Merge pull request #11 from pkg6/deploy

Deploy

Author: chihqiang

.cli/elego/main.go

@@ -21,7 +21,8 @@ type Flags struct {
 	HttpWebroot elego.HTTPWebrootChallenge
 	DNS         elego.DNSChallenge
 
-	Path string
+	Deploy string
+	Path   string
 }
 
 var (
@@ -49,6 +50,8 @@ func init() {
 
 	flag.StringVar(&args.DNS.DNS, "dns", "", "Enter your DNS name, please refer to https://go-acme.github.io/lego/dns/index.html")
 
+	flag.StringVar(&args.Deploy, "deploy", "local", "Where do you want to deploy your certificate")
+
 	flag.StringVar(&args.Path, "path", "/etc/nginx/ssl/", "Path for saving certificates")
 }
 func main() {
@@ -60,26 +63,29 @@ func main() {
 		log.Fatal("Need to set either --dns or --webroot")
 	}
 	log.Printf("Accepted data : %#v", args)
-
 	if strings.HasPrefix(args.Domain, "*") {
 		//https://github.com/go-acme/lego/issues/1867
 		_ = os.Setenv("LEGO_DISABLE_CNAME_SUPPORT", strconv.FormatBool(true))
 	}
-	certificatesStorage, err := elego.NewCertificatesStorage(args.CachePath, "RC2")
+	sanitizedDomain, err := elego.SanitizedDomain(args.Domain)
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(fmt.Errorf("sanitizing domain: %v", err))
 	}
-	day, err := certificatesStorage.CheckExpire(args.Domain)
+	cStorage, err := elego.NewCertificatesStorage(args.CachePath, "RC2")
+	if err != nil {
+		log.Fatal(fmt.Errorf("error creating certificates storage: %v", err))
+	}
+	day, err := cStorage.CheckExpire(args.Domain)
 	if day > 0 && args.Force == false {
 		log.Printf("%s will expire in %.0f days", args.Domain, day)
+		savePath, _ := cStorage.GetSavePath(args.Domain)
+		log.Printf("we will back up the data in the %s directory", savePath)
 		return
 	}
-
-	accountStorage, err := elego.NewAccountsStorage(args.CachePath, args.Email, args.CADirURL)
+	aStorage, err := elego.NewAccountsStorage(args.CachePath, args.Email, args.CADirURL)
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(fmt.Errorf("error creating accounts storage: %v", err))
 	}
-
 	var register elego.IRegister
 	kid := os.Getenv("ELEGO_REGISTER_KID")
 	hmacEncoded := os.Getenv("ELEGO_REGISTER_HMAC")
@@ -92,9 +98,9 @@ func main() {
 	} else {
 		register = &elego.Register{}
 	}
-	_, client, err := elego.NewLegoClient(accountStorage, register)
+	_, client, err := elego.NewLegoClient(aStorage, register)
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(fmt.Errorf("error creating lego client: %w", err))
 	}
 	if args.DNS.DNS != "" {
 		err = elego.SetChallenge(client, &args.DNS)
@@ -104,19 +110,29 @@ func main() {
 		err = fmt.Errorf("we are working hard to support other ways")
 	}
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(fmt.Errorf("elego SetChallenge: %w", err))
 	}
 	certificate, err := elego.ObtainCertificate(client, []string{args.Domain})
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(fmt.Errorf("error obtaining certificate: %w", err))
 	}
-	if err := certificatesStorage.SaveResource(certificate); err != nil {
-		log.Fatal(err)
+	if err := cStorage.SaveResource(certificate); err != nil {
+		log.Fatal(fmt.Errorf("error saving certificate: %w", err))
 	}
-	cerPath, keyPath, err := certificatesStorage.SaveNginx(args.Path, args.Domain)
+	resource, err := cStorage.ReadResource(args.Domain)
 	if err != nil {
 		log.Fatal(err)
 	}
-	log.Printf("save key: %s", keyPath)
-	log.Printf("save cer: %s", cerPath)
+	switch args.Deploy {
+	case "local":
+		keyPath := path.Join(args.Path, fmt.Sprintf("%s%s", sanitizedDomain, elego.PemExt))
+		_ = os.Setenv("LOCAL_CERT_PATH", keyPath)
+		cerPath := path.Join(args.Path, fmt.Sprintf("%s%s", sanitizedDomain, elego.KeyExt))
+		_ = os.Setenv("LOCAL_KEY_PATH", cerPath)
+		break
+	}
+	if err := elego.Deploy(args.Deploy, resource); err != nil {
+		log.Fatal(fmt.Errorf("error deploying certificate: %w", err))
+	}
+	log.Printf("You successfully deployed your number through %s deployment method", args.Deploy)
 }

