Merge branch 'v2-dev' into v2_audit_log

This commit is contained in:
xiaojunnuo
2026-07-12 17:28:21 +08:00
58 changed files with 271 additions and 143 deletions
@@ -10,6 +10,7 @@ import { ApiTags } from "@midwayjs/swagger";
import { CodeService } from "../../../modules/basic/service/code-service.js";
import { EmailService } from "../../../modules/basic/service/email-service.js";
import { AuditType } from "../../../modules/sys/enterprise/service/audit-constants.js";
import { TaskServiceBuilder } from "../../../modules/pipeline/service/getter/task-service-getter.js";
/**
*/
@@ -44,6 +45,8 @@ export class MineController extends BaseController {
getAuditType(): string {
return AuditType.mine;
}
@Inject()
taskServiceBuilder: TaskServiceBuilder;
@Post("/info", { description: Constants.per.authOnly, summary: "查询用户信息" })
public async info() {
@@ -186,11 +189,13 @@ export class MineController extends BaseController {
const getAccessById = this.accessService.getById.bind(this.accessService);
const accessGetter = new AccessGetter(userId, undefined, getAccessById);
const serviceGetter = this.taskServiceBuilder.create({ userId });
const accessContext = {
http,
logger,
utils,
accessService: accessGetter,
serviceGetter,
define: undefined,
} as any;
const access = await newAccess("acmeAccount", { caType: "letsencrypt", email: userEmail }, accessGetter, accessContext);
@@ -8,7 +8,6 @@ import { TaskServiceBuilder } from "../../../modules/pipeline/service/getter/tas
import { cloneDeep } from "lodash-es";
import { ApiTags } from "@midwayjs/swagger";
import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
import { RuntimeDepsService } from "../../../modules/runtime-deps/runtime-deps-service.js";
@Provide()
@Controller("/api/pi/handle")
@@ -29,9 +28,6 @@ export class HandleController extends BaseController {
@Inject()
notificationService: NotificationService;
@Inject()
runtimeDepsService: RuntimeDepsService;
@Post("/access", { description: Constants.per.authOnly, summary: "处理授权请求" })
async accessRequest(@Body(ALL) body: AccessRequestHandleReq) {
let { projectId, userId } = await this.getProjectUserIdRead();
@@ -64,12 +60,14 @@ export class HandleController extends BaseController {
}
}
const getAccessById = this.accessService.getById.bind(this.accessService);
const accessGetter = new AccessGetter(userId, projectId, getAccessById, this.runtimeDepsService);
const accessGetter = new AccessGetter(userId, projectId, getAccessById);
const serviceGetter = this.taskServiceBuilder.create({ userId, projectId });
const accessContext = {
http,
logger,
utils,
accessService: accessGetter,
serviceGetter,
define: undefined,
} as any;
const access = await newAccess(body.typeName, inputAccess, accessGetter, accessContext);
@@ -2,6 +2,7 @@ import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
import { logger } from "@certd/basic";
import { PluginService } from "../plugin/service/plugin-service.js";
import { registerPaymentProviders } from "../suite/payments/index.js";
import { RuntimeDepsService } from "../runtime-deps/runtime-deps-service.js";
@Provide()
@Scope(ScopeEnum.Request, { allowDowngrade: true })
@@ -9,6 +10,9 @@ export class AutoLoadPlugins {
@Inject()
pluginService: PluginService;
@Inject()
runtimeDepsService: RuntimeDepsService;
async init() {
logger.info(`加载插件开始,加载模式:${process.env.certd_plugin_loadmode}`);
if (process.env.certd_plugin_loadmode === "metadata") {
@@ -30,5 +34,8 @@ export class AutoLoadPlugins {
await registerPaymentProviders();
logger.info(`加载插件完成,加载模式:${process.env.certd_plugin_loadmode}`);
// 收集插件 dependPackages 并安装
await this.runtimeDepsService.refreshPluginDeps();
}
}
@@ -2,6 +2,7 @@ import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
import { UserSettingsService } from "./user-settings-service.js";
