From 54118e0095833e58df981eefb7838c202c2fdac7 Mon Sep 17 00:00:00 2001
From: zhangchenhao <zch@bt.cn>
Date: Wed, 4 Jun 2025 10:29:07 +0800
Subject: [PATCH] =?UTF-8?q?=E7=94=B3=E8=AF=B7=E8=AF=81=E4=B9=A6=E5=8F=AF?=
 =?UTF-8?q?=E5=85=B3=E9=97=ADcname=E8=B7=9F=E9=9A=8F=20=E6=9B=B4=E6=96=B0?=
 =?UTF-8?q?=E5=8F=AF=E4=BD=BF=E7=94=A8=E6=B5=B7=E5=A4=96=E8=8A=82=E7=82=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/internal/cert/apply/apply.go | 38 ++++++++++++++++++++++++----
 backend/public/sqlite.go             |  6 +++++
 script/allinssl.sh                   | 19 ++++++++------
 3 files changed, 50 insertions(+), 13 deletions(-)

diff --git a/backend/internal/cert/apply/apply.go b/backend/internal/cert/apply/apply.go
index 23fefb4..74ffe8d 100644
--- a/backend/internal/cert/apply/apply.go
+++ b/backend/internal/cert/apply/apply.go
@@ -31,6 +31,7 @@ import (
 	"github.com/go-acme/lego/v4/registration"
 	"net/http"
 	"net/url"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -387,11 +388,7 @@ func Apply(cfg map[string]any, logger *public.Logger) (map[string]any, error) {
 	var skipCheck bool
 	if cfg["skip_check"] == nil {
 		// 默认跳过预检查
-		skipCheck = true
-		// cf 默认不跳过预检查
-		if providerStr == "cloudflare" {
-			skipCheck = false
-		}
+		skipCheck = false
 	} else {
 		switch v := cfg["skip_check"].(type) {
 		case int:
@@ -418,6 +415,36 @@ func Apply(cfg map[string]any, logger *public.Logger) (map[string]any, error) {
 			return nil, fmt.Errorf("参数错误：skip_check")
 		}
 	}
+	var closeCname bool
+	if cfg["close_cname"] == nil {
+		// 默认开启CNAME跟随
+		closeCname = false
+	} else {
+		switch v := cfg["close_cname"].(type) {
+		case int:
+			if v > 0 {
+				closeCname = true
+			} else {
+				closeCname = false
+			}
+		case float64:
+			if v > 0 {
+				closeCname = true
+			} else {
+				closeCname = false
+			}
+		case string:
+			if v == "true" || v == "1" {
+				closeCname = true
+			} else {
+				closeCname = false
+			}
+		case bool:
+			closeCname = v
+		default:
+			return nil, fmt.Errorf("参数错误：close_cname")
+		}
+	}
 
 	domainArr := strings.Split(domains, ",")
 	for i := range domainArr {
@@ -436,6 +463,7 @@ func Apply(cfg map[string]any, logger *public.Logger) (map[string]any, error) {
 		return certData, nil
 	}
 	logger.Debug("正在申请证书，域名: " + domains)
+	os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", strconv.FormatBool(closeCname))
 	// 创建 ACME 客户端
 	client, err := GetAcmeClient(db, email, algorithm, eabId, httpClient, logger)
 	if err != nil {
diff --git a/backend/public/sqlite.go b/backend/public/sqlite.go
index c4a121b..d130753 100644
--- a/backend/public/sqlite.go
+++ b/backend/public/sqlite.go
@@ -58,6 +58,11 @@ func NewSqlite(DbFile string, PreFix string) (*Sqlite, error) {
 	if err != nil {
 		return nil, err
 	}
+	_, err = s.Conn.Exec("PRAGMA busy_timeout = 5000;")
+	if err != nil {
+		s.Close()
+		return nil, fmt.Errorf("设置PRAGMA busy_timeout失败: %w", err)
+	}
 
 	return &s, nil
 }
@@ -79,6 +84,7 @@ func (s *Sqlite) Connect() error {
 	if err == nil {
 		s.Conn = conn
 		s.closed = false
+
 	}
 	return err
 }
diff --git a/script/allinssl.sh b/script/allinssl.sh
index 4d8f25c..d194d77 100644
--- a/script/allinssl.sh
+++ b/script/allinssl.sh
@@ -36,7 +36,7 @@ if [ $# -eq 0 ]; then
   echo "13: 重启后台自动调度"
   echo "14: 关闭https"
   echo "15: 获取面板地址"
-  echo "16: 更新ALLinSSL到最新版本（文件覆盖安装）"
+  echo "16: 修复/更新ALLinSSL到最新版本（文件覆盖安装）"
   echo "17: 卸载ALLinSSL"
   echo "========================================"
   read -p "请输入操作编号 (1-17): " user_input
@@ -50,16 +50,21 @@ if [ $# -eq 0 ]; then
 fi
 
 function update_allinssl() {
+  CN_CHECK=$(curl -sS --connect-timeout 10 -m 10 https://api.bt.cn/api/isCN)
+    if [ "${CN_CHECK}" == "True" ];then
+      node_host="https://download.allinssl.com"
+    else
+        node_host="https://node1.allinssl.com"
+    fi
     ARCH=$(uname -m)
     if [[ "$ARCH" == "x86_64" ]]; then
-        local url="https://download.allinssl.com/bin/allinssl-Linux-x86_64.tar.gz"
+        local url="${node_host}/bin/allinssl-Linux-x86_64.tar.gz"
     elif [[ "$ARCH" == "aarch64" ]]; then
-        local url="https://download.allinssl.com/bin/allinssl-Linux-aarch64.tar.gz"
+        local url="${node_host}/bin/allinssl-Linux-aarch64.tar.gz"
     else
         echo "不支持$ARCH"
         exit 1
     fi
-#    local url="https://download.allinssl.com/bin/allinssl.tar.gz"
     local target_dir="${WORK_DIR}"
     local temp_file=$(mktemp)
     local original_filename temp_file
@@ -132,7 +137,6 @@ function update_allinssl() {
 
     # 执行安装流程
     if create_directory && download_file && extract_file; then
-#        copy_config
         set_cloudc
         cleanup
         echo -e "${GREEN}${CHECK} Successfully installed to $target_dir${NC}"
@@ -202,10 +206,9 @@ if [ "$1" == "16" ]; then
     echo "已取消更新操作。"
     exit 0
   fi
-
-  # 可在此插入更新逻辑（如下载新版、替换二进制等）
-  update_allinssl
   echo "✅ 已确认，执行更新操作..."
+  update_allinssl
+  echo "ALLinSSL 更新完成！"
   exit 0
 elif [ "$1" == "17" ]; then
   echo "⚠️ 正在准备执行 ALLinSSL 卸载操作..."