删除阿里云DNS相关代码并更新证书申请逻辑

移除了不再使用的阿里云DNS相关文件 `aliyun.go` 和 `aliyunsdk.go`，并在 `applycert/main.go` 中引入了默认的证书类型和超时时间常量。同时，修正了 `utils/x509.go` 中的时间比较逻辑错误。

src/certssl/account/main.go

@@ -7,7 +7,13 @@ import (
 	"os"
 )
 
+var resource *registration.Resource
+
 func GetAccount(dir string, email string, client *lego.Client) (*registration.Resource, error) {
+	if resource != nil {
+		return resource, nil
+	}
+
 	err := os.MkdirAll(dir, 0775)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create directory %s: %s", dir, err.Error())
@@ -15,6 +21,8 @@ func GetAccount(dir string, email string, client *lego.Client) (*registration.Re
 
 	account, err := loadAccount(dir, email)
 	if err != nil {
+		fmt.Printf("load local account failed, register a ew on for %s: %s\n", email, err.Error())
+
 		account, err = newAccount(email, client)
 		if err != nil {
 			return nil, fmt.Errorf("not local account, new account failed: %s", err.Error())
@@ -27,10 +35,11 @@ func GetAccount(dir string, email string, client *lego.Client) (*registration.Re
 			return nil, fmt.Errorf("not local account, save account failed: %s", err.Error())
 		}
 
-		fmt.Printf("account register success email: %s\n", email)
+		fmt.Printf("account register success for email: %s\n", email)
 	} else {
-		fmt.Printf("load local account success email: %s\n", email)
+		fmt.Printf("load local account success for email: %s\n", email)
 	}
 
-	return account.Resource, nil
+	resource = account.Resource
+	return resource, nil
 }

src/certssl/account/save.go

@@ -12,13 +12,13 @@ func saveAccount(dir string, account *Account) error {
 	if err != nil {
 		return fmt.Errorf("failed to create directory %s: %s", dir, err.Error())
 	}
-	filepath := path.Join(dir, fmt.Sprintf("%s.account.jsom", account.Email))
 
 	data, err := json.Marshal(account)
 	if err != nil {
 		return err
 	}
 
+	filepath := path.Join(dir, fmt.Sprintf("%s.account.json", account.Email))
 	err = os.WriteFile(filepath, data, 0644)
 	if err != nil {
 		return fmt.Errorf("failed to write account %s: %s", filepath, err.Error())

src/certssl/aliyunclear/aliyun.go

@@ -1,102 +0,0 @@
-package aliyunclear
-
-import (
-	"fmt"
-	"github.com/alibabacloud-go/tea/tea"
-	"strconv"
-	"strings"
-)
-
-var domainList []string
-var mainDomain string
-var rr string
-
-var aliyunAccessKey string
-var aliyunAccessSecret string
-
-func InitAliyun(_aliyunAccessKey string, _aliyunAccessSecret string, domain string) (err error) {
-	if aliyunAccessKey != "" {
-		return nil
-	}
-
-	err = aliyunSDKCreateClient(_aliyunAccessKey, _aliyunAccessSecret)
-	if err != nil {
-		return fmt.Errorf("create aliyun client failed: %s", err.Error())
-	}
-
-	aliyunAccessKey = _aliyunAccessKey
-	aliyunAccessSecret = _aliyunAccessSecret
-
-	domainList, err = getDomainList()
-	if err != nil {
-		return fmt.Errorf("get domain list failed: %s", err.Error())
-	}
-
-	mainDomain, rr, err = getMainDomain(domain)
-	if err != nil {
-		return fmt.Errorf("get main domain failed: %s", err.Error())
-	}
-
-	return nil
-}
-
-func getDomainList() ([]string, error) {
-	const pageSize = int64(100)
-	var pageNumber = int64(0)
-
-	res := make([]string, 0, 10)
-
-	for {
-		pageNumber += 1
-		resp1, err := aliyunSDKDescribeDomains(pageNumber, pageSize)
-		if err != nil {
-			return nil, fmt.Errorf("get domain list failed: %s", err.Error())
-		}
-
-		for _, d := range resp1.Body.Domains.Domain {
-			res = append(res, tea.StringValue(d.DomainName))
-		}
-
-		if int64(len(res)) == tea.Int64Value(resp1.Body.TotalCount) {
-			break
-		}
-	}
-
-	return res, nil
-}
-
-func getMainDomain(subDomainName string) (string, string, error) {
-	for _, domainName := range domainList {
-		suffix := fmt.Sprintf(".%s", domainName)
-
-		if domainName == subDomainName {
-			RR := "@"
-			return domainName, RR, nil
-		} else if strings.HasSuffix(subDomainName, suffix) {
-			RR := strings.TrimSuffix(subDomainName, suffix)
-			return domainName, RR, nil
-		}
-	}
-
-	return "", "", fmt.Errorf("domain not found")
-}
-
-func clearACMEDNS01TXTRecord() error {
-	resp1, err := aliyunSDKDeleteSubDomainRecords(mainDomain, rr, "TXT")
-	if err != nil {
-		return err
-	}
-
-	totalCount, err := strconv.ParseInt(tea.StringValue(resp1.Body.TotalCount), 10, 64)
-	if err != nil {
-		return err
-	}
-
-	if totalCount <= 0 {
-		return fmt.Errorf("clear failed: total count is 0")
-	} else if totalCount != 1 {
-		return fmt.Errorf("clear may have some problem: total count is %d", totalCount)
-	}
-
-	return nil
-}

