vk-ssl-auto-deploy 0.7.3 → 0.8.1

package/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -1,4 +1,24 @@
-## 安装部署
+# vk-ssl-auto-deploy
+
+SSL证书自动部署工具 - 提供HTTP API接口，支持证书文件自动上传和部署
+
+## 一键安装（推荐）
+
+Linux 服务器执行以下命令，自动完成安装、部署和开机自启配置：
+
+```bash
+curl -fsSL https://gitee.com/vk1688/vk-ssl-auto-deploy/raw/master/install.sh | sudo bash
+```
+
+安装完成后，访问 `http://服务器IP:6001/admin`，默认密码：`admin@123456`
+
+> 支持 CentOS/RHEL 和 Debian/Ubuntu 系统，自动安装 Node.js 和 PM2
+
+---
+
+## 手动安装部署
+
+如果一键安装失败，可以按照以下步骤手动安装：
 
 ### 1. 安装node环境（如果node环境已安装，则跳过这一步骤）
 
@@ -42,8 +62,8 @@ npm root -g
 
 则拼接上 `vk-ssl-auto-deploy`，即执行命令 `cd /usr/lib/node_modules/vk-ssl-auto-deploy` 进入工具目录
 
-### 5. 编辑配置文件，修改证书保存目录
-
+### 5. 编辑配置文件，修改证书保存目录
+
 **此步骤可忽略，可以先启动服务，进入可视化管理面板设置**
 
 ```bash
@@ -159,10 +179,11 @@ pm2-startup uninstall
 
 # 方法二：在任务计划程序中删除对应的任务
 ```
-
-### 7. 进入可视化操作面板
-
-在浏览器上输入 `http://服务器外网IP:6001/admin` 进入可视化操作面板，口令默认为 `admin@123456`
+
+### 7. 进入可视化操作面板
+
+在浏览器上输入 `http://服务器外网IP:6001/admin` 进入可视化操作面板，口令默认为 `admin@123456`
+
 
 ## 查找nginx安装目录
 
@@ -194,6 +215,16 @@ sudo passwd root
 
 ## 服务器常用命令
 
+### 终止程序
+
+```bash
+// 先查找进程id
+ss -tulpn | grep 6001
+
+// 根据进程id关闭
+kill 12345
+```
+
 ### 进入证书目录
 
 ```bash
@@ -313,6 +344,12 @@ npm run delete
 npm run list
 ```
 
+## 卸载
+
+```bash
+pm2 delete vk-ssl-auto-deploy; pm2 unstartup systemd; pm2 save --force; npm uninstall -g vk-ssl-auto-deploy
+```
+
 ## License
 
 MIT

package/app.js

@@ -10,6 +10,7 @@ const testRouter = require('./routes/test');
 const certRouter = require('./routes/cert');
 const adminRouter = require('./routes/admin');
 const { setupWebSocket, broadcastLog } = require('./utils/websocket');
+const config = require('./config.json');
 
 const app = express();
 
@@ -56,8 +57,8 @@ setupWebSocket(server);
 server.listen(port, host, () => {
 	console.log('listenPort:', port);
 	console.log('管理后台地址: http://' + (host === '0.0.0.0' ? 'localhost' : host) + ':' + port + '/admin');
+	console.log(`管理后台口令: ${config.password}`);
 });
 
-// 导出应用和广播函数
-module.exports = app;
-module.exports.broadcastLog = broadcastLog;
+// 导出应用
+module.exports = app;

package/config.json

@@ -1,8 +1,9 @@
-{
-	"key": "",
-	"certSaveDir": "/vk-cert",
-	"nginxDir": "/www/server/nginx/sbin/nginx",
-	"domains": [],
-	"callbackCommand": [],
-	"password": "admin@123456"
+{
+	"key": "",
+	"certSaveDir": "/vk-cert",
+	"nginxDir": "/www/server/nginx/sbin/nginx",
+	"domains": [],
+	"callbackCommand": [],
+	"password": "admin@123456",
+	"callbackIpWhitelist": []
 }

