【新增】【部署】新增火山引擎CDN

backend/internal/cert/deploy/client/volcengine/volcengineCdn.go

@@ -0,0 +1,66 @@
+package deploy
+
+import (
+	"fmt"
+	"github.com/volcengine/volcengine-go-sdk/service/cdn"
+	"github.com/volcengine/volcengine-go-sdk/volcengine"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/credentials"
+	"github.com/volcengine/volcengine-go-sdk/volcengine/session"
+	"regexp"
+)
+
+type VolcEngineCdnClient struct {
+	*cdn.CDN
+}
+
+func ClientVolcEngineCdn(ak, sk, region string) (*VolcEngineCdnClient, error) {
+	config := volcengine.NewConfig().
+		WithRegion(region).
+		WithCredentials(credentials.NewStaticCredentials(ak, sk, ""))
+	sess, err := session.NewSession(config)
+	if err != nil {
+		return nil, fmt.Errorf("创建火山引擎CDN客户端失败: %w", err)
+	}
+	cdnClient := &VolcEngineCdnClient{
+		CDN: cdn.New(sess),
+	}
+	return cdnClient, nil
+}
+
+func (v *VolcEngineCdnClient) IUploadCert(certContent, certKey string) (string, error) {
+	// 创建证书上传请求
+	input := &cdn.AddCertificateInput{
+		Certificate: volcengine.String(certContent),
+		PrivateKey:  volcengine.String(certKey),
+		Repeatable:  volcengine.Bool(false),
+		Source:      volcengine.String("volc_cert_center"),
+	}
+	
+	output, err := v.AddCertificate(input)
+	if err != nil {
+		if output.Metadata.Error.Code == "InvalidParameter.Certificate.Duplicated" {
+			re := regexp.MustCompile(`cert-[a-f0-9]{32}`)
+			certId := re.FindString(output.Metadata.Error.Message)
+			fmt.Printf("相同证书已存在 certId:%s\n", certId)
+			return certId, nil
+		}
+		return "", fmt.Errorf("上传证书失败: %w", err)
+	}
+	return *output.CertId, nil
+}
+
+func (v *VolcEngineCdnClient) IBatchDeployCert(certId, domain string) error {
+	batchDeployCertInput := &cdn.BatchDeployCertInput{
+		CertId: volcengine.String(certId),
+		Domain: volcengine.String(domain),
+	}
+	
+	res, err := v.BatchDeployCert(batchDeployCertInput)
+	if err != nil {
+		return fmt.Errorf("部署证书失败: %w", err)
+	}
+	if *res.DeployResult[0].Status != "success" {
+		return fmt.Errorf("部署证书失败: %s", *res.DeployResult[0].ErrorMsg)
+	}
+	return err
+}

backend/internal/cert/deploy/volcengine.go

@@ -0,0 +1,75 @@
+package deploy
+
+import (
+	"ALLinSSL/backend/internal/access"
+	volccdn "ALLinSSL/backend/internal/cert/deploy/client/volcengine"
+	"encoding/json"
+	"fmt"
+	"strconv"
+)
+
+func DeployVolcEngineCdn(cfg map[string]any) error {
+	cert, ok := cfg["certificate"].(map[string]any)
+	if !ok {
+		return fmt.Errorf("证书不存在")
+	}
+	var providerID string
+	switch v := cfg["provider_id"].(type) {
+	case float64:
+		providerID = strconv.Itoa(int(v))
+	case string:
+		providerID = v
+	default:
+		return fmt.Errorf("参数错误：provider_id")
+	}
+	region, ok := cfg["region"].(string)
+	if !ok {
+		return fmt.Errorf("参数错误：region")
+	}
+	providerData, err := access.GetAccess(providerID)
+	if err != nil {
+		return err
+	}
+	providerConfigStr, ok := providerData["config"].(string)
+	if !ok {
+		return fmt.Errorf("api配置错误")
+	}
+	// 解析 JSON 配置
+	var providerConfig map[string]string
+	err = json.Unmarshal([]byte(providerConfigStr), &providerConfig)
+	if err != nil {
+		return err
+	}
+	
+	client, err := volccdn.ClientVolcEngineCdn(providerConfig["access_key"], providerConfig["secret_key"], region)
+	if err != nil {
+		return err
+	}
+	domain, ok := cfg["domain"].(string)
+	if !ok {
+		return fmt.Errorf("参数错误：domain")
+	}
+	// 设置证书
+	keyPem, ok := cert["key"].(string)
+	if !ok {
+		return fmt.Errorf("证书错误：key")
+	}
+	certPem, ok := cert["cert"].(string)
+	if !ok {
+		return fmt.Errorf("证书错误：cert")
+	}
+	
+	certId, err := client.IUploadCert(certPem, keyPem)
+	if err != nil {
+		return fmt.Errorf("上传证书失败: %w", err)
+	}
+	err = client.IBatchDeployCert(certId, domain)
+	if err != nil {
+		return fmt.Errorf("部署证书失败: %w", err)
+	}
+	
+	if err != nil {
+		return err
+	}
+	return nil
+}

go.mod

@@ -28,6 +28,7 @@ require (
 	github.com/qiniu/go-sdk/v7 v7.25.3
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1128
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.1124
+	github.com/volcengine/volcengine-go-sdk v1.1.11
 	golang.org/x/crypto v0.37.0
 	modernc.org/sqlite v1.37.0
 )
@@ -115,6 +116,7 @@ require (
 	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/ns1/ns1-go.v2 v2.13.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.62.1 // indirect
 	modernc.org/mathutil v1.7.1 // indirect

go.sum

@@ -677,8 +677,11 @@ github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
+github.com/volcengine/volc-sdk-golang v1.0.23/go.mod h1:AfG/PZRUkHJ9inETvbjNifTDgut25Wbkm2QoYBTbvyU=
 github.com/volcengine/volc-sdk-golang v1.0.199 h1:zv9QOqTl/IsLwtfC37GlJtcz6vMAHi+pjq8ILWjLYUc=
 github.com/volcengine/volc-sdk-golang v1.0.199/go.mod h1:stZX+EPgv1vF4nZwOlEe8iGcriUPRBKX8zA19gXycOQ=
+github.com/volcengine/volcengine-go-sdk v1.1.11 h1:TZk2klExlL1hrLp02whgKQ9UTsFjaI+srl3ItjG6ZSY=
+github.com/volcengine/volcengine-go-sdk v1.1.11/go.mod h1:EyKoi6t6eZxoPNGr2GdFCZti2Skd7MO3eUzx7TtSvNo=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
 github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=