perf: 支持使用letencrypt测试环境申请ip证书

2026-04-24 12:27:25 +08:00 · 2025-11-12 23:56:02 +08:00
parent e1eef013a8
commit 86ce00adf9
4 changed files with 68 additions and 28 deletions
@@ -4,6 +4,9 @@
 import { readCsrDomains } from "./crypto/index.js";
 import { wait } from "./wait.js";
 import { CancelError } from "./error.js";
+import { domainUtils } from '@certd/basic';
+
+


 const defaultOpts = {
@@ -65,7 +68,7 @@ export default async (client, userOpts) => {
     * Parse domains from CSR
     */

-    log("[auto] Parsing domains from Certificate Signing Request ");
+    log("[auto] Parsing domains from Certificate Signing Request");
    const { commonName, altNames } = readCsrDomains(opts.csr);
    const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));

@@ -76,9 +79,21 @@ export default async (client, userOpts) => {
     */

    log("[auto] Placing new certificate order with ACME provider");
-    const orderPayload = { identifiers: uniqueDomains.map((d) => ({ type: "dns", value: d })) };
-    if (opts.profile && client.sslProvider === 'letsencrypt' ){
+
+    let hasIp = false
+    const orderPayload = { identifiers: uniqueDomains.map((d) =>{
+        // 判断是否为IP（v4或v6），否则按域名处理
+        const type = domainUtils.isIp(d) ? 'ip' : 'dns';
+        if(type === 'ip'){
+            hasIp = true
+        }
+        return { type, value: d }
+    }) };
+    if (opts.profile && client.sslProvider.startsWith("letsencrypt") ){
        orderPayload.profile = opts.profile;
+        if(hasIp){
+            orderPayload.profile = "shortlived"
+        }
    }
    const order = await client.createOrder(orderPayload);
    const authorizations = await client.getAuthorizations(order);
@@ -7,29 +7,29 @@ function match(targetDomains: string | string[], inDomains: string[]) {
    return false;
  }

-  if (typeof targetDomains === 'string') {
+  if (typeof targetDomains === "string") {
    targetDomains = [targetDomains];
  }
  for (let targetDomain of targetDomains) {
    let matched = false;
-    if (targetDomain.startsWith('.')) {
-      targetDomain = '*' + targetDomain;
+    if (targetDomain.startsWith(".")) {
+      targetDomain = "*" + targetDomain;
    }
    for (let inDomain of inDomains) {
-      if (inDomain.startsWith('.')) {
-        inDomain = '*' + inDomain;
+      if (inDomain.startsWith(".")) {
+        inDomain = "*" + inDomain;
      }
      if (targetDomain === inDomain) {
        matched = true;
        break;
      }

-      if (!inDomain.startsWith('*.')) {
+      if (!inDomain.startsWith("*.")) {
        //不可能匹配
        continue;
      }
      //子域名匹配通配符即可
-      const firstDotIndex = targetDomain.indexOf('.');
+      const firstDotIndex = targetDomain.indexOf(".");
      const targetDomainSuffix = targetDomain.substring(firstDotIndex + 1);
      if (targetDomainSuffix === inDomain.substring(2)) {
        matched = true;
@@ -46,6 +46,32 @@ function match(targetDomains: string | string[], inDomains: string[]) {
  return true;
 }

+function isIpv4(d: string) {
+  if (!d) {
+    return false;
+  }
+  const isIPv4Regex = /^(\d{1,3}\.){3}\d{1,3}$/;
+  return isIPv4Regex.test(d);
+}
+
+function isIpv6(d: string) {
+  if (!d) {
+    return false;
+  }
+  const isIPv6Regex = /^([\da-f]{1,4}:){2,7}[\da-f]{1,4}$/i;
+  return isIPv6Regex.test(d);
+}
+
+function isIp(d: string) {
+  if (!d) {
+    return false;
+  }
+  return isIpv4(d) || isIpv6(d);
+}
+
 export const domainUtils = {
  match,
+  isIpv4,
+  isIpv6,
+  isIp,
 };