feat(proxy): add AutoTLS support for HTTPS plugins

pkg/config/v1/proxy_plugin.go

@@ -117,6 +117,18 @@ type HTTPProxyPluginOptions struct {
 
 func (o *HTTPProxyPluginOptions) Complete() {}
 
+type AutoTLSOptions struct {
+	Enable bool `json:"enable,omitempty"`
+	// Contact email for certificate expiration and important notices.
+	Email string `json:"email,omitempty"`
+	// Directory used to cache ACME account and certificates.
+	CacheDir string `json:"cacheDir,omitempty"`
+	// ACME directory URL, e.g. Let's Encrypt staging/prod endpoint.
+	CADirURL string `json:"caDirURL,omitempty"`
+	// Restrict certificate issuance to the listed domains.
+	HostAllowList []string `json:"hostAllowList,omitempty"`
+}
+
 type HTTPS2HTTPPluginOptions struct {
 	Type              string           `json:"type,omitempty"`
 	LocalAddr         string           `json:"localAddr,omitempty"`
@@ -125,6 +137,7 @@ type HTTPS2HTTPPluginOptions struct {
 	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
+	AutoTLS           *AutoTLSOptions  `json:"autoTLS,omitempty"`
 }
 
 func (o *HTTPS2HTTPPluginOptions) Complete() {
@@ -139,6 +152,7 @@ type HTTPS2HTTPSPluginOptions struct {
 	EnableHTTP2       *bool            `json:"enableHTTP2,omitempty"`
 	CrtPath           string           `json:"crtPath,omitempty"`
 	KeyPath           string           `json:"keyPath,omitempty"`
+	AutoTLS           *AutoTLSOptions  `json:"autoTLS,omitempty"`
 }
 
 func (o *HTTPS2HTTPSPluginOptions) Complete() {
@@ -180,10 +194,11 @@ type UnixDomainSocketPluginOptions struct {
 func (o *UnixDomainSocketPluginOptions) Complete() {}
 
 type TLS2RawPluginOptions struct {
-	Type      string `json:"type,omitempty"`
-	LocalAddr string `json:"localAddr,omitempty"`
-	CrtPath   string `json:"crtPath,omitempty"`
-	KeyPath   string `json:"keyPath,omitempty"`
+	Type      string          `json:"type,omitempty"`
+	LocalAddr string          `json:"localAddr,omitempty"`
+	CrtPath   string          `json:"crtPath,omitempty"`
+	KeyPath   string          `json:"keyPath,omitempty"`
+	AutoTLS   *AutoTLSOptions `json:"autoTLS,omitempty"`
 }
 
 func (o *TLS2RawPluginOptions) Complete() {}

pkg/config/v1/validation/plugin.go

@@ -16,6 +16,8 @@ package validation
 
 import (
 	"errors"
+	"fmt"
+	"strings"
 
 	v1 "github.com/fatedier/frp/pkg/config/v1"
 )
@@ -49,6 +51,9 @@ func validateHTTPS2HTTPPluginOptions(c *v1.HTTPS2HTTPPluginOptions) error {
 	if c.LocalAddr == "" {
 		return errors.New("localAddr is required")
 	}
+	if err := validateAutoTLSOptions(c.AutoTLS, c.CrtPath, c.KeyPath); err != nil {
+		return fmt.Errorf("invalid autoTLS options: %w", err)
+	}
 	return nil
 }
 
@@ -56,6 +61,9 @@ func validateHTTPS2HTTPSPluginOptions(c *v1.HTTPS2HTTPSPluginOptions) error {
 	if c.LocalAddr == "" {
 		return errors.New("localAddr is required")
 	}
+	if err := validateAutoTLSOptions(c.AutoTLS, c.CrtPath, c.KeyPath); err != nil {
+		return fmt.Errorf("invalid autoTLS options: %w", err)
+	}
 	return nil
 }
 
@@ -77,5 +85,29 @@ func validateTLS2RawPluginOptions(c *v1.TLS2RawPluginOptions) error {
 	if c.LocalAddr == "" {
 		return errors.New("localAddr is required")
 	}
+	if err := validateAutoTLSOptions(c.AutoTLS, c.CrtPath, c.KeyPath); err != nil {
+		return fmt.Errorf("invalid autoTLS options: %w", err)
+	}
+	return nil
+}
+
+func validateAutoTLSOptions(c *v1.AutoTLSOptions, crtPath, keyPath string) error {
+	if c == nil || !c.Enable {
+		return nil
+	}
+
+	if crtPath != "" || keyPath != "" {
+		return errors.New("crtPath and keyPath must be empty when autoTLS.enable is true")
+	}
+	if strings.TrimSpace(c.CacheDir) == "" {
+		return errors.New("autoTLS.cacheDir is required when autoTLS.enable is true")
+	}
+	if len(c.HostAllowList) > 0 {
+		for _, host := range c.HostAllowList {
+			if strings.TrimSpace(host) == "" {
+				return errors.New("autoTLS.hostAllowList cannot contain empty domain")
+			}
+		}
+	}
 	return nil
 }