Commit

2025-07-19 22:49:32 +08:00
commit c01fd9130d
30 changed files with 1332 additions and 0 deletions
--- a/pkg/moudle/checkNodes.go
+++ b/pkg/moudle/checkNodes.go
@ -0,0 +1,18 @@
+package moudle
+
+import (
+	"SafelineAPI/internal/app/safeLineApi"
+	"time"
+)
+
+func CheckNodes(nodes safeLineApi.Nodes, n int) safeLineApi.Nodes {
+	var need safeLineApi.Nodes
+	date := time.Now()
+	for _, node := range nodes {
+		days := int(node.ValidBefore.Sub(date).Hours() / 24)
+		if days <= n {
+			need = append(need, node)
+		}
+	}
+	return need
+}
--- a/pkg/moudle/chooseDNSProvider.go
+++ b/pkg/moudle/chooseDNSProvider.go
@ -0,0 +1,22 @@
+package moudle
+
+import (
+	"SafelineAPI/internal/app/config"
+	"errors"
+	"github.com/go-acme/lego/v4/challenge"
+)
+
+func ChooseDNSProvider(config config.DNSProviderConfig) (challenge.Provider, error) {
+	if config.DNSProvider == "TencentCloud" {
+		return config.TencentCloud.Provider()
+	} else if config.DNSProvider == "AliCloud" {
+		return config.AliCloud.Provider()
+	} else if config.DNSProvider == "HuaweiCloud" {
+		return config.HuaweiCloud.Provider()
+	} else if config.DNSProvider == "WestCN" {
+		return config.WestCN.Provider()
+	} else if config.DNSProvider == "RainYun" {
+		return config.RainYun.Provider()
+	}
+	return nil, errors.New("未正确设置 DNS 服务提供商")
+}
--- a/pkg/services/ApplyCert.go
+++ b/pkg/services/ApplyCert.go
@ -0,0 +1,83 @@
+package services
+
+import (
+	"SafelineAPI/internal/app/logger"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/lego"
+	"github.com/go-acme/lego/v4/registration"
+	"os"
+	"path/filepath"
+)
+
+type MyUser struct {
+	Email        string
+	Registration *registration.Resource
+	key          crypto.PrivateKey
+}
+
+func (u *MyUser) GetEmail() string {
+	return u.Email
+}
+func (u *MyUser) GetRegistration() *registration.Resource {
+	return u.Registration
+}
+func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
+	return u.key
+}
+
+func ApplyCert(domains []string, email, dir string, provider challenge.Provider) bool {
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		logger.Error.Printf("申请 %s%s%s 证书时发生错误: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		return true
+	}
+	myUser := MyUser{
+		Email: email,
+		key:   privateKey,
+	}
+	config := lego.NewConfig(&myUser)
+	config.Certificate.KeyType = certcrypto.RSA2048
+	client, err := lego.NewClient(config)
+	if err != nil {
+		logger.Error.Printf("申请 %s%s%s 证书时发生错误: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		return true
+	}
+	err = client.Challenge.SetDNS01Provider(provider)
+	if err != nil {
+		logger.Error.Printf("申请 %s%s%s 证书时发生错误: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		return true
+	}
+
+	reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+	if err != nil {
+		logger.Error.Printf("申请 %s%s%s 证书时发生错误: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		return true
+	}
+	myUser.Registration = reg
+	request := certificate.ObtainRequest{
+		Domains: domains,
+		Bundle:  true,
+	}
+	certificates, err := client.Certificate.Obtain(request)
+	if err != nil {
+		logger.Error.Printf("申请 %s%s%s 证书时发生错误: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		return true
+	}
+	err = os.WriteFile(filepath.Join(dir, domains[0]+".crt"), certificates.Certificate, os.ModePerm)
+	if err != nil {
+		logger.Error.Printf("保存 %s%s%s 证书时发生错误: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		return true