.gitignore

@@ -26,4 +26,5 @@ go.work.sum
 
 /.idea
 /ssl
-coverage.txt
+coverage.txt
+elego

Makefile

@@ -1,12 +1,14 @@
 TAG_VERSION := $(shell git describe --tags --always)
 
+build:
+	go build -ldflags='-s -w -X main.TAG_version=${TAG_VERSION}' -o elego ./.cli/elego/main.go
+
 check:
 	go install github.com/golangci/golangci-lint/cmd/[email protected]
 	golangci-lint run ./...
 
 test:
 	go test  -v -coverpkg=./... -race -covermode=atomic -coverprofile=coverage.txt ./... -run . -timeout=2m
 
-build:
-	go build -ldflags='-s -w -X main.TAG_version=${TAG_VERSION}' -o elego ./.cli/elego/main.go
+
 

certificates_storage.go

@@ -12,7 +12,6 @@ import (
 	"github.com/go-acme/lego/v4/certificate"
 	"golang.org/x/net/idna"
 	"os"
-	"path"
 	"path/filepath"
 	"software.sslmate.com/src/go-pkcs12"
 	"strings"
@@ -74,26 +73,6 @@ func (s *CertificatesStorage) CheckExpire(inputDomain string) (day float64, err
 	return day, errors.New("certificate not found")
 }
 
-func (s *CertificatesStorage) SaveNginx(nginxPath, domain string) (certificate, privateKey string, err error) {
-	resource, err := s.ReadResource(domain)
-	if err != nil {
-		return "", "", err
-	}
-	sanitizedDomain, err := SanitizedDomain(resource.Domain)
-	if err != nil {
-		return "", "", err
-	}
-	certificate = path.Join(nginxPath, fmt.Sprintf("%s%s", sanitizedDomain, PemExt))
-	privateKey = path.Join(nginxPath, fmt.Sprintf("%s%s", sanitizedDomain, KeyExt))
-	if err := CopyFile(resource.Certificate, certificate); err != nil {
-		return certificate, privateKey, fmt.Errorf("save nginx certificate: %w", err)
-	}
-	if err := CopyFile(resource.PrivateKey, privateKey); err != nil {
-		return certificate, privateKey, fmt.Errorf("save nginx private key: %w", err)
-	}
-	return certificate, privateKey, nil
-}
-
 func (s *CertificatesStorage) ReadCertificate(domain string) ([]*x509.Certificate, error) {
 	sanitizedDomain, err := SanitizedDomain(domain)
 	if err != nil {
@@ -159,9 +138,6 @@ func (s *CertificatesStorage) SaveResource(certRes *certificate.Resource) error
 	}
 	return s.writeFile(sanitizedDomain, ResourceExt, jsonBytes)
 }
-func (s *CertificatesStorage) readFile(sanitizedDomain, extension string) ([]byte, error) {
-	return os.ReadFile(filepath.Join(s.rootPath, sanitizedDomain, sanitizedDomain+extension))
-}
 
 func (s *CertificatesStorage) writeCertificateFiles(domain string, certRes *certificate.Resource) error {
 	sanitizedDomain, err := SanitizedDomain(domain)
@@ -225,13 +201,28 @@ func (s *CertificatesStorage) writePFXFile(domain string, certRes *certificate.R
 	return s.writeFile(domain, PfxExt, pfxBytes)
 }
 
