fix(ssl): support IPv6 hosts in panel SSL self-signed certificate flow

[Sanjays2402]

What this PR does / why we need it?

Fixes #12646.

Enabling Panel SSL with the self-sign provider rejected IPv6 hosts with domain format invalid (the screenshot in the issue shows the exact error). Two coupled bugs caused this.

Bug 1 — frontend host extraction is broken for IPv6 URLs

frontend/src/views/setting/safe/ssl/index.vue extracted the host from the current URL with:

let href = window.location.href;
param.domain = href.split('//')[1].split(':')[0];

For an IPv6 URL like https://[::1]:1234:

• href.split('//')[1] = [::1]:1234
• .split(':')[0] = [

…because the second split splits on the first : inside the bracketed address, leaving just the opening bracket. [ then flows to the backend as the SSL domain, which fails the format check.

Bug 2 — backend rejects bracketed IPv6

agent/app/service/website_ca.go's ObtainSSL used net.ParseIP(domain) directly:

if ipAddress := net.ParseIP(domain); ipAddress == nil {
    if domain != "localhost" && !common.IsValidDomain(domain) {
        err = buserr.WithName("ErrDomainFormat", domain)
        return nil, err
    }
    ...
}

Even if the frontend correctly sent [::1], net.ParseIP rejects the bracketed form, so it falls through to IsValidDomain and fails the regex. Both call sites in ObtainSSL (the renew path and the create path) had this bug.

Summary of your change

1. Frontend (frontend/src/views/setting/safe/ssl/index.vue): replace the manual href parse with window.location.hostname, which natively returns the bracket-stripped host for IPv6 URLs (e.g. [::1] → ::1).

2. Backend (agent/utils/common/common.go): add a small exported helper ParseIPLoose that trims whitespace, strips matching outer [ / ], and delegates to net.ParseIP. Use it at both call sites in ObtainSSL instead of net.ParseIP.

3. Tests (agent/utils/common/parse_ip_test.go): 12 cases covering bare IPv4/IPv6, bracketed IPv6, whitespace, empty input, only-brackets, hostnames, garbage, and unbalanced brackets.

Behaviour for all non-IPv6-bracketed inputs is unchanged.

Verification

$ cd agent && go test ./utils/common/ -v -run TestParseIPLoose
=== RUN   TestParseIPLoose
=== RUN   TestParseIPLoose/bare_ipv4
=== RUN   TestParseIPLoose/bare_ipv6
=== RUN   TestParseIPLoose/bracketed_ipv6
=== RUN   TestParseIPLoose/bracketed_full_ipv6
=== RUN   TestParseIPLoose/trimmed_bare_ipv6
=== RUN   TestParseIPLoose/trimmed_bracketed_ipv6
=== RUN   TestParseIPLoose/empty
=== RUN   TestParseIPLoose/only_brackets
=== RUN   TestParseIPLoose/hostname
=== RUN   TestParseIPLoose/bracketed_garbage
=== RUN   TestParseIPLoose/unbalanced_bracket_left
=== RUN   TestParseIPLoose/unbalanced_bracket_right
--- PASS: TestParseIPLoose (0.00s)  (12/12)
PASS
ok  github.com/1Panel-dev/1Panel/agent/utils/common

Format: gofmt clean on all touched files. prettier --check and eslint clean on the touched Vue file. go vet clean on ./utils/common/.

Please indicate you've done the following:

• Made sure tests are passing and test coverage is added if needed.
• Made sure commit message follow the rule of Conventional Commits specification.
• Considered the docs impact and opened a new docs issue or PR with docs changes if needed. (No user-facing copy or behavioural change beyond accepting an input that previously errored. The user docs do not document the rejection.)

[f2c-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[f2c-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zhengkunwang223 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment