From cef8d7caa7744e24245d207ad29a61c9edda44da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=97=E5=AD=90?= Date: Sat, 31 Jan 2026 18:40:41 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E9=9D=A2=E6=9D=BFIP=E8=AF=81=E4=B9=A6?= =?UTF-8?q?=E7=BB=AD=E7=AD=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/data/cert.go | 10 +++++----- internal/data/setting.go | 8 ++++---- internal/data/website.go | 18 +++++++++--------- internal/job/cert_renew.go | 17 ++++++++++------- pkg/acme/acme.go | 2 +- pkg/cert/cert.go | 8 ++++---- 6 files changed, 33 insertions(+), 30 deletions(-) diff --git a/internal/data/cert.go b/internal/data/cert.go index 5a5d1692..c4cd11f9 100644 --- a/internal/data/cert.go +++ b/internal/data/cert.go @@ -65,7 +65,7 @@ func (r *certRepo) List(page, limit uint) ([]*types.CertList, int64, error) { CreatedAt: cert.CreatedAt, UpdatedAt: cert.UpdatedAt, } - if decode, err := pkgcert.ParseCert(cert.Cert); err == nil { + if decode, err := pkgcert.ParseCert([]byte(cert.Cert)); err == nil { item.NotBefore = decode.NotBefore item.NotAfter = decode.NotAfter item.Issuer = decode.Issuer.CommonName @@ -95,11 +95,11 @@ func (r *certRepo) GetByWebsite(WebsiteID uint) (*biz.Cert, error) { } func (r *certRepo) Upload(ctx context.Context, req *request.CertUpload) (*biz.Cert, error) { - info, err := pkgcert.ParseCert(req.Cert) + info, err := pkgcert.ParseCert([]byte(req.Cert)) if err != nil { return nil, errors.New(r.t.Get("failed to parse certificate: %v", err)) } - if _, err = pkgcert.ParseKey(req.Key); err != nil { + if _, err = pkgcert.ParseKey([]byte(req.Key)); err != nil { return nil, errors.New(r.t.Get("failed to parse private key: %v", err)) } @@ -145,7 +145,7 @@ func (r *certRepo) Create(ctx context.Context, req *request.CertCreate) (*biz.Ce } func (r *certRepo) Update(ctx context.Context, req *request.CertUpdate) error { - info, err := pkgcert.ParseCert(req.Cert) + info, err := pkgcert.ParseCert([]byte(req.Cert)) if err == nil && req.Type == "upload" { // 合并 DNSNames 和 IPAddresses req.Domains = info.DNSNames @@ -364,7 +364,7 @@ func (r *certRepo) RefreshRenewalInfo(id uint) (mholtacme.RenewalInfo, error) { return mholtacme.RenewalInfo{}, err } - crt, err := pkgcert.ParseCert(cert.Cert) + crt, err := pkgcert.ParseCert([]byte(cert.Cert)) if err != nil { return mholtacme.RenewalInfo{}, err } diff --git a/internal/data/setting.go b/internal/data/setting.go index 33101d6e..5beda768 100644 --- a/internal/data/setting.go +++ b/internal/data/setting.go @@ -284,10 +284,10 @@ func (r *settingRepo) UpdatePanel(ctx context.Context, req *request.SettingPanel } restartFlag = true } - if _, err := cert.ParseCert(req.Cert); err != nil { + if _, err := cert.ParseCert([]byte(req.Cert)); err != nil { return false, errors.New(r.t.Get("failed to parse certificate: %v", err)) } - if _, err := cert.ParseKey(req.Key); err != nil { + if _, err := cert.ParseKey([]byte(req.Key)); err != nil { return false, errors.New(r.t.Get("failed to parse private key: %v", err)) } if err := io.Write(filepath.Join(app.Root, "panel/storage/cert.pem"), req.Cert, 0600); err != nil { @@ -357,10 +357,10 @@ func (r *settingRepo) UpdateCert(req *request.SettingCert) error { if r.task.HasRunningTask() { return errors.New(r.t.Get("background task is running, modifying some settings is prohibited, please try again later")) } - if _, err := cert.ParseCert(req.Cert); err != nil { + if _, err := cert.ParseCert([]byte(req.Cert)); err != nil { return errors.New(r.t.Get("failed to parse certificate: %v", err)) } - if _, err := cert.ParseKey(req.Key); err != nil { + if _, err := cert.ParseKey([]byte(req.Key)); err != nil { return errors.New(r.t.Get("failed to parse private key: %v", err)) } diff --git a/internal/data/website.go b/internal/data/website.go index 72e04b80..9e0030fb 100644 --- a/internal/data/website.go +++ b/internal/data/website.go @@ -176,10 +176,10 @@ func (r *websiteRepo) Get(id uint) (*types.WebsiteSetting, error) { setting.SSLCiphers = sslConfig.Ciphers } // 证书 - crt, _ := io.Read(filepath.Join(app.Root, "sites", website.Name, "config", "fullchain.pem")) - setting.SSLCert = crt - key, _ := io.Read(filepath.Join(app.Root, "sites", website.Name, "config", "private.key")) - setting.SSLKey = key + crt, _ := os.ReadFile(filepath.Join(app.Root, "sites", website.Name, "config", "fullchain.pem")) + setting.SSLCert = string(crt) + key, _ := os.ReadFile(filepath.Join(app.Root, "sites", website.Name, "config", "private.key")) + setting.SSLKey = string(key) // 解析证书信息 if decode, err := cert.ParseCert(crt); err == nil { setting.SSLNotBefore = decode.NotBefore.Format(time.DateTime) @@ -259,7 +259,7 @@ func (r *websiteRepo) List(typ string, page, limit uint) ([]*biz.Website, int64, // 取证书剩余有效时间和PHP版本 for _, website := range websites { - crt, _ := io.Read(filepath.Join(app.Root, "sites", website.Name, "config", "fullchain.pem")) + crt, _ := os.ReadFile(filepath.Join(app.Root, "sites", website.Name, "config", "fullchain.pem")) if decode, err := cert.ParseCert(crt); err == nil { hours := time.Until(decode.NotAfter).Hours() website.CertExpire = fmt.Sprintf("%.2f", hours/24) @@ -605,10 +605,10 @@ func (r *websiteRepo) Update(ctx context.Context, req *request.WebsiteUpdate) er } website.SSL = req.SSL if req.SSL { - if _, err = cert.ParseCert(req.SSLCert); err != nil { + if _, err = cert.ParseCert([]byte(req.SSLCert)); err != nil { return errors.New(r.t.Get("failed to parse certificate: %v", err)) } - if _, err = cert.ParseKey(req.SSLKey); err != nil { + if _, err = cert.ParseKey([]byte(req.SSLKey)); err != nil { return errors.New(r.t.Get("failed to parse private key: %v", err)) } quic := false @@ -925,10 +925,10 @@ func (r *websiteRepo) UpdateCert(req *request.WebsiteUpdateCert) error { return err } - if _, err := cert.ParseCert(req.Cert); err != nil { + if _, err := cert.ParseCert([]byte(req.Cert)); err != nil { return errors.New(r.t.Get("failed to parse certificate: %v", err)) } - if _, err := cert.ParseKey(req.Key); err != nil { + if _, err := cert.ParseKey([]byte(req.Key)); err != nil { return errors.New(r.t.Get("failed to parse private key: %v", err)) } diff --git a/internal/job/cert_renew.go b/internal/job/cert_renew.go index bf68d898..eecf0fbe 100644 --- a/internal/job/cert_renew.go +++ b/internal/job/cert_renew.go @@ -3,6 +3,7 @@ package job import ( "encoding/json" "log/slog" + "os" "path/filepath" "time" @@ -74,14 +75,16 @@ func (r *CertRenew) Run() { // 面板证书续签 if r.conf.HTTP.ACME { - decode, err := pkgcert.ParseCert(filepath.Join(app.Root, "panel/storage/cert.pem")) - if err != nil { + crt, _ := os.ReadFile(filepath.Join(app.Root, "panel/storage/cert.pem")) + decode, err := pkgcert.ParseCert(crt) + if err == nil { + // 结束时间大于 2 天不续签 + if time.Until(decode.NotAfter) > 24*2*time.Hour { + return + } + } else { + // 解析失败则继续续签流程,可能是证书格式不对或者文件不存在 r.log.Warn("failed to parse panel certificate", slog.String("type", biz.OperationTypeCert), slog.Uint64("operator_id", 0), slog.Any("err", err)) - return - } - // 结束时间大于 2 天不续签 - if time.Until(decode.NotAfter) > 24*2*time.Hour { - return } ip, err := r.settingRepo.Get(biz.SettingKeyPublicIPs) diff --git a/pkg/acme/acme.go b/pkg/acme/acme.go index d3237cdd..948a6641 100644 --- a/pkg/acme/acme.go +++ b/pkg/acme/acme.go @@ -76,7 +76,7 @@ func NewPrivateKeyAccount(email string, privateKey string, CA string, eab *EAB, return nil, err } - key, err := cert.ParseKey(privateKey) + key, err := cert.ParseKey([]byte(privateKey)) if err != nil { return nil, err } diff --git a/pkg/cert/cert.go b/pkg/cert/cert.go index e3fee105..e2676f9b 100644 --- a/pkg/cert/cert.go +++ b/pkg/cert/cert.go @@ -18,8 +18,8 @@ import ( "time" ) -func ParseCert(crt string) (x509.Certificate, error) { - certBlock, _ := pem.Decode([]byte(crt)) +func ParseCert(crt []byte) (x509.Certificate, error) { + certBlock, _ := pem.Decode(crt) if certBlock == nil { return x509.Certificate{}, errors.New("invalid PEM block") } @@ -31,8 +31,8 @@ func ParseCert(crt string) (x509.Certificate, error) { return *cert, nil } -func ParseKey(key string) (crypto.Signer, error) { - keyBlockDER, _ := pem.Decode([]byte(key)) +func ParseKey(key []byte) (crypto.Signer, error) { + keyBlockDER, _ := pem.Decode(key) if keyBlockDER == nil { return nil, errors.New("invalid PEM block") }