import { UserTwoFactorSetting } from "./models.js";
import { UserService } from "../../sys/authority/service/user-service.js";
import { RuntimeDepsService } from "../../runtime-deps/runtime-deps-service.js";
/**
* 授权
@@ -13,13 +14,15 @@ export class TwoFactorService {
userSettingsService: UserSettingsService;
@Inject()
userService: UserService;
@Inject()
runtimeDepsService: RuntimeDepsService;
async getAuthenticatorQrCode(userId: any) {
const setting = await this.getSetting(userId);
const authenticatorSetting = setting.authenticator;
if (!authenticatorSetting.secret) {
const { authenticator } = await import("otplib");
const { authenticator } = await this.runtimeDepsService.importRuntime("otplib");
authenticatorSetting.secret = authenticator.generateSecret();
await this.userSettingsService.saveSetting(userId, null, setting);
@@ -38,7 +41,7 @@ export class TwoFactorService {
async saveAuthenticator(req: { userId: any; verifyCode: any }) {
const userId = req.userId;
const { authenticator } = await import("otplib");
const { authenticator } = await this.runtimeDepsService.importRuntime("otplib");
const setting = await this.getSetting(userId);
const authenticatorSetting = setting.authenticator;
@@ -77,7 +80,7 @@ export class TwoFactorService {
}
async verifyAuthenticatorCode(userId: any, verifyCode: string) {
const { authenticator } = await import("otplib");
const { authenticator } = await this.runtimeDepsService.importRuntime("otplib");
const setting = await this.getSetting(userId);
if (!setting.authenticator.enabled) {
throw new Error("authenticator 未开启");
@@ -66,9 +66,8 @@ export class TaskServiceGetter implements IServiceGetter {
async getAccessService(): Promise<AccessGetter> {
const accessService: AccessService = await this.appCtx.getAsync("accessService");
const runtimeDepsService = await this.getRuntimeDepsService();
const getAccessById = accessService.getById.bind(accessService);
return new AccessGetter(this.userId, this.projectId, getAccessById, runtimeDepsService);
return new AccessGetter(this.userId, this.projectId, getAccessById);
}
async getCnameProxyService(): Promise<CnameProxyService> {
@@ -974,6 +974,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
await this.checkUserId(id, projectId, "projectId");
}
await this.delete(id);
ids.push(id);
}
return ids.length;
}
@@ -270,6 +270,7 @@ export class PluginService extends BaseService<PluginEntity> {
return;
}
await this.registerPlugin(item);
await this.runtimeDepsService.refreshPluginDeps();
}
async unRegisterById(id: any) {
@@ -297,6 +298,7 @@ export class PluginService extends BaseService<PluginEntity> {
} else {
logger.warn(`不支持的插件类型:${item.pluginType}`);
}
await this.runtimeDepsService.refreshPluginDeps();
}
async update(param: any) {
@@ -150,6 +150,11 @@ export class RuntimeDepsService {
@Config("runtimeDeps.lazyDependencies")
lazyDependencies: Record<string, string> = {};
/**
* 从插件 registry 收集到的懒加载依赖,键为包名,值为版本范围
*/
pluginLazyDependencies: Record<string, string> = {};
@Inject()
registryResolver!: NpmRegistryResolver;
@@ -339,7 +344,8 @@ export class RuntimeDepsService {
private async resolveMissingRuntimeSpecifier(specifier: string, runtimeError: any, logger?: ILogger) {
const packageName = this.parsePackageName(specifier);
const lazyRange = this.lazyDependencies?.[packageName];
const mergedDeps = this.getMergedLazyDependencies();
const lazyRange = mergedDeps[packageName];
if (!lazyRange) {
try {
return this.resolveProjectSpecifier(specifier, runtimeError).resolved;
@@ -565,6 +571,56 @@ export class RuntimeDepsService {
});
}
/**
* 合并 package.json 的 lazyDependencies 和插件注册表收集到的 dependPackages
* 插件依赖优先(同名时使用插件声明的版本)
*/
getMergedLazyDependencies(): Record<string, string> {
return { ...this.lazyDependencies, ...this.pluginLazyDependencies };
