添加证书部署工具的初始实现

 - 使用Viper和初始YAML配置文件添加了配置管理。
 - 实施的证书部署逻辑，包括下载，提取和移动证书。
 - 设置记录功能。
 - 创建用于定期任务和系统信息检索的调度程序。
 - 添加了必要的GO模块和依赖项。
 - 更新了.gitignore，以排除构建工件和

Author: orange-juzipi

.gitignore

@@ -30,3 +30,11 @@ go.work.sum
 # Editor/IDE
 # .idea/
 # .vscode/
+
+bin
+cert-deploy
+certs
+ssl
+install.sh
+Makefile
+config.yaml

README.md

@@ -1 +1,34 @@
-# deploy
+# 证书自动部署 CLI 工具
+
+## 配置
+
+### 配置文件
+
+创建配置文件 `config.yaml`:
+
+```yaml
+# 证书部署配置
+server:
+  accessKey: ""
+
+# 证书存储配置
+ssl:
+  # 证书存储根目录
+  path: "/etc/nginx/ssl"
+```
+
+## 使用方法
+
+### 基本命令
+
+```bash
+# 显示帮助信息
+cert-deploy --help
+
+# 启动守护进程模式
+cert-deploy daemon
+```
+
+## 许可证
+
+MIT License

go.mod

@@ -0,0 +1,26 @@
+module github.com/orange-juzipi/cert-deploy
+
+go 1.25
+
+require (
+	connectrpc.com/connect v1.19.0
+	github.com/spf13/cobra v1.10.1
+	github.com/spf13/viper v1.21.0
+	google.golang.org/protobuf v1.36.9
+)
+
+require (
+	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/sagikazarmark/locafero v0.12.0 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/sys v0.36.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
+	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
+)

go.sum

@@ -0,0 +1,56 @@
+connectrpc.com/connect v1.19.0 h1:LuqUbq01PqbtL0o7vn0WMRXzR2nNsiINe5zfcJ24pJM=
+connectrpc.com/connect v1.19.0/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4=
+github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI=
+github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
+github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
+github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
+github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
+github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
+github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
+github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
+google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

