v1.4.1

internal/web/actions/default/servers/server/settings/https/requestCertPopup.go

@@ -2,16 +2,20 @@ package https
 
 import (
 	"encoding/json"
+	"fmt"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"math/rand"
+	"strings"
+	"sync"
+
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/dns/domains/domainutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/langs/codes"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/lists"
 	"github.com/iwind/TeaGo/maps"
-	"strings"
 )
 
 type RequestCertPopupAction struct {
@@ -93,6 +97,9 @@ func (this *RequestCertPopupAction) RunPost(params struct {
 	UserId    int64
 	UserEmail string
 
+	AsyncCreateCert bool
+	ProviderCode    string
+
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
@@ -126,57 +133,134 @@ func (this *RequestCertPopupAction) RunPost(params struct {
 			"id":    acmeUserId,
 			"email": params.UserEmail,
 		}
-	} else {
+	} else if !params.AsyncCreateCert {
 		this.Fail("请选择或者填写用户")
 	}
 
-	createTaskResp, err := this.RPC().ACMETaskRPC().CreateACMETask(this.AdminContext(), &pb.CreateACMETaskRequest{
-		AcmeUserId:    acmeUserId,
-		DnsProviderId: 0,
-		DnsDomain:     "",
-		Domains:       params.ServerNames,
-		AutoRenew:     true,
-		AuthType:      "http",
-	})
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-
-	taskId := createTaskResp.AcmeTaskId
-
-	defer this.CreateLogInfo(codes.ACMETask_LogRunACMETask, taskId)
-
-	runResp, err := this.RPC().ACMETaskRPC().RunACMETask(this.AdminContext(), &pb.RunACMETaskRequest{AcmeTaskId: taskId})
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-
-	if runResp.IsOk {
-		certId := runResp.SslCertId
-
-		configResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{SslCertId: certId})
+	if params.AsyncCreateCert && acmeUserId == 0 && params.ProviderCode != "" {
+		acmeUsersResp, err := this.RPC().ACMEUserRPC().FindAllACMEUsers(this.AdminContext(), &pb.FindAllACMEUsersRequest{})
 		if err != nil {
 			this.ErrorPage(err)
 			return
 		}
-		certConfig := &sslconfigs.SSLCertConfig{}
-		err = json.Unmarshal(configResp.SslCertJSON, certConfig)
-		if err != nil {
-			this.ErrorPage(err)
-			return
+		var userIds = []int64{}
+		for _, user := range acmeUsersResp.AcmeUsers {
+			if user.AcmeProviderCode == params.ProviderCode {
+				userIds = append(userIds, user.Id)
+			}
 		}
-		certConfig.CertData = nil // 去掉不必要的数据
-		certConfig.KeyData = nil  // 去掉不必要的数据
-		this.Data["cert"] = certConfig
-		this.Data["certRef"] = &sslconfigs.SSLCertRef{
-			IsOn:   true,
-			CertId: certId,
+		if len(userIds) < 5 {
+			for i := 0; i < 5-len(userIds); i++ {
+				createUserResp, err := this.RPC().ACMEUserRPC().CreateACMEUser(this.AdminContext(), &pb.CreateACMEUserRequest{
+					Email:            fmt.Sprintf("%s-acme-%d-@mail.com", params.ProviderCode, rand.Intn(1000)),
+					AcmeProviderCode: params.ProviderCode,
+				})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				userIds = append(userIds, createUserResp.AcmeUserId)
+			}
 		}
 
+		acmeUserId = userIds[0]
+
+		// 根据主域名拆分
+		domainMap := make(map[string][]string)
+		for _, domain := range params.ServerNames {
+			parts := strings.Split(domain, ".")
+			rootDomain := strings.Join(parts[len(parts)-2:], ".")
+			domainMap[rootDomain] = append(domainMap[rootDomain], domain)
+		}
+
+		domainsGroup := make([][]string, 0, len(domainMap))
+		for _, domains := range domainMap {
+			domainsGroup = append(domainsGroup, domains)
+		}
+
+		domainsCount := len(domainsGroup)
+		var queue = make(chan []string, domainsCount)
+		for _, domains := range domainsGroup {
+			queue <- domains
+		}
+		var concurrent = 10
+		var wg = sync.WaitGroup{}
+		wg.Add(domainsCount)
+		sem := make(chan struct{}, concurrent)
+		for i := 0; i < domainsCount; i++ {
+			domains := <-queue
+			sem <- struct{}{}
+			go func(domains []string) {
+				defer func() {
+					<-sem
+					wg.Done()
+				}()
+				createResp, err := this.RPC().ACMETaskRPC().CreateACMETask(this.AdminContext(), &pb.CreateACMETaskRequest{
+					AcmeUserId:    acmeUserId,
+					DnsProviderId: 0,
+					DnsDomain:     "",
+					Domains:       domains,
+					AutoRenew:     true,
+					AuthType:      "http",
+					Async:         true,
+				})
+				if err == nil {
+					this.CreateLogInfo("创建证书申请任务 %d", createResp.AcmeTaskId)
+				}
+			}(domains)
+		}
+		wg.Wait()
 		this.Success()
 	} else {
-		this.Fail(runResp.Error)
+		createTaskResp, err := this.RPC().ACMETaskRPC().CreateACMETask(this.AdminContext(), &pb.CreateACMETaskRequest{
+			AcmeUserId:    acmeUserId,
+			DnsProviderId: 0,
+			DnsDomain:     "",
+			Domains:       params.ServerNames,
+			AutoRenew:     true,
+			AuthType:      "http",
+			Async:         false,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		taskId := createTaskResp.AcmeTaskId
+
+		defer this.CreateLogInfo(codes.ACMETask_LogRunACMETask, taskId)
+
+		runResp, err := this.RPC().ACMETaskRPC().RunACMETask(this.AdminContext(), &pb.RunACMETaskRequest{AcmeTaskId: taskId})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+
+		if runResp.IsOk {
+			certId := runResp.SslCertId
+
+			configResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{SslCertId: certId})
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			certConfig := &sslconfigs.SSLCertConfig{}
+			err = json.Unmarshal(configResp.SslCertJSON, certConfig)
+			if err != nil {
+				this.ErrorPage(err)
+				return
+			}
+			certConfig.CertData = nil // 去掉不必要的数据
+			certConfig.KeyData = nil  // 去掉不必要的数据
+			this.Data["cert"] = certConfig
+			this.Data["certRef"] = &sslconfigs.SSLCertRef{
+				IsOn:   true,
+				CertId: certId,
+			}
+
+			this.Success()
+		} else {
+			this.Fail(runResp.Error)
+		}
 	}
 }