}
/**
* 从所有插件注册表中收集 dependPackages,合并到 pluginLazyDependencies
*/
collectPluginDeps() {
const registries: Array<{ registry: Registry<any>; keyFormatter?: (name: string) => string }> = [
{ registry: pluginRegistry },
{ registry: accessRegistry },
{ registry: notificationRegistry },
{ registry: dnsProviderRegistry },
{ registry: addonRegistry },
];
const deps: Record<string, string> = {};
for (const { registry } of registries) {
const defineList = registry.getDefineList();
for (const define of defineList) {
const dependPackages = (define as any).dependPackages as Record<string, string> | undefined;
if (!dependPackages) {
continue;
}
for (const [pkgName, range] of Object.entries(dependPackages)) {
const existing = deps[pkgName];
if (existing && !areRangesCompatible(existing, range)) {
logger.warn(`懒加载依赖版本冲突: ${pkgName} => ${existing} vs ${range},保留已有版本`);
continue;
}
deps[pkgName] = range;
}
}
}
this.pluginLazyDependencies = deps;
logger.info(`从插件注册表收集到 ${Object.keys(deps).length} 个懒加载依赖`);
}
/**
* 刷新插件懒加载依赖:收集所有插件的 dependPackages 到内存列表,实际安装延迟到 importRuntime 时触发
*/
async refreshPluginDeps() {
this.collectPluginDeps();
}
private readInstallState(statePath: string): any {
if (!fs.existsSync(statePath)) {
return null;
@@ -105,7 +105,7 @@ export class PaymentAlipay implements IPaymentProvider {
}
private async createAlipaySdk() {
const AlipaySdk = await import("alipay-sdk");
const AlipaySdk = await this.access.importRuntime("alipay-sdk");
const alipaySdk = new AlipaySdk.AlipaySdk({
appId: this.access.appId,
@@ -1,7 +1,6 @@
import { IPaymentProvider, TradeEntity, UpdateTrade, UpdateTradeInfo } from "@certd/commercial-core";
import WxPay from "wechatpay-node-v3";
import dayjs from "dayjs";
import { logger } from "@certd/basic"; // 支持使用require
import { logger } from "@certd/basic";
import { WxpayAccess } from "../../../plugins/plugin-plus/wxpay/access.js";
export class PaymentWxpay implements IPaymentProvider {
access: WxpayAccess;
@@ -26,7 +25,7 @@ export class PaymentWxpay implements IPaymentProvider {
* }
*/
const pay = this.createSdk();
const pay = await this.createSdk();
const result: any = await pay.query({ out_trade_no: tradeNo });
logger.info(`微信支付查询订单返回:${JSON.stringify(result)}`);
@@ -58,7 +57,7 @@ export class PaymentWxpay implements IPaymentProvider {
async createOrder(trade: TradeEntity, opts: { bindUrl: string; clientIp: string }) {
const notify_url = `${opts.bindUrl}/api/payment/notify/wxpay`;
const pay = this.createSdk();
const pay = await this.createSdk();
const params = {
description: trade.title,
@@ -83,7 +82,9 @@ export class PaymentWxpay implements IPaymentProvider {
};
}
private createSdk() {
private async createSdk() {
const WxPayLib = await this.access.importRuntime("wechatpay-node-v3");
const WxPay = WxPayLib.default;
const pay = new WxPay({
appid: this.access.appId,
mchid: this.access.mchid,
@@ -94,7 +95,7 @@ export class PaymentWxpay implements IPaymentProvider {
}
async onNotify(notifyData: any, updateTrade: UpdateTrade) {
const pay = this.createSdk();
const pay = await this.createSdk();
const { ciphertext, associated_data, nonce } = notifyData.resource;
logger.info(`微信支付notify${JSON.stringify(notifyData)}`);
const key = this.access.key;
@@ -1,6 +1,5 @@
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
import FormData from "form-data";
import { authenticator } from "otplib";
export interface ProxyHost {
id: number;
@@ -274,6 +273,7 @@ export class NginxProxyManagerAccess extends BaseAccess {
let code: string;
try {
const { authenticator } = await this.importRuntime("otplib");
code = authenticator.generate(this.totpSecret);
} catch (error) {
throw this.describeError(error, "Generating TOTP code");
@@ -57,12 +57,12 @@ input:
action: TestRequest
