feat: 手动签发证书

2026-02-04 11:27:17 +08:00 · 2024-10-27 03:17:21 +08:00
parent 56ae7ebfa0
commit f40ad8bdf9
7 changed files with 182 additions and 126 deletions
--- a/internal/data/cert.go
+++ b/internal/data/cert.go
@@ -108,10 +108,7 @@ func (r *certRepo) Create(req *request.CertCreate) (*biz.Cert, error) {

 func (r *certRepo) Update(req *request.CertUpdate) error {
 	info, err := pkgcert.ParseCert(req.Cert)
-	if err != nil {
-		return err
-	}
-	if req.Type == "upload" {
+	if err == nil && req.Type == "upload" {
 		req.Domains = info.DNSNames
 	}

@@ -147,11 +144,11 @@ func (r *certRepo) ObtainAuto(id uint) (*acme.Certificate, error) {
 		client.UseDns(acme.DnsType(cert.DNS.Type), cert.DNS.Data)
 	} else {
 		if cert.Website == nil {
-			return nil, errors.New("该证书没有关联网站，无法自动签发")
+			return nil, errors.New("this certificate is not associated with a website and cannot be signed. You can try to sign it manually")
 		} else {
 			for _, domain := range cert.Domains {
 				if strings.Contains(domain, "*") {
-					return nil, errors.New("通配符域名无法使用 HTTP 验证")
+					return nil, errors.New("wildcard domains cannot use HTTP verification")
 				}
 			}
 			conf := fmt.Sprintf("%s/server/vhost/acme/%s.conf", app.Root, cert.Website.Name)
@@ -185,7 +182,7 @@ func (r *certRepo) ObtainManual(id uint) (*acme.Certificate, error) {
 	}

 	if r.client == nil {
-		return nil, errors.New("请重新获取 DNS 解析记录")
+		return nil, errors.New("please retry the manual obtain operation")
 	}

 	ssl, err := r.client.ObtainCertificateManual()
@@ -219,18 +216,18 @@ func (r *certRepo) Renew(id uint) (*acme.Certificate, error) {
 	}

 	if cert.CertURL == "" {
-		return nil, errors.New("该证书没有签发成功，无法续签")
+		return nil, errors.New("this certificate has not been signed successfully and cannot be renewed")
 	}

 	if cert.DNS != nil {
 		client.UseDns(acme.DnsType(cert.DNS.Type), cert.DNS.Data)
 	} else {
 		if cert.Website == nil {
-			return nil, errors.New("该证书没有关联网站，无法续签，可以尝试手动签发")
+			return nil, errors.New("this certificate is not associated with a website and cannot be signed. You can try to sign it manually")
 		} else {
 			for _, domain := range cert.Domains {
 				if strings.Contains(domain, "*") {
-					return nil, errors.New("通配符域名无法使用 HTTP 验证")
+					return nil, errors.New("wildcard domains cannot use HTTP verification")
 				}
 			}
 			conf := fmt.Sprintf("%s/server/vhost/acme/%s.conf", app.Root, cert.Website.Name)
@@ -290,7 +287,7 @@ func (r *certRepo) Deploy(ID, WebsiteID uint) error {
 	}

 	if cert.Cert == "" || cert.Key == "" {
-		return errors.New("该证书没有签发成功，无法部署")
+		return errors.New("this certificate has not been signed successfully and cannot be deployed")
 	}

 	website, err := NewWebsiteRepo().Get(WebsiteID)
@@ -314,7 +311,7 @@ func (r *certRepo) Deploy(ID, WebsiteID uint) error {

 func (r *certRepo) getClient(cert *biz.Cert) (*acme.Client, error) {
 	if cert.Account == nil {
-		return nil, errors.New("该证书没有关联账号，无法签发")
+		return nil, errors.New("this certificate is not associated with an ACME account and cannot be signed")
 	}

 	var ca string
--- a/internal/http/request/cert.go
+++ b/internal/http/request/cert.go
@@ -18,8 +18,8 @@ type CertUpdate struct {
 	ID        uint     `form:"id" json:"id" validate:"required,exists=certs id"`
 	Type      string   `form:"type" json:"type" validate:"required,oneof=upload P256 P384 2048 3072 4096"`
 	Domains   []string `form:"domains" json:"domains" validate:"min=1,dive,required"`
-	Cert      string   `form:"cert" json:"cert" validate:"required"`
-	Key       string   `form:"key" json:"key" validate:"required"`
+	Cert      string   `form:"cert" json:"cert"`
+	Key       string   `form:"key" json:"key"`
 	AutoRenew bool     `form:"auto_renew" json:"auto_renew"`
 	AccountID uint     `form:"account_id" json:"account_id"`
 	DNSID     uint     `form:"dns_id" json:"dns_id"`
--- a/internal/route/http.go
+++ b/internal/route/http.go
@@ -86,7 +86,8 @@ func Http(r chi.Router) {
 				r.Put("/{id}", cert.Update)
 				r.Get("/{id}", cert.Get)
 				r.Delete("/{id}", cert.Delete)
-				r.Post("/{id}/obtain", cert.Obtain)
+				r.Post("/{id}/obtainAuto", cert.ObtainAuto)
+				r.Post("/{id}/obtainManual", cert.ObtainManual)
 				r.Post("/{id}/renew", cert.Renew)
 				r.Post("/{id}/manualDNS", cert.ManualDNS)
 				r.Post("/{id}/deploy", cert.Deploy)
--- a/internal/service/cert.go
+++ b/internal/service/cert.go
@@ -194,26 +194,29 @@ func (s *CertService) Delete(w http.ResponseWriter, r *http.Request) {
 	Success(w, nil)
 }

-func (s *CertService) Obtain(w http.ResponseWriter, r *http.Request) {
+func (s *CertService) ObtainAuto(w http.ResponseWriter, r *http.Request) {
 	req, err := Bind[request.ID](r)
 	if err != nil {
 		Error(w, http.StatusUnprocessableEntity, "%v", err)
 		return
 	}

-	cert, err := s.certRepo.Get(req.ID)
-	if err != nil {
+	if _, err = s.certRepo.ObtainAuto(req.ID); err != nil {
 		Error(w, http.StatusInternalServerError, "%v", err)
 		return
 	}

-	if cert.DNS != nil || cert.Website != nil {
-		_, err = s.certRepo.ObtainAuto(req.ID)
-	} else {
-		_, err = s.certRepo.ObtainManual(req.ID)
+	Success(w, nil)
+}
+
+func (s *CertService) ObtainManual(w http.ResponseWriter, r *http.Request) {
+	req, err := Bind[request.ID](r)
+	if err != nil {
+		Error(w, http.StatusUnprocessableEntity, "%v", err)
+		return
 	}

-	if err != nil {
+	if _, err = s.certRepo.ObtainManual(req.ID); err != nil {
 		Error(w, http.StatusInternalServerError, "%v", err)
 		return
 	}