str, ",")
+	for _, i := range kvps {
+		kv := strings.SplitN(i, "=", 2)
+		(*kvp)[kv[0]] = kv[1]
+	}
+}
--- a/internal/app/config/safeline.go
+++ b/internal/app/config/safeline.go
@ -0,0 +1,100 @@
+package config
+
+import (
+	"SafelineAPI/internal/app/logger"
+	"SafelineAPI/pkg/utils"
+)
+
+type SafeLine struct {
+	Host     `json:"Host"`
+	ApiToken `json:"ApiToken"`
+}
+type ApiToken string
+
+func (apiToken ApiToken) GetApiToken() (string, string) {
+	return "X-SLCE-API-TOKEN", apiToken.String()
+}
+
+func (apiToken ApiToken) String() string {
+	return string(apiToken)
+}
+
+func (apiToken ApiToken) Verify() bool {
+	if apiToken.String() == "" {
+		logger.Warning.Printf("未设置 %sSafeLine API Token%s : 请检查配置文件中的 %sSafeLine.ApiToken%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		return true
+	}
+	return false
+}
+
+func (safeLine SafeLine) Verify() bool {
+	a := safeLine.ApiToken.Verify()
+	b := safeLine.Host.Verify()
+	if a || b {
+		return true
+	}
+
+	NoLoginAuthTokenResp, NoLoginStatusCode, NoLoginErr := utils.AuthSafeLine(*safeLine.Host.Url())
+	if NoLoginErr != nil {
+		logger.Error.Printf("请求服务端时发生错误: %s%s%s", logger.Red, NoLoginErr.Error(), logger.Reset)
+		return true
+	}
+	LoginAuthTokenResp, LoginStatusCode, LoginErr := utils.VerifyAuthToken(*safeLine.Host.Url(), safeLine.ApiToken.String())
+	if LoginErr != nil {
+		logger.Error.Printf("验证 %sSafeLine API Token%s 时发生错误: %s%s%s", logger.Cyan, logger.Reset, logger.Red, LoginErr.Error(), logger.Reset)
+		return true
+	}
+
+	if !(NoLoginAuthTokenResp.Err == "login-required" && NoLoginStatusCode == 401) {
+		logger.Warning.Printf("服务端接口 %s/open/auth/token%s 请求有误: 请检查配置文件中的 %sSafeLine.Host%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		return true
+	}
+
+	if LoginAuthTokenResp.Err == "login-required" && LoginStatusCode == 401 {
+		logger.Warning.Printf("%sSafeLine API Token%s 有误: 请检查后重试", logger.Cyan, logger.Reset)
+		return true
+	}
+
+	logger.Success.Printf("%sSafeLine%s 相关配置检验完成!", logger.Cyan, logger.Reset)
+	return false
+}
+
+func (apiToken ApiToken) VerifyCommand() bool {
+	if apiToken.String() == "" {
+		logger.Warning.Printf("未设置 %sSafeLine API Token%s : 请检查命令中的 %s-t%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		return true
+	}
+	return false
+}
+
+func (safeLine SafeLine) VerifyCommand() bool {
+	a := safeLine.ApiToken.VerifyCommand()
+	b := safeLine.Host.VerifyCommand()
+	if a || b {
+		return true
+	}
+
+	NoLoginAuthTokenResp, NoLoginStatusCode, NoLoginErr := utils.AuthSafeLine(*safeLine.Host.Url())
+	if NoLoginErr != nil {
+		logger.Error.Printf("请求服务端时发生错误: %s%s%s", logger.Red, NoLoginErr.Error(), logger.Reset)
+		return true
+	}
+	LoginAuthTokenResp, LoginStatusCode, LoginErr := utils.VerifyAuthToken(*safeLine.Host.Url(), safeLine.ApiToken.String())
+	if LoginErr != nil {
+		logger.Error.Printf("验证 %sSafeLine API Token%s 时发生错误: %s%s%s", logger.Cyan, logger.Reset, logger.Red, LoginErr.Error(), logger.Reset)
+		return true
+	}
+
+	if !(NoLoginAuthTokenResp.Err == "login-required" && NoLoginStatusCode == 401) {
+		logger.Warning.Printf("服务端接口 %s/open/auth/token%s 请求有误: 请检查命令中的 %s-h%s 参数", logger.Cyan, logger.Reset, logger.Yellow, logger.Reset)
+		return true
+	}
+
+	if LoginAuthTokenResp.Err == "login-required" && LoginStatusCode == 401 {
+		logger.Warning.Printf("%sSafeLine API Token%s 有误: 请检查后重试", logger.Cyan, logger.Reset)
+		return true
+	}
+
+	logger.Success.Printf("%sSafeLine%s 相关配置检验完成!", logger.Cyan, logger.Reset)
+	return false
+}