fix(qiniu): 当在更新id时，已经存在绑定证书的情况下，无法正确更新新的证书ID

2025-06-19 14:09:07 +08:00 · 2025-06-19 14:09:07 +08:00 · e0702d739d
parent b10013892c
commit e0702d739d
2 changed files with 109 additions and 15 deletions
--- a/backend/internal/cert/deploy/qiniu.go
+++ b/backend/internal/cert/deploy/qiniu.go
@ -5,11 +5,10 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"net/http"
-	"strconv"
-
 	"github.com/qiniu/go-sdk/v7/auth"
 	"github.com/qiniu/go-sdk/v7/client"
+	"net/http"
+	"strconv"
 )

 type commonResponse struct {
@ -51,7 +50,6 @@ func requestQiniu(cfg map[string]any, path string, m map[string]any, method stri
 	return err
 }

-
 func DeployQiniuCdn(cfg map[string]any) error {
 	_, ok := cfg["certificate"].(map[string]any)
 	if !ok {
@ -75,6 +73,43 @@ func DeployQiniuCdn(cfg map[string]any) error {
 	return err
 }

+func updateQiniuDomainCert(cfg map[string]any) error {
+	_, ok := cfg["certificate"].(map[string]any)
+	if !ok {
+		return fmt.Errorf("证书不存在")
+	}
+
+	domain, ok := cfg["domain"].(string)
+	if !ok {
+		return fmt.Errorf("参数错误：domain")
+	}
+
+	forceHttps, ok := cfg["force_https"].(bool)
+	if !ok {
+		forceHttps = true
+	}
+
+	http2Enable, ok := cfg["http2_enable"].(bool)
+	if !ok {
+		http2Enable = true
+	}
+
+	certId, err := uploadQiniuCert(cfg)
+	if err != nil {
+		return err
+	}
+	m := map[string]any{
+		"certid":      certId,
+		"domain":      domain,
+		"forceHttps":  forceHttps,
+		"http2Enable": http2Enable,
+	}
+
+	var response commonResponse
+	err = requestQiniu(cfg, fmt.Sprintf("domain/%s/httpsconf", domain), m, "PUT", &response)
+	return err
+}
+
 func DeployQiniuOss(cfg map[string]any) error {
 	_, ok := cfg["certificate"].(map[string]any)
 	if !ok {
@ -85,16 +120,56 @@ func DeployQiniuOss(cfg map[string]any) error {
 		return fmt.Errorf("参数错误：domain")
 	}

+	// 判断域名是否已开启HTTPS
+	// {
+	//		"certId": <CertID>,
+	//		"forceHttps": <ForceHttps>,
+	//		"http2Enable": <Http2Enable>
+	//	}
+	var httpsConfig struct {
+		Https struct {
+			CertID      string `json:"certId"`
+			ForceHttps  bool   `json:"forceHttps"`
+			Http2Enable bool   `json:"http2Enable"`
+		} `json:"https"`
+	}
+	err := requestQiniu(cfg, fmt.Sprintf("domain/%s", domain), nil, "GET", &httpsConfig)
+	if err != nil {
+		return fmt.Errorf("获取域名HTTPS配置失败: %v", err)
+	}
+
 	certId, err := uploadQiniuCert(cfg)
 	if err != nil {
 		return err
 	}
-	m := map[string]any{
-		"certid": certId,
-		"domain": domain,
+
+	if httpsConfig.Https.CertID != "" {
+		// 如果已开启HTTPS，则调用updateQiniuDomainCert更新证书
+		cfg["cert_id"] = certId
+		cfg["force_https"] = httpsConfig.Https.ForceHttps
+		cfg["http2_enable"] = httpsConfig.Https.Http2Enable
+		err = updateQiniuDomainCert(cfg)
+		return err
+	} else {
+		// 如果未开启HTTPS，则使用POST请求绑定证书
+		m := map[string]any{
+			"certid": certId,
+			"domain": domain,
+		}
+		var response commonResponse
+		err = requestQiniu(cfg, "cert/bind", m, "POST", &response)
+		return err
 	}
+}
+
+func delQiniuCert(cfg map[string]any) error {
+	certId, ok := cfg["old_cert_id"].(string)
+	if !ok {
+		return fmt.Errorf("参数错误：cert_id")
+	}
+	m := map[string]any{}
 	var response commonResponse
-	err = requestQiniu(cfg, "cert/bind", m, "POST", &response)
+	err := requestQiniu(cfg, fmt.Sprintf("sslcert/%v", certId), m, "DELETE", &response)
 	return err
 }

--- a/backend/internal/cert/deploy/qiniu_test.go
+++ b/backend/internal/cert/deploy/qiniu_test.go