+func (s *CertificatesStorage) GetSavePath(domain string) (string, error) {
+	sanitizedDomain, err := SanitizedDomain(domain)
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(s.rootPath, sanitizedDomain), nil
+}
+
 func (s *CertificatesStorage) createPath(sanitizedDomain string) error {
 	return CreateNonExistingFolder(filepath.Join(s.rootPath, sanitizedDomain))
 }
 
+func (s *CertificatesStorage) SanitizedDomainSavePath(sanitizedDomain, extension string) string {
+	return filepath.Join(s.rootPath, sanitizedDomain, sanitizedDomain+extension)
+}
+
+func (s *CertificatesStorage) readFile(sanitizedDomain, extension string) ([]byte, error) {
+	return os.ReadFile(s.SanitizedDomainSavePath(sanitizedDomain, extension))
+}
+
 func (s *CertificatesStorage) writeFile(sanitizedDomain, extension string, data []byte) error {
-	fileName := filepath.Join(s.rootPath, sanitizedDomain, sanitizedDomain+extension)
-	return os.WriteFile(fileName, data, filePerm)
+	return os.WriteFile(s.SanitizedDomainSavePath(sanitizedDomain, extension), data, filePerm)
 }
 
 func (s *CertificatesStorage) getPFXEncoder(pfxFormat string) (*pkcs12.Encoder, error) {

certificates_storage_test.go

@@ -119,48 +119,6 @@ func TestCertificatesStorage_ReadResource(t *testing.T) {
 	}
 }
 
-func TestCertificatesStorage_SaveNginx(t *testing.T) {
-	type fields struct {
-		rootPath    string
-		pfxFormat   string
-		pfxPassword string
-	}
-	type args struct {
-		nginxPath string
-		domain    string
-	}
-	tests := []struct {
-		name            string
-		fields          fields
-		args            args
-		wantCertificate string
-		wantPrivateKey  string
-		wantErr         bool
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			s := &CertificatesStorage{
-				rootPath:    tt.fields.rootPath,
-				pfxFormat:   tt.fields.pfxFormat,
-				pfxPassword: tt.fields.pfxPassword,
-			}
-			gotCertificate, gotPrivateKey, err := s.SaveNginx(tt.args.nginxPath, tt.args.domain)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("SaveNginx() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if gotCertificate != tt.wantCertificate {
-				t.Errorf("SaveNginx() gotCertificate = %v, want %v", gotCertificate, tt.wantCertificate)
-			}
-			if gotPrivateKey != tt.wantPrivateKey {
-				t.Errorf("SaveNginx() gotPrivateKey = %v, want %v", gotPrivateKey, tt.wantPrivateKey)
-			}
-		})
-	}
-}
-
 func TestCertificatesStorage_SaveResource(t *testing.T) {
 	type fields struct {
 		rootPath    string

