refactor(internal/service/api/waf): 重构 SSL 证书处理逻辑- 重构了 BuildProxyConfig 方法，使用辅助函数 buildSslPolicy 封装 SSL 策略构建逻辑

- 修改了 ProcessSSLCertificate 方法的参数，直接使用 cdnUid 替代 RequireResponse

internal/service/api/waf/aidedweb.go

@@ -48,13 +48,13 @@ type AidedWebService interface {
 	CleanupDatabaseRecords(ctx context.Context, id int) error
 	
 	// SSL证书管理
-	ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, formData v1.Website) error
+	ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, cdnUid int, formData v1.Website) error
 	ProcessSSLCertificateUpdate(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, require RequireResponse) error
 	CleanupSSLCertificate(ctx context.Context, oldData *model.WebForwarding) error
 	
 	// 数据准备辅助函数
 	PrepareWafData(ctx context.Context, req *v1.WebForwardingRequest) (RequireResponse, v1.Website, error)
-	BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) (v1.TypeJSON, error)
+	BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, gatewayIps []string) (v1.TypeJSON, error)
 	BulidFormData(ctx context.Context, formData v1.Website) (v1.WebsiteSend, error)
 	
 	// 协议判断辅助函数
@@ -211,7 +211,7 @@ func (s *aidedWebService) PrepareWafData(ctx context.Context, req *v1.WebForward
 	}
 
 	// 2. 调用辅助函数，构建核心的代理配置 (将复杂逻辑封装起来)
-	byteData, err := s.BuildProxyConfig(ctx, req, require)
+	byteData, err := s.BuildProxyConfig(ctx, req, require.GatewayIps)
 	if err != nil {
 		return RequireResponse{}, v1.Website{}, err // 错误信息在辅助函数中已经包装好了
 	}
@@ -258,45 +258,67 @@ func (s *aidedWebService) PrepareWafData(ctx context.Context, req *v1.WebForward
 	return require, formData, nil
 }
 
+
+func (s *aidedWebService) buildSslPolicy(ctx context.Context, data *v1.WebForwardingDataRequest) (v1.SslPolicyRef, error) {
+	// 如果不是 HTTPS，直接返回关闭状态的 SSL 策略
+	if data.IsHttps != isHttps {
+		return v1.SslPolicyRef{
+			IsOn:        false,
+			SslPolicyId: data.SslPolicyId,
+		}, nil
+	}
+
+	// --- 以下是 HTTPS 的逻辑 ---
+	sslPolicyID := data.SslPolicyId
+	// 如果请求中没有提供 SSL 策略 ID，则为其创建一个新的
+	if sslPolicyID == 0 {
+		var err error
+		sslPolicyID, err = s.sslCert.AddSslPolicy(ctx, nil)
+		if err != nil {
+			// 如果创建失败，返回零值和错误
+			return v1.SslPolicyRef{}, err
+		}
+	}
+
+	// 返回开启状态的 HTTPS 策略
+	return v1.SslPolicyRef{
+		IsOn:        true,
+		SslPolicyId: sslPolicyID,
+	}, nil
+}
+
 // BuildProxyConfig 构建代理配置
 // 职责：专门负责处理 HTTP/HTTPS 的差异，并生成对应的 JSON 配置。
-func (s *aidedWebService) BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse) (v1.TypeJSON, error) {
-	var (
-		jsonData v1.TypeJSON
-		apiType  string
-	)
-
-	jsonData.IsOn = true
-	apiType = protocolHttps
-	jsonData.SslPolicyRef.SslPolicyId = req.WebForwardingData.SslPolicyId
-	// 判断协议类型，并处理 HTTPS 的特殊逻辑（证书）
+func (s *aidedWebService) BuildProxyConfig(ctx context.Context, req *v1.WebForwardingRequest, gatewayIps []string) (v1.TypeJSON, error) {
+	// 第一步：构建 SSL 策略。所有复杂的 if/else 都被封装在辅助函数中
+	sslPolicy, err := s.buildSslPolicy(ctx, &req.WebForwardingData)
+	if err != nil {
+		return v1.TypeJSON{}, err
+	}
+
+	// 第二步：根据协议类型确定 apiType
+	apiType := protocolHttp
 	if req.WebForwardingData.IsHttps == isHttps {
-		// 处理证书信息
-		if jsonData.SslPolicyRef.SslPolicyId == 0 {
-			sslPolicyId, err := s.sslCert.AddSslPolicy(ctx, nil)
-			if err != nil {
-				return v1.TypeJSON{}, err
-			}
-			jsonData.SslPolicyRef.SslPolicyId = sslPolicyId
-		}
-		jsonData.SslPolicyRef.IsOn = true
-	} else {
-		apiType = protocolHttp
-		jsonData.SslPolicyRef = v1.SslPolicyRef{
-			IsOn:        false,
-			SslPolicyId: req.WebForwardingData.SslCertId,
-		}
+		apiType = protocolHttps
 	}
 