package/package.json

@@ -1,9 +1,10 @@
 {
 	"name": "vk-ssl-auto-deploy",
-	"version": "0.7.3",
+	"version": "0.8.1",
 	"description": "SSL证书自动部署工具 - 提供HTTP API接口，支持证书文件自动上传和部署",
 	"main": "app.js",
 	"scripts": {
+		"init": "npm install --registry https://registry.npmmirror.com",
 		"dev": "node ./app.js",
 		"start": "pm2 start ./ecosystem.config.js --name vk-ssl-auto-deploy",
 		"stop": "pm2 stop vk-ssl-auto-deploy",
@@ -37,7 +38,7 @@
 		"views/",
 		"public/",
 		"app.js",
-		"config.json",
+		"config.json",
 		"ecosystem.config.js",
 		"README.md"
 	],

package/public/stylesheets/style.css

@@ -1,8 +1,8 @@
-body {
-  padding: 50px;
-  font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
-}
-
-a {
-  color: #00B7FF;
-}
+body {
+  padding: 50px;
+  font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
+}
+
+a {
+  color: #00B7FF;
+}

package/routes/admin.js

@@ -166,13 +166,16 @@ router.post('/api/config', verifyPassword, (req, res) => {
 			});
 		}
 		
-		// 确保 domains 和 callbackCommand 是数组
+		// 确保 domains、callbackCommand 和 callbackIpWhitelist 是数组
 		if (!Array.isArray(newConfig.domains)) {
 			newConfig.domains = [];
 		}
 		if (!Array.isArray(newConfig.callbackCommand)) {
 			newConfig.callbackCommand = [];
 		}
+		if (!Array.isArray(newConfig.callbackIpWhitelist)) {
+			newConfig.callbackIpWhitelist = [];
+		}
 		
 		// 保存配置文件
 		fs.writeFileSync(CONFIG_FILE, JSON.stringify(newConfig, null, '\t'), 'utf8');

package/routes/cert.js

@@ -12,14 +12,10 @@ const chalk = require('chalk');
 const execAsync = promisify(exec);
 
 // 获取广播函数
-let broadcastLog = null;
-try {
-	const app = require('../app');
-	broadcastLog = app.broadcastLog;
-} catch (error) {
-	// 如果获取失败，使用空函数
-	broadcastLog = () => {};
-}
+const { broadcastLog } = require('../utils/websocket');
+
+// IP白名单验证工具
+const { isIPInWhitelist, getClientIP } = require('../utils/ipValidator');
 
 // 配置文件路径
 const CONFIG_FILE = path.join(__dirname, '..', 'config.json');
@@ -301,6 +297,81 @@ function parseCertificate(certContent) {
 	}
 }
 
+/**
+ * 从证书中提取所有域名（包括 CN 和 SAN）
+ * @param {string} certContent - 证书内容（PEM格式）
+ * @returns {Array<string>} 域名列表
+ */
+function extractDomainsFromCert(certContent) {
+	const domains = new Set();
+
+	try {
+		// 优先使用 Node.js 内置的 crypto 模块
+		if (crypto.X509Certificate) {
+			const cert = new crypto.X509Certificate(certContent);
+
+			// 提取 CN (Common Name)
+			const cnMatch = cert.subject.match(/CN=([^,]+)/);
+			if (cnMatch && cnMatch[1]) {
+				domains.add(cnMatch[1].trim());
+			}
+
+			// 提取 SAN (Subject Alternative Names)
+			// subjectAltName 格式类似: "DNS:example.com, DNS:*.example.com, DNS:www.example.com"
+			if (cert.subjectAltName) {
+				const sanEntries = cert.subjectAltName.split(',');
+				for (const entry of sanEntries) {
+					const trimmed = entry.trim();
+					// 只处理 DNS 类型的 SAN
+					if (trimmed.startsWith('DNS:')) {
+						const domain = trimmed.substring(4).trim();
+						if (domain) {
+							domains.add(domain);
+						}
+					}
+				}
+			}
+
+			if (domains.size > 0) {
+				return Array.from(domains);
+			}
+		}
+
+		// 降级方案：使用 node-forge
+		try {
+			const cert = forge.pki.certificateFromPem(certContent);
+
+			// 提取 CN
+			const cn = cert.subject.attributes.find(attr => attr.name === 'commonName');
+			if (cn && cn.value) {
+				domains.add(cn.value);
+			}
+
+			// 提取 SAN
+			const sanExtension = cert.extensions?.find(ext => ext.name === 'subjectAltName');
+			if (sanExtension && sanExtension.altNames) {
+				for (const altName of sanExtension.altNames) {
+					// type 2 = DNS
+					if (altName.type === 2 && altName.value) {
+						domains.add(altName.value);
+					}
+				}
+			}
+
+			if (domains.size > 0) {
+				return Array.from(domains);
+			}
+		} catch (forgeError) {
+			logger.warn('[域名提取] node-forge 解析失败:', forgeError.message);
+		}
+
+	} catch (error) {
+		logger.error('[域名提取错误]', error.message);
+	}
+
+	return Array.from(domains);
+}
+
 /**
  * 检查本地证书文件的有效期
  * @param {string} certFilePath - 证书文件路径（.crt或.pem）
@@ -870,6 +941,213 @@ router.get('/execute', verifyPassword, async (req, res) => {
 	});
 });
 