internal/client/cert_deploy.go

@@ -0,0 +1,265 @@
+package client
+
+import (
+	"archive/tar"
+	"archive/zip"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/orange-juzipi/cert-deploy/internal/config"
+)
+
+// CertDeployer 证书部署器
+type CertDeployer struct {
+	client *Client
+}
+
+// NewCertDeployer 创建证书部署器
+func NewCertDeployer(client *Client) *CertDeployer {
+	return &CertDeployer{
+		client: client,
+	}
+}
+
+// DeployCertificate 部署证书
+func (cd *CertDeployer) DeployCertificate(domain, url string) error {
+	// 创建certs目录
+	certsDir := "certs"
+	if err := os.MkdirAll(certsDir, 0755); err != nil {
+		return fmt.Errorf("创建证书目录失败: %w", err)
+	}
+
+	// 文件名格式为 {domain}_certificates.zip
+	fileName := fmt.Sprintf("%s_certificates.zip", domain)
+	zipFile := filepath.Join(certsDir, fileName)
+
+	// 下载zip文件
+	if err := cd.client.downloadFile(url, zipFile); err != nil {
+		return fmt.Errorf("下载证书失败: %w", err)
+	}
+
+	fmt.Printf("证书下载完成: %s\n", zipFile)
+
+	// 证书文件夹名
+	folderName := domain + "_certificates"
+
+	// 1. 解压zip文件
+	extractDir := filepath.Join(certsDir, folderName)
+	if err := cd.extractZip(zipFile, extractDir); err != nil {
+		return fmt.Errorf("解压证书失败: %w", err)
+	}
+
+	// 2. 移动到配置的SSL目录
+	sslPath := config.GetConfig().SSL.Path
+	if err := cd.moveCertificates(extractDir, sslPath, folderName); err != nil {
+		return fmt.Errorf("移动证书失败: %w", err)
+	}
+
+	// 3. 测试nginx配置
+	if err := cd.testNginxConfig(); err != nil {
+		return fmt.Errorf("nginx配置测试失败: %w", err)
+	}
+
+	// 4. 重新加载nginx
+	if err := cd.reloadNginx(); err != nil {
+		return fmt.Errorf("nginx重新加载失败: %w", err)
+	}
+
+	fmt.Printf("证书部署完成: %s\n", domain)
+	return nil
+}
+
+// extractZip 解压zip文件
+func (cd *CertDeployer) extractZip(zipFile, extractDir string) error {
+	// 创建解压目录
+	if err := os.MkdirAll(extractDir, 0755); err != nil {
+		return fmt.Errorf("创建解压目录失败: %w", err)
+	}
+
+	// 打开zip文件
+	reader, err := zip.OpenReader(zipFile)
+	if err != nil {
+		return fmt.Errorf("打开zip文件失败: %w", err)
+	}
+	defer reader.Close()
+
+	// 解压所有文件
+	for _, file := range reader.File {
+		// 构建目标文件路径
+		targetPath := filepath.Join(extractDir, file.Name)
+
+		// 检查路径安全性
+		if !strings.HasPrefix(targetPath, filepath.Clean(extractDir)+string(os.PathSeparator)) {
+			return fmt.Errorf("不安全的文件路径: %s", file.Name)
+		}
+
+		// 创建目录
+		if file.FileInfo().IsDir() {
+			if err := os.MkdirAll(targetPath, file.FileInfo().Mode()); err != nil {
+				return fmt.Errorf("创建目录失败: %w", err)
+			}
+			continue
+		}
+
+		// 创建文件目录
+		if err := os.MkdirAll(filepath.Dir(targetPath), 0755); err != nil {
+			return fmt.Errorf("创建文件目录失败: %w", err)
+		}
+
+		// 打开zip文件中的文件
+		rc, err := file.Open()
+		if err != nil {
+			return fmt.Errorf("打开zip中的文件失败: %w", err)
+		}
+
+		// 创建目标文件
+		outFile, err := os.Create(targetPath)
+		if err != nil {
+			rc.Close()
+			return fmt.Errorf("创建文件失败: %w", err)
+		}
+
+		// 复制文件内容
+		if _, err := io.Copy(outFile, rc); err != nil {
+			rc.Close()
+			outFile.Close()
+			return fmt.Errorf("复制文件内容失败: %w", err)
+		}
+
+		rc.Close()
+		outFile.Close()
+
+		// 设置文件权限
+		if err := os.Chmod(targetPath, file.FileInfo().Mode()); err != nil {
+			return fmt.Errorf("设置文件权限失败: %w", err)
+		}
+	}
+
+	return nil
+}
+
+// extractTar 解压tar文件
+func (cd *CertDeployer) extractTar(tarFile, extractDir string) error {
+	// 创建解压目录
+	if err := os.MkdirAll(extractDir, 0755); err != nil {
+		return fmt.Errorf("创建解压目录失败: %w", err)
+	}
+
+	// 打开tar文件
+	file, err := os.Open(tarFile)
+	if err != nil {
+		return fmt.Errorf("打开tar文件失败: %w", err)
+	}
+	defer file.Close()
+
+	// 创建tar reader
+	tr := tar.NewReader(file)
+
+	// 解压所有文件
+	for {
+		header, err := tr.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return fmt.Errorf("读取tar文件失败: %w", err)
+		}
+
+		// 构建目标文件路径
+		targetPath := filepath.Join(extractDir, header.Name)
+
+		// 创建目录
+		if header.Typeflag == tar.TypeDir {
+			if err := os.MkdirAll(targetPath, os.FileMode(header.Mode)); err != nil {
+				return fmt.Errorf("创建目录失败: %w", err)
+			}
+			continue
+		}
+
+		// 创建文件
+		if err := os.MkdirAll(filepath.Dir(targetPath), 0755); err != nil {
+			return fmt.Errorf("创建文件目录失败: %w", err)
+		}
+
+		outFile, err := os.Create(targetPath)
+		if err != nil {
+			return fmt.Errorf("创建文件失败: %w", err)
+		}
+
+		// 复制文件内容
+		if _, err := io.Copy(outFile, tr); err != nil {
+			outFile.Close()
+			return fmt.Errorf("复制文件内容失败: %w", err)
+		}
+		outFile.Close()
+
+		// 设置文件权限
+		if err := os.Chmod(targetPath, os.FileMode(header.Mode)); err != nil {
+			return fmt.Errorf("设置文件权限失败: %w", err)
+		}
+	}
+
+	return nil
+}
+
+// moveCertificates 移动证书文件夹到SSL目录
+func (cd *CertDeployer) moveCertificates(sourceDir, sslPath, folderName string) error {
+	// 确保SSL目录存在
+	if err := os.MkdirAll(sslPath, 0755); err != nil {
+		return fmt.Errorf("创建SSL目录失败: %w", err)
+	}
+
+	// 构建目标路径
+	targetDir := filepath.Join(sslPath, folderName)
+
+	// 如果目标目录已存在，先删除
+	if _, err := os.Stat(targetDir); err == nil {
+		if err := os.RemoveAll(targetDir); err != nil {
+			return fmt.Errorf("删除已存在的目录失败: %w", err)
+		}
+	}
+
+	// 直接移动整个文件夹
+	if err := os.Rename(sourceDir, targetDir); err != nil {
+		return fmt.Errorf("移动证书文件夹失败: %w", err)
+	}
+
+	fmt.Printf("移动证书文件夹: %s -> %s\n", sourceDir, targetDir)
+	return nil
+}
+
+// testNginxConfig 测试nginx配置
+func (cd *CertDeployer) testNginxConfig() error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	cmd := exec.CommandContext(ctx, "nginx", "-t")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("nginx配置测试失败: %w, 输出: %s", err, string(output))
+	}
+
+	fmt.Println("nginx配置测试通过")
+	return nil
+}
+
+// reloadNginx 重新加载nginx
+func (cd *CertDeployer) reloadNginx() error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	cmd := exec.CommandContext(ctx, "nginx", "-s", "reload")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return fmt.Errorf("nginx重新加载失败: %w, 输出: %s", err, string(output))
+	}
+
+	fmt.Println("nginx重新加载成功")
+	return nil
+}