From 472302327e29d312d2c2e1ecf80ff8a057dc71c1 Mon Sep 17 00:00:00 2001
From: zhengkunwang223 <1paneldev@sina.com>
Date: Sun, 28 Sep 2025 14:30:22 +0800
Subject: [PATCH] feat: Update the local certificate and remember the directory
 address.

---
 agent/app/model/website_ssl.go                | 60 ++++++++++---------
 agent/app/service/website_ssl.go              |  4 ++
 agent/init/migration/migrate.go               |  3 +-
 agent/init/migration/migrations/init.go       | 12 +++-
 frontend/src/api/interface/website.ts         |  2 +
 .../src/views/website/ssl/upload/index.vue    |  5 ++
 6 files changed, 55 insertions(+), 31 deletions(-)

diff --git a/agent/app/model/website_ssl.go b/agent/app/model/website_ssl.go
index 99a0d201e045..91cd889a9053 100644
--- a/agent/app/model/website_ssl.go
+++ b/agent/app/model/website_ssl.go
@@ -10,35 +10,37 @@ import (
 
 type WebsiteSSL struct {
 	BaseModel
-	PrimaryDomain string    `json:"primaryDomain"`
-	PrivateKey    string    `json:"privateKey"`
-	Pem           string    `json:"pem"`
-	Domains       string    `json:"domains"`
-	CertURL       string    `json:"certURL"`
-	Type          string    `json:"type"`
-	Provider      string    `json:"provider"`
-	Organization  string    `json:"organization"`
-	DnsAccountID  uint      `json:"dnsAccountId"`
-	AcmeAccountID uint      `gorm:"column:acme_account_id" json:"acmeAccountId" `
-	CaID          uint      `json:"caId"`
-	AutoRenew     bool      `json:"autoRenew"`
-	ExpireDate    time.Time `json:"expireDate"`
-	StartDate     time.Time `json:"startDate"`
-	Status        string    `json:"status"`
-	Message       string    `json:"message"`
-	KeyType       string    `json:"keyType"`
-	PushDir       bool      `json:"pushDir"`
-	Dir           string    `json:"dir"`
-	Description   string    `json:"description"`
-	SkipDNS       bool      `json:"skipDNS"`
-	Nameserver1   string    `json:"nameserver1"`
-	Nameserver2   string    `json:"nameserver2"`
-	DisableCNAME  bool      `json:"disableCNAME"`
-	ExecShell     bool      `json:"execShell"`
-	Shell         string    `json:"shell"`
-	MasterSSLID   uint      `json:"masterSslId"`
-	Nodes         string    `json:"nodes"`
-	PushNode      bool      `json:"pushNode"`
+	PrimaryDomain  string    `json:"primaryDomain"`
+	PrivateKey     string    `json:"privateKey"`
+	Pem            string    `json:"pem"`
+	Domains        string    `json:"domains"`
+	CertURL        string    `json:"certURL"`
+	Type           string    `json:"type"`
+	Provider       string    `json:"provider"`
+	Organization   string    `json:"organization"`
+	DnsAccountID   uint      `json:"dnsAccountId"`
+	AcmeAccountID  uint      `gorm:"column:acme_account_id" json:"acmeAccountId" `
+	CaID           uint      `json:"caId"`
+	AutoRenew      bool      `json:"autoRenew"`
+	ExpireDate     time.Time `json:"expireDate"`
+	StartDate      time.Time `json:"startDate"`
+	Status         string    `json:"status"`
+	Message        string    `json:"message"`
+	KeyType        string    `json:"keyType"`
+	PushDir        bool      `json:"pushDir"`
+	Dir            string    `json:"dir"`
+	Description    string    `json:"description"`
+	SkipDNS        bool      `json:"skipDNS"`
+	Nameserver1    string    `json:"nameserver1"`
+	Nameserver2    string    `json:"nameserver2"`
+	DisableCNAME   bool      `json:"disableCNAME"`
+	ExecShell      bool      `json:"execShell"`
+	Shell          string    `json:"shell"`
+	MasterSSLID    uint      `json:"masterSslId"`
+	Nodes          string    `json:"nodes"`
+	PushNode       bool      `json:"pushNode"`
+	PrivateKeyPath string    `json:"privateKeyPath"`
+	CertPath       string    `json:"certPath"`
 