+/**
+ * POST /api/cert/callback
+ * 无忧SSL证书平台回调接口
+ * 接收平台推送的证书，自动保存并部署
+ */
+router.post('/callback', async (req, res) => {
+	const startTime = Date.now();
+	const config = getConfig();
+	const clientIP = getClientIP(req);
+
+	logger.divider();
+	logger.step(`\n[回调接收] ${new Date().toLocaleString()} - 收到证书推送请求`);
+	logger.info(`[回调信息] 请求来源IP: ${clientIP}`);
+
+	// IP白名单验证
+	const whitelist = config.callbackIpWhitelist;
+	if (whitelist && Array.isArray(whitelist) && whitelist.length > 0) {
+		if (!isIPInWhitelist(clientIP, whitelist)) {
+			logger.error(`[回调拒绝] IP ${clientIP} 不在白名单中`);
+			logger.divider();
+			return res.json({
+				code: -1,
+				msg: `IP地址 ${clientIP} 不在白名单中，访问被拒绝`
+			});
+		}
+		logger.success(`[回调验证] IP ${clientIP} 白名单验证通过`);
+	} else {
+		logger.dim('[回调信息] 未配置IP白名单，允许所有IP访问');
+	}
+
+	try {
+		const { cert, key, remark } = req.body;
+
+		// 参数验证
+		if (!cert || typeof cert !== 'string') {
+			logger.error('[回调错误] 缺少证书内容或格式错误');
+			return res.json({
+				code: -1,
+				msg: '缺少证书内容(cert)或格式错误'
+			});
+		}
+
+		if (!key || typeof key !== 'string') {
+			logger.error('[回调错误] 缺少私钥内容或格式错误');
+			return res.json({
+				code: -1,
+				msg: '缺少私钥内容(key)或格式错误'
+			});
+		}
+
+		// 验证证书格式
+		if (!cert.includes('-----BEGIN CERTIFICATE-----') || !cert.includes('-----END CERTIFICATE-----')) {
+			logger.error('[回调错误] 证书格式不正确，缺少PEM标记');
+			return res.json({
+				code: -1,
+				msg: '证书格式不正确，必须是PEM格式'
+			});
+		}
+
+		// 验证私钥格式
+		const keyPatterns = [
+			'-----BEGIN PRIVATE KEY-----',
+			'-----BEGIN RSA PRIVATE KEY-----',
+			'-----BEGIN EC PRIVATE KEY-----'
+		];
+		const hasValidKeyFormat = keyPatterns.some(pattern => key.includes(pattern));
+		if (!hasValidKeyFormat) {
+			logger.error('[回调错误] 私钥格式不正确，缺少PEM标记');
+			return res.json({
+				code: -1,
+				msg: '私钥格式不正确，必须是PEM格式'
+			});
+		}
+
+		// 解析证书信息
+		const certInfo = parseCertificate(cert);
+		if (!certInfo) {
+			logger.error('[回调错误] 无法解析证书内容');
+			return res.json({
+				code: -1,
+				msg: '证书内容解析失败，请检查证书是否有效'
+			});
+		}
+
+		// 检查证书有效期
+		const now = new Date();
+		if (certInfo.notAfter < now) {
+			logger.error('[回调错误] 证书已过期');
+			return res.json({
+				code: -1,
+				msg: `证书已过期，过期时间: ${certInfo.notAfter.toISOString()}`
+			});
+		}
+
+		if (certInfo.notBefore > now) {
+			logger.warn('[回调警告] 证书尚未生效，但仍将保存');
+		}
+
+		// 从证书中提取域名
+		const domains = extractDomainsFromCert(cert);
+		if (domains.length === 0) {
+			logger.error('[回调错误] 无法从证书中提取域名');
+			return res.json({
+				code: -1,
+				msg: '无法从证书中提取域名信息'
+			});
+		}
+
+		logger.info(`[回调信息] 证书域名: ${domains.join(', ')}`);
