Merge pull request #485 from LystranG/feat-safaline-portal

feat: 雷池waf认证中心证书上传功能

backend/internal/cert/deploy/deploy.go

@@ -77,6 +77,9 @@ func Deploy(cfg map[string]any, logger *public.Logger) error {
 	case "safeline-panel":
 		logger.Debug("部署雷池WAF面板...")
 		return DeploySafeLineWaf(cfg)
+	case "safeline-portal":
+		logger.Debug("部署雷池WAF认证中心...")
+		return DeploySafeLineWafPortal(cfg, logger)
 	case "localhost":
 		logger.Debug("部署到本地...")
 		return DeployLocalhost(cfg)

backend/internal/cert/deploy/safelinewaf.go

@@ -79,8 +79,11 @@ func GetSafeLineWafSiteList(page int, pageSize int, siteName string, providerId
 	if err != nil {
 		return nil, err
 	}
-	res := response["data"].(map[string]any)
-	return res["data"].([]any), nil
+	data, ok := response["data"].(map[string]any)
+	if !ok {
+		return nil, fmt.Errorf("雷池WAF站点列表响应格式错误")
+	}
+	return data["data"].([]any), nil
 }
 
 func matchSafeLineSiteByColumn(siteList []any, column string, keyword string) (siteInfo map[string]any) {
@@ -93,6 +96,18 @@ func matchSafeLineSiteByColumn(siteList []any, column string, keyword string) (s
 	return siteInfo
 }
 
+func GetSafeLineWafPortalConfig(providerID string) (map[string]any, error) {
+	response, err := RequestSafeLineWaf(&map[string]any{}, "GET", providerID, "api/open/portal")
+	if err != nil {
+		return nil, err
+	}
+	data, ok := response["data"].(map[string]any)
+	if !ok {
+		return nil, fmt.Errorf("雷池WAF门户配置响应格式错误: data 字段不是对象")
+	}
+	return data, nil
+}
+
 // 上传证书 certId="" 新上传证书 否则覆盖证书
 func uploadSafeLineCert(certId float64, key, cert, providerId string) (id float64, err error) {
 	data := map[string]any{
@@ -206,6 +221,59 @@ func DeploySafeLineWafSite(cfg map[string]any, logger *public.Logger) error {
 	return nil
 }
 
+// DeploySafeLineWafPortal 部署证书到雷池WAF认证中心
+func DeploySafeLineWafPortal(cfg map[string]any, logger *public.Logger) error {
+	cert, ok := cfg["certificate"].(map[string]any)
+	if !ok {
+		return fmt.Errorf("证书不存在")
+	}
+	keyPem, ok := cert["key"].(string)
+	if !ok {
+		return fmt.Errorf("证书错误：key")
+	}
+	certPem, ok := cert["cert"].(string)
+	if !ok {
+		return fmt.Errorf("证书错误：cert")
+	}
+	var providerID string
+	switch v := cfg["provider_id"].(type) {
+	case float64:
+		providerID = strconv.Itoa(int(v))
+	case string:
+		providerID = v
+	default:
+		return fmt.Errorf("参数错误：provider_id")
+	}
+
+	portalCfg, err := GetSafeLineWafPortalConfig(providerID)
+	if err != nil {
+		return fmt.Errorf("获取认证中心配置失败: %s", err.Error())
+	}
+
+	var portalCertId float64
+	if v, ok := portalCfg["cert_id"].(float64); ok {
+		portalCertId = v
+	}
+
+	// 上传/更新证书
+	if portalCertId == 0 {
+		logger.Debug("认证中心未启用证书，上传证书中...")
+		certId, err := uploadSafeLineCert(0, keyPem, certPem, providerID)
+		if err != nil {
+			return fmt.Errorf("认证中心上传证书失败: %s", err.Error())
+		}
+		logger.Debug(fmt.Sprintf("认证中心上传证书成功 证书ID：%d 请手动添加至认证中心", int(certId)))
+	} else {
+		logger.Debug(fmt.Sprintf("认证中心已启用证书ID：%d，更新证书中...", int(portalCertId)))
+		_, err = uploadSafeLineCert(portalCertId, keyPem, certPem, providerID)
+		if err != nil {
+			return fmt.Errorf("认证中心更新证书失败: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
 func SafeLineAPITest(providerID string) error {
 	_, err := RequestSafeLineWaf(&map[string]any{}, "GET", providerID, "api/open/site/group")
 	if err != nil {

backend/internal/cert/deploy/safelinewaf_test.go

@@ -46,6 +46,15 @@ func TestGetSafeLineWAFSiteList(t *testing.T) {
 	fmt.Println(siteId)
 }
 
+func TestSafeLineWAFPortalGet(t *testing.T) {
+	res, err := GetSafeLineWafPortalConfig("1")
+	if err != nil {
+		t.Fatalf(err.Error())
+		return
+	}
+	fmt.Println(res)
+}
+
 func TestSafeLineAPITest(t *testing.T) {
 	result := SafeLineAPITest("5")
 	if result != nil {
@@ -53,4 +62,4 @@ func TestSafeLineAPITest(t *testing.T) {
 	} else {
 		t.Log("SafeLineAPITest success")
 	}
-}
+}