-	// 填充通用的 Listen 配置
-	for _, v := range require.GatewayIps {
-		jsonData.Listen = append(jsonData.Listen, v1.Listen{
+	// 第三步：构建通用的 Listen 配置
+	listenConfigs := make([]v1.Listen, 0, len(gatewayIps))
+	for _, ip := range gatewayIps {
+		listenConfigs = append(listenConfigs, v1.Listen{
 			Protocol: apiType,
-			Host:     v,
+			Host:     ip,
 			Port:     req.WebForwardingData.Port,
 		})
 	}
 
+	// 第四步：组装并返回最终结果
+	jsonData := v1.TypeJSON{
+		IsOn:         true,
+		SslPolicyRef: sslPolicy,
+		Listen:       listenConfigs,
+	}
+
 	return jsonData, nil
 }
 
@@ -435,7 +457,7 @@ func (s *aidedWebService) ValidateWebForwardingRequest(ctx context.Context, req
 }
 
 // ProcessSSLCertificate 处理SSL证书
-func (s *aidedWebService) ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, require RequireResponse, formData v1.Website) error {
+func (s *aidedWebService) ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, cdnUid int, formData v1.Website) error {
 	if !s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
 		return nil // 非HTTPS协议不需要处理SSL证书
 	}
@@ -446,7 +468,7 @@ func (s *aidedWebService) ProcessSSLCertificate(ctx context.Context, req *v1.Web
 		Domain:      req.WebForwardingData.Domain,
 		CertData:    req.WebForwardingData.HttpsCert,
 		KeyData:     req.WebForwardingData.HttpsKey,
-		CdnUserId:   require.CdnUid,
+		CdnUserId:   cdnUid,
 		Description: req.WebForwardingData.Comment,
 	})
 	if err != nil {
@@ -1029,7 +1051,7 @@ func (s *aidedWebService) ProcessSSLCertificateUpdate(ctx context.Context, req *
 
 	// 如果证书ID为0
 	if oldData.SslCertId == 0 {
-		err := s.ProcessSSLCertificate(ctx, req, require, v1.Website{
+		err := s.ProcessSSLCertificate(ctx, req, require.CdnUid, v1.Website{
 			HttpsJSON: v1.TypeJSON{
 				SslPolicyRef: v1.SslPolicyRef{
 					SslPolicyId: req.WebForwardingData.SslPolicyId,

internal/service/api/waf/webforwarding.go

@@ -161,7 +161,7 @@ func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.Web
 	}
 
 	// 2. 处理SSL证书
-	if err := s.aidedWeb.ProcessSSLCertificate(ctx, req, require, formData); err != nil {
+	if err := s.aidedWeb.ProcessSSLCertificate(ctx, req, require.CdnUid, formData); err != nil {
 		return 0, err
 	}