+		logger.info(`[回调信息] 证书颁发者: ${certInfo.issuer}`);
+		logger.info(`[回调信息] 有效期至: ${certInfo.notAfter.toLocaleString()}`);
+		if (remark) {
+			logger.info(`[回调信息] 备注: ${remark}`);
+		}
+
+		// 生成文件名（使用现有的命名规则）
+		const fileName = generateFileName(domains);
+		logger.info(`[回调信息] 生成文件名: ${fileName}`);
+
+		// 保存证书文件
+		try {
+			saveCertFiles(fileName, cert, key);
+			logger.success(`[回调成功] 证书已保存: ${fileName}.crt, ${fileName}.key, ${fileName}.pem`);
+		} catch (saveError) {
+			logger.error('[回调错误] 证书保存失败:', saveError.message);
+			return res.json({
+				code: -1,
+				msg: `证书保存失败: ${saveError.message}`
+			});
+		}
+
+		// 重载 Nginx
+		const nginxResult = await reloadNginx();
+		if (nginxResult.success) {
+			logger.success('[回调完成] Nginx 重载成功');
+		} else if (nginxResult.message === '未配置nginxDir') {
+			logger.dim('[回调完成] 跳过 Nginx 重载（未配置）');
+		} else {
+			logger.warn('[回调警告] Nginx 重载失败，但证书已保存:', nginxResult.message);
+		}
+
+		// 计算耗时
+		const duration = Date.now() - startTime;
+		logger.success(`[回调完成] 处理耗时: ${duration}ms`);
+		logger.divider();
+
+		// 通过 WebSocket 通知前端刷新
+		if (broadcastLog) {
+			setTimeout(() => {
+				broadcastLog('CERT_CALLBACK_RECEIVED', 'cert_update');
+			}, 500);
+		}
+
+		// 返回成功响应
+		return res.json({
+			code: 0,
+			msg: 'ok'
+		});
+
+	} catch (error) {
+		logger.error('[回调异常]', error);
+		logger.divider();
+		return res.json({
+			code: -1,
+			msg: `处理异常: ${error.message}`
+		});
+	}
+});
+
+/**
+ * GET /api/cert/callback/test
+ * 测试回调接口是否可用
+ */
+router.get('/callback/test', (req, res) => {
+	const config = getConfig();
+	const clientIP = getClientIP(req);
+	const whitelist = config.callbackIpWhitelist || [];
+	const isWhitelistEnabled = whitelist.length > 0;
+	const isIPAllowed = isIPInWhitelist(clientIP, whitelist);
+
+	res.json({
+		code: 0,
+		msg: '回调接口可用',
+		data: {
+			endpoint: '/api/cert/callback',
+			method: 'POST',
+			contentType: 'application/json',
+			requiredParams: ['cert', 'key'],
+			optionalParams: ['remark'],
+			security: {
+				yourIP: clientIP,
+				whitelistEnabled: isWhitelistEnabled,
+				whitelistCount: whitelist.length,
+				isYourIPAllowed: isIPAllowed,
+				whitelist: isWhitelistEnabled ? whitelist : '未配置（允许所有IP）'
+			},
+			exampleRequest: {
+				cert: '-----BEGIN CERTIFICATE-----\n...证书内容...\n-----END CERTIFICATE-----',
+				key: '-----BEGIN PRIVATE KEY-----\n...私钥内容...\n-----END PRIVATE KEY-----',
+				remark: '可选的备注信息'
+			},
+			successResponse: { code: 0, msg: 'ok' },
+			errorResponse: { code: -1, msg: '错误原因' }
+		}
+	});
+});
+
 // 启动时初始化定时任务
 initScheduledTask();