src/certssl/aliyunclear/aliyunsdk.go

@@ -1,86 +0,0 @@
-package aliyunclear
-
-import (
-	dns "github.com/alibabacloud-go/alidns-20150109/v4/client"
-	openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	"github.com/alibabacloud-go/tea/tea"
-)
-
-var client *dns.Client
-
-func aliyunSDKCreateClient(aliyunAccessKey string, aliyunAccessSecret string) (err error) {
-	client, err = _aliyunSDKCreateClient(aliyunAccessKey, aliyunAccessSecret)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func _aliyunSDKCreateClient(aliyunAccessKey string, aliyunAccessSecret string) (*dns.Client, error) {
-	config := &openapi.Config{
-		AccessKeyId:     tea.String(aliyunAccessKey),
-		AccessKeySecret: tea.String(aliyunAccessSecret),
-	}
-	config.RegionId = tea.String("cn-hangzhou")
-	config.Endpoint = tea.String("alidns.cn-hangzhou.aliyuncs.com")
-	res := &dns.Client{}
-	res, err := dns.NewClient(config)
-	if err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
-func aliyunSDKDescribeDomains(pageNumber int64, pageSize int64) (*dns.DescribeDomainsResponse, error) {
-	if pageNumber <= 0 {
-		pageNumber = 1
-	}
-
-	if pageSize <= 0 || pageSize > 100 {
-		pageSize = 100
-	}
-
-	req := &dns.DescribeDomainsRequest{}
-	req.PageNumber = tea.Int64(pageNumber)
-	req.PageSize = tea.Int64(pageSize)
-	resp, tryErr := func() (resp *dns.DescribeDomainsResponse, err error) {
-		defer func() {
-			if r := tea.Recover(recover()); r != nil {
-				err = r
-			}
-		}()
-		resp, err = client.DescribeDomains(req)
-		if err != nil {
-			return nil, err
-		}
-		return resp, nil
-	}()
-	if tryErr != nil {
-		return nil, tryErr
-	}
-	return resp, nil
-}
-
-func aliyunSDKDeleteSubDomainRecords(domainName string, RR string, Type string) (*dns.DeleteSubDomainRecordsResponse, error) {
-	req := &dns.DeleteSubDomainRecordsRequest{}
-	req.DomainName = tea.String(domainName)
-	req.RR = tea.String(RR)
-	req.Type = tea.String(Type)
-	resp, tryErr := func() (resp *dns.DeleteSubDomainRecordsResponse, err error) {
-		defer func() {
-			if r := tea.Recover(recover()); r != nil {
-				err = r
-			}
-		}()
-		resp, err = client.DeleteSubDomainRecords(req)
-		if err != nil {
-			return nil, err
-		}
-
-		return resp, nil
-	}()
-	if tryErr != nil {
-		return nil, tryErr
-	}
-	return resp, nil
-}

src/certssl/applycert/main.go

@@ -13,12 +13,15 @@ import (
 	"time"
 )
 
