From 7198a1376bc71c6a20fdce86aa06b2d376c1db85 Mon Sep 17 00:00:00 2001
From: jingrow <support@jingrow.com>
Date: Thu, 1 Jan 2026 19:32:58 +0000
Subject: [PATCH] =?UTF-8?q?refactor:=20=E4=BC=98=E5=8C=96=E8=B7=AF?=
 =?UTF-8?q?=E7=94=B1=E7=9B=91=E5=90=AC=E6=9C=8D=E5=8A=A1=EF=BC=8C=E7=A7=BB?=
 =?UTF-8?q?=E9=99=A4=E5=B7=B2=E5=A4=84=E7=90=86=E5=9F=9F=E5=90=8D=E5=88=97?=
 =?UTF-8?q?=E8=A1=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 移除 processed_domains 状态管理，改为直接检查 APISIX 实际 SSL 配置
- 简化代码逻辑，提高可靠性
- 修复 SSL 配置查找时的类型错误（key 字段是字符串而非字典）
- 添加路由状态检查，跳过禁用的路由（status=0）

优势：
- 更简单：无需维护状态文件
- 更准确：直接检查实际配置，避免状态不一致
- 更可靠：即使证书被删除，也能自动检测并重新申请
---
 ssl_manager/route_watcher.py | 36 ++----------------------------------
 1 file changed, 2 insertions(+), 34 deletions(-)

diff --git a/ssl_manager/route_watcher.py b/ssl_manager/route_watcher.py
index 8675e94..7211a98 100755
--- a/ssl_manager/route_watcher.py
+++ b/ssl_manager/route_watcher.py
@@ -39,11 +39,7 @@ class RouteWatcher:
         self.apisix_admin_url = os.getenv('APISIX_ADMIN_URL', 'http://localhost:9180')
         self.apisix_admin_key = os.getenv('APISIX_ADMIN_KEY', '8206e6e42b6b53243c52a767cc633137')
         
-        # 已处理的域名集合
-        self.processed_domains: Set[str] = set()
-        
-        # 加载已处理的域名
-        self._load_processed_domains()
+        # 不再使用已处理列表，直接检查实际 SSL 配置
     
     def _get_apisix_headers(self):
         """获取 APISIX Admin API 请求头"""
@@ -52,27 +48,6 @@ class RouteWatcher:
             'Content-Type': 'application/json'
         }
     
-    def _load_processed_domains(self):
-        """加载已处理的域名列表"""
-        state_file = '/var/lib/apisix-ssl-manager/processed_domains.json'
-        if os.path.exists(state_file):
-            try:
-                with open(state_file, 'r') as f:
-                    self.processed_domains = set(json.load(f))
-                logger.info(f"加载已处理域名: {len(self.processed_domains)} 个")
-            except Exception as e:
-                logger.warning(f"加载已处理域名失败: {e}")
-    
-    def _save_processed_domains(self):
-        """保存已处理的域名列表"""
-        state_file = '/var/lib/apisix-ssl-manager/processed_domains.json'
-        os.makedirs(os.path.dirname(state_file), exist_ok=True)
-        try:
-            with open(state_file, 'w') as f:
-                json.dump(list(self.processed_domains), f)
-        except Exception as e:
-            logger.error(f"保存已处理域名失败: {e}")
-    
     def get_all_routes(self) -> list:
         """获取所有路由"""
         try:
@@ -158,10 +133,6 @@ class RouteWatcher:
     
     def should_request_cert(self, domain: str) -> bool:
         """判断是否需要申请证书"""
-        # 跳过已处理的域名
-        if domain in self.processed_domains:
-            return False
-        
         # 跳过本地域名
         if domain in ['localhost', '127.0.0.1', '0.0.0.0']:
             return False
@@ -170,13 +141,12 @@ class RouteWatcher:
         if domain.replace('.', '').isdigit():
             return False
         
-        # 检查是否已有 SSL 配置
+        # 检查是否已有 SSL 配置（直接检查实际配置，最准确）
         ssls = self.get_all_ssls()
         for ssl in ssls:
             ssl_domains = self.extract_domains_from_ssl(ssl)
             if domain in ssl_domains:
                 logger.info(f"域名已有 SSL 配置: {domain}")
-                self.processed_domains.add(domain)
                 return False
         
         return True
@@ -202,8 +172,6 @@ class RouteWatcher:
                 try:
                     if self.ssl_manager.request_certificate(domain):
                         logger.info(f"证书申请成功: {domain}")
-                        self.processed_domains.add(domain)
-                        self._save_processed_domains()
                     else:
                         logger.error(f"证书申请失败: {domain}")
                 except Exception as e: