damon/links
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正 Proxied、 SSL/TLS 设为 Flexible、开启 Always Use HTTPS

Browse Source
This commit is contained in:
root
2026-06-10 06:44:57 +08:00
parent a68b83fcbd
commit 5dea4c8b28
31 changed files with 950 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files
patches/application/admin/controller/split/Link.php
+2 -7
View File
@@ -84,13 +84,8 @@ class Link extends Backend
$cfg = is_array($this->view->config ?? null) ? $this->view->config : [];
$version = (string) \think\Config::get('site.version');
$scriptUrl = (string) url('split.link/script', ['v' => $version], false, true);
if (strpos($scriptUrl, '?') === false) {
$scriptUrl .= '?v=' . $version;
}
if (strpos($scriptUrl, '://') === false) {
$scriptUrl = $this->request->domain() . $scriptUrl;
}
// 使用站内相对路径,避免生产环境 domain() 与反向代理/HTTPS 不一致导致 JS 跨域丢 Cookie
$scriptUrl = (string) url('split.link/script', ['v' => $version], '', false);
$cfg['jsname'] = $scriptUrl;
$this->view->assign('config', $cfg);
$this->view->config = $cfg;
patches/application/admin/controller/split/Number.php
+2 -7
View File
@@ -79,13 +79,8 @@ class Number extends Backend
$cfg = is_array($this->view->config ?? null) ? $this->view->config : [];
$version = (string) \think\Config::get('site.version');
$scriptUrl = (string) url('split.number/script', ['v' => $version], false, true);
if (strpos($scriptUrl, '?') === false) {
$scriptUrl .= '?v=' . $version;
}
if (strpos($scriptUrl, '://') === false) {
$scriptUrl = $this->request->domain() . $scriptUrl;
}
// 使用站内相对路径,避免生产环境 domain() 与反向代理/HTTPS 不一致导致 JS 跨域丢 Cookie
$scriptUrl = (string) url('split.number/script', ['v' => $version], '', false);
$cfg['jsname'] = $scriptUrl;
$this->view->assign('config', $cfg);
$this->view->config = $cfg;
patches/application/admin/controller/split/Ticket.php
+2 -7
View File
@@ -110,13 +110,8 @@ class Ticket extends Backend
$cfg = is_array($this->view->config ?? null) ? $this->view->config : [];
$version = (string) \think\Config::get('site.version');
$scriptUrl = (string) url('split.ticket/script', ['v' => $version], false, true);
if (strpos($scriptUrl, '?') === false) {
$scriptUrl .= '?v=' . $version;
}
if (strpos($scriptUrl, '://') === false) {
$scriptUrl = $this->request->domain() . $scriptUrl;
}
// 使用站内相对路径,避免生产环境 domain() 与反向代理/HTTPS 不一致导致 JS 跨域丢 Cookie
$scriptUrl = (string) url('split.ticket/script', ['v' => $version], '', false);
$cfg['jsname'] = $scriptUrl;
$this->view->assign('config', $cfg);
$this->view->config = $cfg;
patches/application/admin/lang/zh-cn/domain.php
+36
View File
@@ -0,0 +1,36 @@
<?php
return [
'Domain' => '域名',
'Full_url' => '完整链接',
'Zone_status' => 'Zone状态',
'Ns_status' => 'NameServer状态',
'Dns_status' => 'DNS状态',
'Nameservers' => 'NameServer',
'Check_time' => '检测时间',
'Check_result' => '最近检测结果',
'Createtime' => '创建时间',
'Zone pending' => '待激活',
'Zone active' => '已激活',
'Zone failed' => '异常',
'NS pending' => '待验证',
'NS verified' => '已验证',
'NS failed' => '验证失败',
'DNS pending' => '待创建',
'DNS created' => '已创建',
'DNS failed' => '异常',
'Detect' => '检测',
'Detection completed' => '检测完成',
'Domain input tips title' => '填写说明',
'Domain input tips line1' => '请输入根域名,比如:nihao.com,不要填写 www,且不支持二级子域名。',
'Domain input tips line2' => '不支持中国域名注册商注册的域名,比如阿里云、腾讯云等注册商;也不支持中国域名后缀,包括 cn、com.cn、net.cn、org.cn 等。',
'Domain guide title' => '接入指引',
'Domain guide content' => '提交后,请在详情中查看 Cloudflare 实际分配的 NS,并到域名注册商处修改。NS 生效后点击「检测」完成接入。',
'Domain submitted, please check NS in detail page and update at registrar' => '域名已提交,请在详情中查看 Cloudflare 分配的 NS,并到注册商处修改',
'Domain cannot be edited after creation' => '域名创建后不可编辑',
'Domain already exists' => '该域名已存在',
'Please enter the full domain to confirm deletion' => '请输入完整域名以确认删除',
'Domain confirmation does not match' => '输入的域名与记录不一致,删除已取消',
'Delete domain confirm prompt' => '请输入完整域名以确认删除',
'Delete domain confirm mismatch' => '域名输入不一致,请重新确认',
];
patches/application/common/service/CloudflareService.php
+65 -15
View File
@@ -80,8 +80,7 @@ class CloudflareService
}
/**
* 聚合检测三项状态
* Zone/NS 检测通过后,自动将根域名 A 记录指向 server_ip 并校验
* 聚合检测 Zone/NS/DNS 状态;NS 已验证且 Zone 已激活时,静默校验并修正 A 记录、Proxied、SSL、HTTPS
*
* @param array $row 域名记录
* @return array{zone_status: string, ns_status: string, dns_status: string, check_result: string}
@@ -140,12 +139,12 @@ class CloudflareService
$dnsStatus = 'failed';
$messages[] = 'DNS:server_ip格式无效';
} else {
try {
if ($this->hasRootCnameConflict($zoneId, $domain)) {
$dnsStatus = 'failed';
$messages[] = 'DNS:根域名存在CNAME记录,无法创建A记录';
} else {
$this->upsertRootARecord($zoneId, $domain, $this->serverIp);
if ($this->hasRootCnameConflict($zoneId, $domain)) {
$dnsStatus = 'failed';
$messages[] = 'DNS:根域名存在CNAME记录,无法创建A记录';
} else {
try {
$this->reconcileCloudflareConfig($zoneId, $domain, $this->serverIp);
if ($this->verifyRootARecord($zoneId, $domain, $this->serverIp)) {
$dnsStatus = 'created';
$messages[] = 'DNS:已创建(A=' . $this->serverIp . ')';
@@ -153,10 +152,10 @@ class CloudflareService
$dnsStatus = 'pending';
$messages[] = 'DNS:待创建(A记录未指向' . $this->serverIp . ')';
}
} catch (\Throwable $e) {
$dnsStatus = 'failed';
$messages[] = 'DNS:操作失败(' . $e->getMessage() . ')';
}
} catch (\Throwable $e) {
$dnsStatus = 'failed';
$messages[] = 'DNS:操作失败(' . $e->getMessage() . ')';
}
}
@@ -193,6 +192,49 @@ class CloudflareService
}
/**
* NS 已验证且 Zone 已激活时:读取 Proxied / SSL / HTTPS / A 记录,与期望值不一致则修正
*
* @throws Exception
*/
private function reconcileCloudflareConfig(string $zoneId, string $domain, string $ip): void
{
$this->ensureZoneEdgeSettings($zoneId);
$this->upsertRootARecord($zoneId, $domain, $ip);
}
/**
* 读取 Zone 单项设置值
*
* @throws Exception
*/
private function getZoneSettingValue(string $zoneId, string $settingId): string
{
$response = $this->request('GET', '/zones/' . $zoneId . '/settings/' . $settingId);
return strtolower(trim((string)($response['result']['value'] ?? '')));
}
/**
* SSL/TLS=Flexible、Always Use HTTPS=开启;已与期望一致则跳过 PATCH
*
* @throws Exception
*/
private function ensureZoneEdgeSettings(string $zoneId): void
{
if ($this->getZoneSettingValue($zoneId, 'ssl') !== 'flexible') {
$this->request('PATCH', '/zones/' . $zoneId . '/settings/ssl', [
'value' => 'flexible',
]);
}
if ($this->getZoneSettingValue($zoneId, 'always_use_https') !== 'on') {
$this->request('PATCH', '/zones/' . $zoneId . '/settings/always_use_https', [
'value' => 'on',
]);
}
}
/**
* 创建或更新根域名 A 记录(IP 与 Proxied 与期望不一致时修正)
*
* @throws Exception
*/
private function upsertRootARecord(string $zoneId, string $domain, string $ip): void
@@ -204,7 +246,7 @@ class CloudflareService
'name' => $domain,
'content' => $ip,
'ttl' => 1,
'proxied' => false,
'proxied' => true,
]);
return;
}
@@ -212,25 +254,33 @@ class CloudflareService
foreach ($records as $record) {
$recordId = (string)($record['id'] ?? '');
$content = (string)($record['content'] ?? '');
if ($recordId === '' || $content === $ip) {
$proxied = (bool)($record['proxied'] ?? false);
if ($recordId === '') {
continue;
}
if ($content === $ip && $proxied) {
continue;
}
$this->request('PATCH', '/zones/' . $zoneId . '/dns_records/' . $recordId, [
'content' => $ip,
'ttl' => 1,
'proxied' => false,
'proxied' => true,
]);
}
}
/**
* 校验根域名 A 记录:content 指向 server_ip 且已开启 Proxy
*
* @throws Exception
*/
private function verifyRootARecord(string $zoneId, string $domain, string $ip): bool
{
$records = $this->listRootARecords($zoneId, $domain);
foreach ($records as $record) {
if ((string)($record['content'] ?? '') === $ip) {
$content = (string)($record['content'] ?? '');
$proxied = (bool)($record['proxied'] ?? false);
if ($content === $ip && $proxied) {
return true;
}
}