+const DefaultCertTimeout = 30 * 24 * time.Hour
+const DefaultCertType = certcrypto.RSA4096
+
 func ApplyCert(basedir string, email string, aliyunAccessKey string, aliyunAccessSecret string, domain string) (crypto.PrivateKey, *certificate.Resource, error) {
 	if domain == "" || !utils.IsValidDomain(domain) {
 		return nil, nil, fmt.Errorf("domain is invalid")
 	}
 
-	privateKey, err := certcrypto.GeneratePrivateKey(certcrypto.RSA4096)
+	privateKey, err := certcrypto.GeneratePrivateKey(DefaultCertType)
 	if err != nil {
 		return nil, nil, fmt.Errorf("generate private key failed: %s", err.Error())
 	}
@@ -26,8 +29,8 @@ func ApplyCert(basedir string, email string, aliyunAccessKey string, aliyunAcces
 	user := newUser(email, privateKey)
 
 	config := lego.NewConfig(user)
-	config.Certificate.KeyType = certcrypto.RSA4096
-	config.Certificate.Timeout = 30 * 24 * time.Hour
+	config.Certificate.KeyType = DefaultCertType
+	config.Certificate.Timeout = DefaultCertTimeout
 	config.CADirURL = "https://acme-v02.api.letsencrypt.org/directory"
 	client, err := lego.NewClient(config)
 	if err != nil {

src/certssl/main.go

@@ -4,19 +4,12 @@ import (
 	"crypto"
 	"crypto/x509"
 	"fmt"
-	"github.com/SongZihuan/Http-Demo/src/certssl/aliyunclear"
 	"github.com/SongZihuan/Http-Demo/src/certssl/applycert"
 	"github.com/SongZihuan/Http-Demo/src/utils"
 	"time"
 )
 
-func InitCertSSL(aliyunAccessKey string, aliyunAccessSecret string, domain string) error {
-	err := aliyunclear.InitAliyun(aliyunAccessKey, aliyunAccessSecret, domain)
-	if err != nil {
-		return fmt.Errorf("init aliyun failed: %s", err.Error())
-	}
-	return nil
-}
+const CertDefaultNewApplyTime = 5 * 24 * time.Hour
 
 func GetCertificateAndPrivateKey(basedir string, email string, aliyunAccessKey string, aliyunAccessSecret string, domain string) (crypto.PrivateKey, *x509.Certificate, error) {
 	if email == "" {
@@ -97,7 +90,7 @@ func watchCertificateAndPrivateKey(dir string, email string, aliyunAccessKey str
 		return nil, nil, fmt.Errorf("not a valid domain")
 	}
 
-	if utils.CheckCertWithDomain(oldCert, domain) && utils.CheckCertWithTime(oldCert, 5*24*time.Hour) {
+	if utils.CheckCertWithDomain(oldCert, domain) && utils.CheckCertWithTime(oldCert, CertDefaultNewApplyTime) {
 		return nil, nil, nil
 	}
 

src/httpsslserver/server.go

@@ -37,11 +37,6 @@ func InitHttpSSLServer() (err error) {
 	HttpSSLAliyunAccessKey = flagparser.HttpsAliyunKey
 	HttpSSLAliyunAccessSecret = flagparser.HttpsAliyunSecret
 
-	err = certssl.InitCertSSL(HttpSSLAliyunAccessKey, HttpSSLAliyunAccessSecret, HttpSSLDomain)
-	if err != nil {
-		return fmt.Errorf("init htttps aliyun dns server error: %s", err.Error())
-	}
-
 	PrivateKey, Certificate, err = certssl.GetCertificateAndPrivateKey(HttpSSLCertDir, HttpSSLEmail, HttpSSLAliyunAccessKey, HttpSSLAliyunAccessSecret, HttpSSLDomain)
 	if err != nil {
 		return fmt.Errorf("init htttps cert ssl server error: %s", err.Error())

src/utils/x509.go

@@ -46,7 +46,7 @@ func CheckCertWithTime(cert *x509.Certificate, gracePeriod time.Duration) bool {
 
 	if now.Before(cert.NotBefore) {
 		return false
-	} else if nowWithGracePeriod.After(cert.NotBefore) {
+	} else if nowWithGracePeriod.After(cert.NotAfter) {
 		return false
 	}