feat: 添加Qiniu CDN SSL证书部署功能

新增了Qiniu CDN的SSL证书部署功能，包括证书上传和域名绑定。同时添加了相应的单元测试以验证功能正确性。
2026-03-19 20:45:37 +08:00 · 2025-05-16 16:06:01 +08:00
parent 7fbd615b32
commit 9ac896116d
2 changed files with 126 additions and 0 deletions
--- a/backend/internal/cert/deploy/qiniu.go
+++ b/backend/internal/cert/deploy/qiniu.go
@@ -0,0 +1,106 @@
+package deploy
+
+import (
+	"ALLinSSL/backend/internal/access"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/qiniu/go-sdk/v7/auth"
+	"github.com/qiniu/go-sdk/v7/client"
+)
+
+// DeployQiniuCdn deploys an SSL certificate to a Qiniu CDN domain.
+// It takes a configuration map containing certificate data and domain information,
+// uploads the certificate to Qiniu's service, and then applies it to the specified domain.
+//
+// Parameters:
+//   - cfg: A map containing:
+//   - "certificate": Map with "key" (private key) and "cert" (certificate) strings
+//   - "domain": String representing the domain to apply the certificate to
+//   - "provider_id": The ID of the Qiniu provider (string or float64)
+//
+// Returns:
+//   - error: nil on success, or an error describing what went wrong
+func DeployQiniuCdn(cfg map[string]any) error {
+	_, ok := cfg["certificate"].(map[string]any)
+	if !ok {
+		return fmt.Errorf("证书不存在")
+	}
+	domain, ok := cfg["domain"].(string)
+	if !ok {
+		return fmt.Errorf("参数错误：domain")
+	}
+
+	certId, err := uploadQiniuCert(cfg)
+	if err != nil {
+		return err
+	}
+	path := fmt.Sprintf("domain/%v/sslize", domain)
+	m := map[string]any{
+		"certid": certId,
+	}
+	var response commonResponse
+	err = requestQiniu(cfg, path, m, "PUT", &response)
+	return err
+}
+
+type commonResponse struct {
+	Code  int    `json:"code"`
+	Error string `json:"error"`
+}
+
+type sslCertResponse struct {
+	CertID string `json:"certID"`
+}
+
+func uploadQiniuCert(cfg map[string]any) (string, error) {
+	cert, ok := cfg["certificate"].(map[string]any)
+	keyPem, ok := cert["key"].(string)
+	if !ok {
+		return "", fmt.Errorf("证书错误：key")
+	}
+	certPem, ok := cert["cert"].(string)
+	if !ok {
+		return "", fmt.Errorf("证书错误：cert")
+	}
+	m := map[string]any{
+		"pri": keyPem,
+		"ca":  certPem,
+	}
+	var response sslCertResponse
+	err := requestQiniu(cfg, "sslcert", m, "POST", &response)
+	return response.CertID, err
+}
+
+func requestQiniu(cfg map[string]any, path string, m map[string]any, method string, response any) (err error) {
+	var providerID string
+	switch v := cfg["provider_id"].(type) {
+	case float64:
+		providerID = strconv.Itoa(int(v))
+	case string:
+		providerID = v
+	default:
+		return fmt.Errorf("参数错误：provider_id")
+	}
+	providerData, err := access.GetAccess(providerID)
+	providerConfigStr, ok := providerData["config"].(string)
+	if !ok {
+		return fmt.Errorf("api配置错误")
+	}
+	// 解析 JSON 配置
+	var providerConfig map[string]string
+	err = json.Unmarshal([]byte(providerConfigStr), &providerConfig)
+	if err != nil {
+		return err
+	}
+
+	uri := fmt.Sprintf("https://api.qiniu.com/%v", path)
+	credentials := auth.New(providerConfig["access_key"], providerConfig["access_secret"])
+	header := http.Header{}
+	header.Add("Content-Type", "application/json")
+	err = client.DefaultClient.CredentialedCallWithJson(context.Background(), credentials, auth.TokenQBox, response, method, uri, header, m)
+	return err
+}