+	}
+	err = os.WriteFile(filepath.Join(dir, domains[0]+".key"), certificates.PrivateKey, os.ModePerm)
+	if err != nil {
+		logger.Error.Printf("保存 %s%s%s 证书密钥时发生错误: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		return true
+	}
+	return false
+}
--- a/pkg/utils/AuthToken.go
+++ b/pkg/utils/AuthToken.go
@ -0,0 +1,35 @@
+package utils
+
+import (
+	"SafelineAPI/internal/app/safeLineApi"
+	"io"
+	"net/http"
+)
+
+func AuthSafeLine(url safeLineApi.URL) (safeLineApi.AuthTokenResp, int, error) {
+	resp, err := Request(safeLineApi.GetTOKEN, url.AuthTokenUrl(), nil, nil)
+	if err != nil {
+		return safeLineApi.AuthTokenResp{}, 0, err
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	var authTokenResp safeLineApi.AuthTokenResp
+	authTokenResp.Unmarshal(data)
+	return authTokenResp, resp.StatusCode, nil
+}
+
+func VerifyAuthToken(url safeLineApi.URL, token string) (safeLineApi.AuthTokenResp, int, error) {
+	header := http.Header{
+		"X-SLCE-API-TOKEN": []string{token},
+	}
+
+	resp, err := Request(safeLineApi.GetTOKEN, url.AuthTokenUrl(), nil, header)
+	if err != nil {
+		return safeLineApi.AuthTokenResp{}, 0, err
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	var authTokenResp safeLineApi.AuthTokenResp
+	authTokenResp.Unmarshal(data)
+	return authTokenResp, resp.StatusCode, nil
+}
--- a/pkg/utils/List.go
+++ b/pkg/utils/List.go
@ -0,0 +1,25 @@
+package utils
+
+import (
+	"SafelineAPI/internal/app/logger"
+	"SafelineAPI/internal/app/safeLineApi"
+	"io"
+	"net/http"
+	"os"
+)
+
+func GetList(url *safeLineApi.URL, token string) safeLineApi.Nodes {
+	header := http.Header{
+		"X-SLCE-API-TOKEN": []string{token},
+	}
+	resp, err := Request(LIST, url.SSLCertUrl(), nil, header)
+	if err != nil {
+		logger.Error.Printf("请求接口 %s/api/open/cert%s 时发生错误: %s%s%s", logger.Cyan, logger.Reset, logger.Red, err, logger.Reset)
+		os.Exit(0)
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	var listResp safeLineApi.ListResp
+	listResp.Unmarshal(data)
+	return listResp.Data.Nodes
+}
--- a/pkg/utils/Upsert.go
+++ b/pkg/utils/Upsert.go
@ -0,0 +1,25 @@
+package utils
+
+import (
+	"SafelineAPI/internal/app/logger"
+	"SafelineAPI/internal/app/safeLineApi"
+	"io"
+	"net/http"
+)
+
+func Upsert(url *safeLineApi.URL, token string, body io.Reader) safeLineApi.UpsertResp {
+	header := http.Header{
+		"X-SLCE-API-TOKEN": []string{token},
+		"Content-Type":     []string{"application/json"},
+	}
+	resp, err := Request(UPSERT, url.SSLCertUrl(), body, header)
+	if err != nil {
+		logger.Error.Printf("更新证书时发生错误: %s%s%s", logger.Red, err, logger.Reset)
+		return safeLineApi.UpsertResp{}
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	var upsertResp safeLineApi.UpsertResp
+	upsertResp.Unmarshal(data)
+	return upsertResp
+}
--- a/pkg/utils/const.go
+++ b/pkg/utils/const.go
@ -0,0 +1,8 @@
+package utils
+
+const (
+	LIST   = "GET"
+	UPSERT = "POST"
+	DETAIL = "GET"
+	DELETE = "DELETE"
+)
--- a/pkg/utils/request.go
+++ b/pkg/utils/request.go
@ -0,0 +1,22 @@
+package utils
+
+import (
+	"crypto/tls"
+	"io"
+	"net/http"
+)
+
+func Request(method, urlStr string, body io.Reader, header http.Header) (*http.Response, error) {
+	req, _ := http.NewRequest(method, urlStr, body)
+	req.Header = header
+	client := http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		},
+	}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	return resp, nil
+}