deploy.go

@@ -0,0 +1,58 @@
+package elego
+
+import (
+	"context"
+	"fmt"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/pkg6/elego/deploy"
+	"github.com/pkg6/elego/log"
+	"os"
+	"path"
+	"path/filepath"
+)
+
+func Deploy(name string, certificate *certificate.Resource) error {
+	envDeploy, err := deploy.Get(name)
+	if err != nil {
+		log.Fatalf("deployment failed %d", err)
+		return err
+	}
+	return envDeploy.Deploy(context.Background(), certificate)
+}
+
+func DeployNginx(s *CertificatesStorage, nginxPath, domain string) (certificate, privateKey string, err error) {
+	writeFile := func(path string, content []byte) error {
+		dir := filepath.Dir(path)
+		err := os.MkdirAll(dir, os.ModePerm)
+		if err != nil {
+			return fmt.Errorf("failed to create directory: %w", err)
+		}
+		file, err := os.Create(path)
+		if err != nil {
+			return fmt.Errorf("failed to create file: %w", err)
+		}
+		defer file.Close()
+		_, err = file.Write(content)
+		if err != nil {
+			return fmt.Errorf("fail to write to file: %w", err)
+		}
+		return nil
+	}
+	resource, err := s.ReadResource(domain)
+	if err != nil {
+		return "", "", err
+	}
+	sanitizedDomain, err := SanitizedDomain(resource.Domain)
+	if err != nil {
+		return "", "", err
+	}
+	certificate = path.Join(nginxPath, fmt.Sprintf("%s%s", sanitizedDomain, PemExt))
+	privateKey = path.Join(nginxPath, fmt.Sprintf("%s%s", sanitizedDomain, KeyExt))
+	if err := writeFile(certificate, resource.Certificate); err != nil {
+		return certificate, privateKey, fmt.Errorf("save nginx certificate: %w", err)
+	}
+	if err := writeFile(privateKey, resource.PrivateKey); err != nil {
+		return certificate, privateKey, fmt.Errorf("save nginx private key: %w", err)
+	}
+	return certificate, privateKey, nil
+}

deploy/aliyuncdn/config.go

@@ -0,0 +1,10 @@
+package aliyuncdn
+
+type Config struct {
+	// 阿里云 AccessKeyId。
+	AccessKeyId string `json:"access_key_id,omitempty" yml:"AccessKeyId" xml:"AccessKeyId" env:"ALIYUNCDN_ACCESS_KEY_ID"`
+	// 阿里云 AccessKeySecret。
+	AccessKeySecret string `json:"access_key_secret,omitempty" yaml:"AccessKeySecret" xml:"AccessKeySecret" env:"ALIYUNCDN_ACCESS_KEY_SECRET"`
+	// 加速域名（支持泛域名）。
+	Domain string `json:"domain,omitempty" yaml:"Domain" xml:"Domain" env:"ALIYUNCDN_DOMAIN"`
+}

deploy/aliyuncdn/deploy.go

@@ -0,0 +1,55 @@
+package aliyuncdn
+
+import (
+	"context"
+	"fmt"
+	aliyunCdn "github.com/alibabacloud-go/cdn-20180510/v5/client"
+	"github.com/alibabacloud-go/tea/tea"
+	"github.com/caarlos0/env/v11"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/pkg/errors"
+	"github.com/pkg6/elego/log"
+	"strings"
+	"time"
+)
+
+type Deploy struct {
+	Config *Config
+	logger log.ILogger
+}
+
+func (d *Deploy) WithLogger(logger log.ILogger) {
+	d.logger = logger
+}
+
+func (d *Deploy) WithEnvConfig() error {
+	var cfg Config
+	err := env.Parse(&cfg)
+	if err != nil {
+		return err
+	}
+	d.Config = &cfg
+	return nil
+}
+
+func (d *Deploy) Deploy(ctx context.Context, certificate *certificate.Resource) error {
+	domain := strings.TrimPrefix(d.Config.Domain, "*")
+	client, err := newClient(d.Config.AccessKeyId, d.Config.AccessKeySecret)
+	if err != nil {
+		return errors.Wrap(err, "failed to create sdk client")
+	}
+	setCdnDomainSSLCertificateReq := &aliyunCdn.SetCdnDomainSSLCertificateRequest{
+		DomainName:  tea.String(domain),
+		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
+		CertType:    tea.String("upload"),
+		SSLProtocol: tea.String("on"),
+		SSLPub:      tea.String(string(certificate.Certificate)),
+		SSLPri:      tea.String(string(certificate.PrivateKey)),
+	}
+	setCdnDomainSSLCertificateResp, err := client.SetCdnDomainSSLCertificate(setCdnDomainSSLCertificateReq)
+	if err != nil {
+		return errors.Wrap(err, "failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate'")
+	}
+	d.logger.Printf("已设置 CDN 域名证书 %+v", setCdnDomainSSLCertificateResp)
+	return nil
+}