【新增】【申请】dns验证可挂http代理

2025-05-30 10:13:09 +08:00 · 2025-05-30 10:13:09 +08:00 · 6529eee2d7
parent dadc15d314
commit 6529eee2d7
1 changed files with 21 additions and 18 deletions
--- a/backend/internal/cert/apply/apply.go
+++ b/backend/internal/cert/apply/apply.go
@ -63,7 +63,7 @@ func GetSqlite() (*public.Sqlite, error) {
 	return s, nil
 }
-func GetDNSProvider(providerName string, creds map[string]string) (challenge.Provider, error) {
+func GetDNSProvider(providerName string, creds map[string]string, httpClient *http.Client) (challenge.Provider, error) {
 	switch providerName {
 	case "tencentcloud":
 		config := tencentcloud.NewDefaultConfig()
@ -106,6 +106,9 @@ func GetDNSProvider(providerName string, creds map[string]string) (challenge.Pro
 		config := godaddy.NewDefaultConfig()
 		config.APIKey = creds["api_key"]
 		config.APISecret = creds["api_secret"]
 		if httpClient != nil {
 			config.HTTPClient = httpClient
 		}
 		return godaddy.NewDNSProviderConfig(config)
 	case "namecheap":
 		config := namecheap.NewDefaultConfig()
@ -148,7 +151,7 @@ func GetDNSProvider(providerName string, creds map[string]string) (challenge.Pro
 	}
 }
-func GetAcmeClient(db *public.Sqlite, email, algorithm, proxy, eabId string, logger *public.Logger) (*lego.Client, error) {
+func GetAcmeClient(db *public.Sqlite, email, algorithm, eabId string, httpClient *http.Client, logger *public.Logger) (*lego.Client, error) {
 	var (
 		ca      string
 		eabData map[string]any
@ -194,18 +197,7 @@ func GetAcmeClient(db *public.Sqlite, email, algorithm, proxy, eabId string, log
 	config := lego.NewConfig(user)
 	config.Certificate.KeyType = AlgorithmMap[algorithm]
 	config.CADirURL = CADirURLMap[ca]
-	if proxy != "" {
+	if httpClient != nil {
 		// 构建代理 HTTP 客户端
 		proxyURL, err := url.Parse(proxy) // 替换为你的代理地址
 		if err != nil {
 			return nil, fmt.Errorf("无效的代理地址: %v", err)
 		}
 		httpClient := &http.Client{
 			Transport: &http.Transport{
 				Proxy: http.ProxyURL(proxyURL),
 			},
 			Timeout: 30 * time.Second,
 		}
 		config.HTTPClient = httpClient
 	}
 	client, err := lego.NewClient(config)
@ -341,9 +333,20 @@ func Apply(cfg map[string]any, logger *public.Logger) (map[string]any, error) {
 	if !ok {
 		algorithm = "RSA2048"
 	}
 	var httpClient *http.Client
 	proxy, ok := cfg["proxy"].(string)
-	if !ok {
+	if ok {
-		proxy = ""
+		// 构建代理 HTTP 客户端
 		proxyURL, err := url.Parse(proxy) // 替换为你的代理地址
 		if err != nil {
 			return nil, fmt.Errorf("无效的代理地址: %v", err)
 		}
 		httpClient = &http.Client{
 			Transport: &http.Transport{
 				Proxy: http.ProxyURL(proxyURL),
 			},
 			Timeout: 30 * time.Second,
 		}
 	}
 	var eabId string
 	switch v := cfg["eabId"].(type) {
@ -434,7 +437,7 @@ func Apply(cfg map[string]any, logger *public.Logger) (map[string]any, error) {
 	}
 	logger.Debug("正在申请证书，域名: " + domains)
 	// 创建 ACME 客户端
-	client, err := GetAcmeClient(db, email, algorithm, proxy, eabId, logger)
+	client, err := GetAcmeClient(db, email, algorithm, eabId, httpClient, logger)
 	if err != nil {
 		return nil, err
 	}
@ -455,7 +458,7 @@ func Apply(cfg map[string]any, logger *public.Logger) (map[string]any, error) {
 	}
 	// DNS 验证
-	provider, err := GetDNSProvider(providerStr, providerConfig)
+	provider, err := GetDNSProvider(providerStr, providerConfig, httpClient)
 	if err != nil {
 		return nil, fmt.Errorf("创建 DNS provider 失败: %v", err)
 	}