chore: sdk

2026-05-16 13:17:29 +08:00 · 2026-05-14 18:31:25 +08:00
parent f8f51adf88
commit 639756dfcd
11 changed files with 874 additions and 0 deletions
@@ -0,0 +1,107 @@
+package main
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+)
+
+type CertdClient struct {
+	KeyID     string
+	KeySecret string
+	BaseURL   string
+	Encrypt   bool
+	SignType  string
+}
+
+type tokenContent struct {
+	KeyID    string `json:"keyId"`
+	T        int64  `json:"t"`
+	Encrypt  bool   `json:"encrypt"`
+	SignType string `json:"signType"`
+}
+
+func NewCertdClient(keyID, keySecret string) (*CertdClient, error) {
+	if keyID == "" {
+		return nil, fmt.Errorf("keyID is required")
+	}
+	if keySecret == "" {
+		return nil, fmt.Errorf("keySecret is required")
+	}
+	return &CertdClient{
+		KeyID:     keyID,
+		KeySecret: keySecret,
+		BaseURL:   "http://127.0.0.1:7001",
+		SignType:  "md5",
+	}, nil
+}
+
+func (c *CertdClient) GetSign(content string) (string, error) {
+	if c.SignType != "md5" {
+		return "", fmt.Errorf("unsupported signType: %s", c.SignType)
+	}
+	sum := md5.Sum([]byte(content + c.KeySecret))
+	return hex.EncodeToString(sum[:]), nil
+}
+
+func (c *CertdClient) GetToken() (string, error) {
+	contentBytes, err := json.Marshal(tokenContent{
+		KeyID:    c.KeyID,
+		T:        time.Now().Unix(),
+		Encrypt:  c.Encrypt,
+		SignType: c.SignType,
+	})
+	if err != nil {
+		return "", err
+	}
+	content := string(contentBytes)
+	sign, err := c.GetSign(content)
+	if err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString([]byte(content)) + "." + base64.StdEncoding.EncodeToString([]byte(sign)), nil
+}
+
+func (c *CertdClient) Request(path string, body any) ([]byte, error) {
+	bodyBytes, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	token, err := c.GetToken()
+	if err != nil {
+		return nil, err
+	}
+
+	httpReq, err := http.NewRequest(http.MethodPost, strings.TrimRight(c.BaseURL, "/")+path, bytes.NewReader(bodyBytes))
+	if err != nil {
+		return nil, err
+	}
+	httpReq.Header.Set("content-type", "application/json")
+	httpReq.Header.Set("x-certd-token", token)
+
+	resp, err := http.DefaultClient.Do(httpReq)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return nil, fmt.Errorf("HTTP %d: %s", resp.StatusCode, string(respBody))
+	}
+	return respBody, nil
+}
+
+func (c *CertdClient) GetCert(params any) ([]byte, error) {
+	return c.Request("/api/v1/cert/get", params)
+}
@@ -0,0 +1,85 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+)
+
+type certGetRequest struct {
+	Domains   string `json:"domains,omitempty"`
+	CertID    int64  `json:"certId,omitempty"`
+	AutoApply bool   `json:"autoApply"`
+	Format    string `json:"format,omitempty"`
+}
+
+func requireEnv(name string) (string, error) {
+	value := os.Getenv(name)
+	if value == "" {
+		return "", fmt.Errorf("missing environment variable: %s", name)
+	}
+	return value, nil
+}
+
+func boolEnv(name string, defaultValue bool) bool {
+	value := os.Getenv(name)
+	if value == "" {
+		return defaultValue
+	}
+	switch strings.ToLower(value) {
+	case "1", "true", "yes", "y":
+		return true
+	default:
+		return false
+	}
+}
+
+func main() {
+	if err := run(); err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+}
+
+func run() error {
+	keyID, err := requireEnv("CERTD_KEY_ID")
+	if err != nil {
+		return err
+	}
+	keySecret, err := requireEnv("CERTD_KEY_SECRET")
+	if err != nil {
+		return err
+	}
+
+	client, err := NewCertdClient(keyID, keySecret)
+	if err != nil {
+		return err
+	}
+	if baseURL := os.Getenv("CERTD_BASE_URL"); baseURL != "" {
+		client.BaseURL = baseURL
+	}
+	client.Encrypt = boolEnv("CERTD_ENCRYPT", false)
+
+	reqBody := certGetRequest{
+		Domains:   os.Getenv("CERTD_DOMAINS"),
+		AutoApply: boolEnv("CERTD_AUTO_APPLY", false),
+		Format:    os.Getenv("CERTD_FORMAT"),
+	}
+	if certID := os.Getenv("CERTD_CERT_ID"); certID != "" {
+		reqBody.CertID, err = strconv.ParseInt(certID, 10, 64)
+		if err != nil || reqBody.CertID <= 0 {
+			return fmt.Errorf("CERTD_CERT_ID must be a positive integer")
+		}
+	}
+	if reqBody.CertID == 0 && reqBody.Domains == "" {
+		return fmt.Errorf("set CERTD_CERT_ID or CERTD_DOMAINS")
+	}
+
+	respBody, err := client.GetCert(reqBody)
+	if err != nil {
+		return err
+	}
+	fmt.Println(string(respBody))
+	return nil
+}