From e3876cffaf41acbf3ac6760ce9204be3b759e8a8 Mon Sep 17 00:00:00 2001
From: Jacky <me@jackyu.cn>
Date: Tue, 30 Apr 2024 17:19:19 +0800
Subject: [PATCH] enhance: limit cert renewal interval between 7 to 21 days

---
 internal/cert/auto_cert.go |  2 +-
 settings/server.go         | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/internal/cert/auto_cert.go b/internal/cert/auto_cert.go
index e8777f62..c2d351ee 100644
--- a/internal/cert/auto_cert.go
+++ b/internal/cert/auto_cert.go
@@ -60,7 +60,7 @@ func renew(certModel *model.Cert) {
 		notification.Error("Renew Certificate Error", strings.Join(certModel.Domains, ", "))
 		return
 	}
-	if int(time.Now().Sub(cert.NotBefore).Hours()/24) < settings.ServerSettings.CertRenewalInterval {
+	if int(time.Now().Sub(cert.NotBefore).Hours()/24) < settings.ServerSettings.GetCertRenewalInterval() {
 		// not after settings.ServerSettings.CertRenewalInterval, ignore
 		return
 	}
diff --git a/settings/server.go b/settings/server.go
index 1ea47203..45fff817 100644
--- a/settings/server.go
+++ b/settings/server.go
@@ -33,6 +33,16 @@ func (s *Server) GetCADir() string {
 	return lego.LEDirectoryProduction
 }
 
+func (s *Server) GetCertRenewalInterval() int {
+	if s.CertRenewalInterval < 7 {
+		return 7
+	}
+	if s.CertRenewalInterval > 21 {
+		return 21
+	}
+	return s.CertRenewalInterval
+}
+
 var ServerSettings = Server{
 	HttpHost:            "0.0.0.0",
 	HttpPort:            "9000",