helper: 测试登录并拉取代理主机列表。
content: |
const { BaseAccess } = await import("@certd/pipeline");
const httpsModule = await import("node:https");
const { URL } = await import("node:url");
const axiosModule = await import("axios");
const formDataModule = await import("form-data");
const { authenticator } = await import("otplib");
const runtimeImport = import;
const { BaseAccess } = await runtimeImport("@certd/pipeline");
const httpsModule = await runtimeImport("node:https");
const { URL } = await runtimeImport("node:url");
const axiosModule = await runtimeImport("axios");
const formDataModule = await runtimeImport("form-data");
const https = httpsModule.default ?? httpsModule;
const axios = axiosModule.default ?? axiosModule;
@@ -114,6 +114,7 @@ content: |
class NginxProxyManagerClient {
constructor(options) {
this.options = options;
this.importFn = options.importFn;
this.endpoint = normalizeEndpoint(options.endpoint);
this.apiBaseUrl = `${this.endpoint}/api`;
this.token = undefined;
@@ -267,6 +268,7 @@ content: |
let code;
try {
const { authenticator } = await this.importFn("otplib");
code = authenticator.generate(this.options.totpSecret);
} catch (error) {
throw describeError(error, "Generating TOTP code");
@@ -327,6 +329,7 @@ content: |
password: this.password,
totpSecret: this.totpSecret || undefined,
ignoreTls: this.ignoreTls === true,
importFn: this.importRuntime.bind(this),
});
}
@@ -49,7 +49,7 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
issuerUrl = "";
async getClient() {
const client = await import("openid-client");
const client = await this.importRuntime("openid-client");
const server = new URL(this.issuerUrl); // Authorization Server's Issuer Identifier
const config = await client.discovery(server, this.clientId, this.clientSecretKey);
@@ -14,7 +14,8 @@ export class VolcengineCdnClient {
if (this.service) {
return this.service;
}
const { cdn } = await this.opts.access.importRuntime("@volcengine/openapi");
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
const { cdn } = await importRuntime("@volcengine/openapi");
const service = new cdn.CdnService();
// 设置ak、sk
service.setAccessKeyId(this.opts.access.accessKeyId);
@@ -21,7 +21,8 @@ export class VolcengineDnsClient {
}
async doRequest(req: VolcengineReq) {
const { Signer } = await this.opts.access.importRuntime("@volcengine/openapi");
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
const { Signer } = await importRuntime("@volcengine/openapi");
// http request data
const openApiRequestData: any = {
@@ -1,10 +1,12 @@
import { VolcengineAccess } from "./access.js";
import { HttpClient, ILogger } from "@certd/basic";
import { ImportRuntime } from "@certd/pipeline";
export type VolcengineOpts = {
access: VolcengineAccess;
logger: ILogger;
http: HttpClient;
importRuntime?: ImportRuntime;
};
export class VolcengineClient {
@@ -140,7 +142,8 @@ export class VolcengineClient {
}
async getTOSService(opts: { region?: string }) {
const { TosClient } = await this.opts.access.importRuntime("@volcengine/tos-sdk");
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
const { TosClient } = await importRuntime("@volcengine/tos-sdk");
const client = new TosClient({
accessKeyId: this.opts.access.accessKeyId,
@@ -169,7 +172,8 @@ export class VolcengineClient {
if (this.CommonService) {
return this.CommonService;
}
const { Service } = await this.opts.access.importRuntime("@volcengine/openapi");
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
const { Service } = await importRuntime("@volcengine/openapi");
class CommonService extends Service {
Generic: any;
@@ -22,6 +22,7 @@ export class VolcengineDnsProvider extends AbstractDnsProvider {
access: this.access,
logger: this.logger,
http: this.http,
importRuntime: this.importRuntime.bind(this),
});
}