 	AcmeAccount WebsiteAcmeAccount `json:"acmeAccount" gorm:"-:migration"`
 	DnsAccount  WebsiteDnsAccount  `json:"dnsAccount" gorm:"-:migration"`
diff --git a/agent/app/service/website_ssl.go b/agent/app/service/website_ssl.go
index 5ce24c903962..2dee6b1fdd0e 100644
--- a/agent/app/service/website_ssl.go
+++ b/agent/app/service/website_ssl.go
@@ -626,9 +626,13 @@ func (w WebsiteSSLService) Upload(req request.WebsiteSSLUpload) error {
 		} else {
 			websiteSSL.Pem = string(content)
 		}
+		websiteSSL.CertPath = req.CertificatePath
+		websiteSSL.PrivateKeyPath = req.PrivateKeyPath
 	} else {
 		websiteSSL.PrivateKey = req.PrivateKey
 		websiteSSL.Pem = req.Certificate
+		websiteSSL.CertPath = ""
+		websiteSSL.PrivateKeyPath = ""
 	}
 
 	privateKeyCertBlock, _ := pem.Decode([]byte(websiteSSL.PrivateKey))
diff --git a/agent/init/migration/migrate.go b/agent/init/migration/migrate.go
index a803b83ebe2d..df06a4cd8647 100644
--- a/agent/init/migration/migrate.go
+++ b/agent/init/migration/migrate.go
@@ -44,7 +44,8 @@ func InitAgentDB() {
 		migrations.InitRecordStatus,
 		migrations.AddShowNameForQuickJump,
 		migrations.AddTimeoutForClam,
-		migrations.UpdataCronjobSpec,
+		migrations.UpdateCronjobSpec,
+		migrations.UpdateWebsiteSSLAddColumn,
 	})
 	if err := m.Migrate(); err != nil {
 		global.LOG.Error(err)
diff --git a/agent/init/migration/migrations/init.go b/agent/init/migration/migrations/init.go
index ca3a26168ee4..6f7dbf0e668e 100644
--- a/agent/init/migration/migrations/init.go
+++ b/agent/init/migration/migrations/init.go
@@ -598,7 +598,7 @@ var AddTimeoutForClam = &gormigrate.Migration{
 	},
 }
 
-var UpdataCronjobSpec = &gormigrate.Migration{
+var UpdateCronjobSpec = &gormigrate.Migration{
 	ID: "20250925-update-cronjob-spec",
 	Migrate: func(tx *gorm.DB) error {
 		var cronjobs []model.Cronjob
@@ -617,3 +617,13 @@ var UpdataCronjobSpec = &gormigrate.Migration{
 		return nil
 	},
 }
+
+var UpdateWebsiteSSLAddColumn = &gormigrate.Migration{
+	ID: "20250928-update-website-ssl",
+	Migrate: func(tx *gorm.DB) error {
+		if err := tx.AutoMigrate(&model.WebsiteSSL{}); err != nil {
+			return err
+		}
+		return nil
+	},
+}
diff --git a/frontend/src/api/interface/website.ts b/frontend/src/api/interface/website.ts
index 0bb6b7535a07..58ba117894af 100644
--- a/frontend/src/api/interface/website.ts
+++ b/frontend/src/api/interface/website.ts
@@ -227,6 +227,8 @@ export namespace Website {
         shell: string;
         pushNode: boolean;
         nodes: string;
+        privateKeyPath: string;
+        certPath: string;
     }
 
     export interface SSLDTO extends SSL {
diff --git a/frontend/src/views/website/ssl/upload/index.vue b/frontend/src/views/website/ssl/upload/index.vue
index bf994e3265ec..ebfb2a6f6b65 100644
--- a/frontend/src/views/website/ssl/upload/index.vue
+++ b/frontend/src/views/website/ssl/upload/index.vue
@@ -98,6 +98,11 @@ const acceptParams = (websiteSSL: Website.SSLDTO) => {
     if (websiteSSL && websiteSSL.id > 0) {
         ssl.value.sslID = websiteSSL.id;
         ssl.value.description = websiteSSL.description;
+        ssl.value.privateKeyPath = websiteSSL.privateKeyPath;
+        ssl.value.certificatePath = websiteSSL.certPath;
+        if (ssl.value.certificatePath != '' && ssl.value.privateKeyPath != '') {
+            ssl.value.type = 'local';
+        }
     }
     open.value = true;
 };