mirror of
https://github.com/certd/certd.git
synced 2026-07-17 11:37:32 +08:00
Merge branch 'v2-dev' into v2_audit_log
This commit is contained in:
@@ -10,6 +10,7 @@ import { ApiTags } from "@midwayjs/swagger";
|
||||
import { CodeService } from "../../../modules/basic/service/code-service.js";
|
||||
import { EmailService } from "../../../modules/basic/service/email-service.js";
|
||||
import { AuditType } from "../../../modules/sys/enterprise/service/audit-constants.js";
|
||||
import { TaskServiceBuilder } from "../../../modules/pipeline/service/getter/task-service-getter.js";
|
||||
|
||||
/**
|
||||
*/
|
||||
@@ -44,6 +45,8 @@ export class MineController extends BaseController {
|
||||
getAuditType(): string {
|
||||
return AuditType.mine;
|
||||
}
|
||||
@Inject()
|
||||
taskServiceBuilder: TaskServiceBuilder;
|
||||
|
||||
@Post("/info", { description: Constants.per.authOnly, summary: "查询用户信息" })
|
||||
public async info() {
|
||||
@@ -186,11 +189,13 @@ export class MineController extends BaseController {
|
||||
|
||||
const getAccessById = this.accessService.getById.bind(this.accessService);
|
||||
const accessGetter = new AccessGetter(userId, undefined, getAccessById);
|
||||
const serviceGetter = this.taskServiceBuilder.create({ userId });
|
||||
const accessContext = {
|
||||
http,
|
||||
logger,
|
||||
utils,
|
||||
accessService: accessGetter,
|
||||
serviceGetter,
|
||||
define: undefined,
|
||||
} as any;
|
||||
const access = await newAccess("acmeAccount", { caType: "letsencrypt", email: userEmail }, accessGetter, accessContext);
|
||||
|
||||
@@ -8,7 +8,6 @@ import { TaskServiceBuilder } from "../../../modules/pipeline/service/getter/tas
|
||||
import { cloneDeep } from "lodash-es";
|
||||
import { ApiTags } from "@midwayjs/swagger";
|
||||
import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
|
||||
import { RuntimeDepsService } from "../../../modules/runtime-deps/runtime-deps-service.js";
|
||||
|
||||
@Provide()
|
||||
@Controller("/api/pi/handle")
|
||||
@@ -29,9 +28,6 @@ export class HandleController extends BaseController {
|
||||
@Inject()
|
||||
notificationService: NotificationService;
|
||||
|
||||
@Inject()
|
||||
runtimeDepsService: RuntimeDepsService;
|
||||
|
||||
@Post("/access", { description: Constants.per.authOnly, summary: "处理授权请求" })
|
||||
async accessRequest(@Body(ALL) body: AccessRequestHandleReq) {
|
||||
let { projectId, userId } = await this.getProjectUserIdRead();
|
||||
@@ -64,12 +60,14 @@ export class HandleController extends BaseController {
|
||||
}
|
||||
}
|
||||
const getAccessById = this.accessService.getById.bind(this.accessService);
|
||||
const accessGetter = new AccessGetter(userId, projectId, getAccessById, this.runtimeDepsService);
|
||||
const accessGetter = new AccessGetter(userId, projectId, getAccessById);
|
||||
const serviceGetter = this.taskServiceBuilder.create({ userId, projectId });
|
||||
const accessContext = {
|
||||
http,
|
||||
logger,
|
||||
utils,
|
||||
accessService: accessGetter,
|
||||
serviceGetter,
|
||||
define: undefined,
|
||||
} as any;
|
||||
const access = await newAccess(body.typeName, inputAccess, accessGetter, accessContext);
|
||||
|
||||
@@ -2,6 +2,7 @@ import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
|
||||
import { logger } from "@certd/basic";
|
||||
import { PluginService } from "../plugin/service/plugin-service.js";
|
||||
import { registerPaymentProviders } from "../suite/payments/index.js";
|
||||
import { RuntimeDepsService } from "../runtime-deps/runtime-deps-service.js";
|
||||
|
||||
@Provide()
|
||||
@Scope(ScopeEnum.Request, { allowDowngrade: true })
|
||||
@@ -9,6 +10,9 @@ export class AutoLoadPlugins {
|
||||
@Inject()
|
||||
pluginService: PluginService;
|
||||
|
||||
@Inject()
|
||||
runtimeDepsService: RuntimeDepsService;
|
||||
|
||||
async init() {
|
||||
logger.info(`加载插件开始,加载模式:${process.env.certd_plugin_loadmode}`);
|
||||
if (process.env.certd_plugin_loadmode === "metadata") {
|
||||
@@ -30,5 +34,8 @@ export class AutoLoadPlugins {
|
||||
|
||||
await registerPaymentProviders();
|
||||
logger.info(`加载插件完成,加载模式:${process.env.certd_plugin_loadmode}`);
|
||||
|
||||
// 收集插件 dependPackages 并安装
|
||||
await this.runtimeDepsService.refreshPluginDeps();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
|
||||
import { UserSettingsService } from "./user-settings-service.js";
|
||||
import { UserTwoFactorSetting } from "./models.js";
|
||||
import { UserService } from "../../sys/authority/service/user-service.js";
|
||||
import { RuntimeDepsService } from "../../runtime-deps/runtime-deps-service.js";
|
||||
|
||||
/**
|
||||
* 授权
|
||||
@@ -13,13 +14,15 @@ export class TwoFactorService {
|
||||
userSettingsService: UserSettingsService;
|
||||
@Inject()
|
||||
userService: UserService;
|
||||
@Inject()
|
||||
runtimeDepsService: RuntimeDepsService;
|
||||
|
||||
async getAuthenticatorQrCode(userId: any) {
|
||||
const setting = await this.getSetting(userId);
|
||||
|
||||
const authenticatorSetting = setting.authenticator;
|
||||
if (!authenticatorSetting.secret) {
|
||||
const { authenticator } = await import("otplib");
|
||||
const { authenticator } = await this.runtimeDepsService.importRuntime("otplib");
|
||||
|
||||
authenticatorSetting.secret = authenticator.generateSecret();
|
||||
await this.userSettingsService.saveSetting(userId, null, setting);
|
||||
@@ -38,7 +41,7 @@ export class TwoFactorService {
|
||||
|
||||
async saveAuthenticator(req: { userId: any; verifyCode: any }) {
|
||||
const userId = req.userId;
|
||||
const { authenticator } = await import("otplib");
|
||||
const { authenticator } = await this.runtimeDepsService.importRuntime("otplib");
|
||||
const setting = await this.getSetting(userId);
|
||||
|
||||
const authenticatorSetting = setting.authenticator;
|
||||
@@ -77,7 +80,7 @@ export class TwoFactorService {
|
||||
}
|
||||
|
||||
async verifyAuthenticatorCode(userId: any, verifyCode: string) {
|
||||
const { authenticator } = await import("otplib");
|
||||
const { authenticator } = await this.runtimeDepsService.importRuntime("otplib");
|
||||
const setting = await this.getSetting(userId);
|
||||
if (!setting.authenticator.enabled) {
|
||||
throw new Error("authenticator 未开启");
|
||||
|
||||
@@ -66,9 +66,8 @@ export class TaskServiceGetter implements IServiceGetter {
|
||||
|
||||
async getAccessService(): Promise<AccessGetter> {
|
||||
const accessService: AccessService = await this.appCtx.getAsync("accessService");
|
||||
const runtimeDepsService = await this.getRuntimeDepsService();
|
||||
const getAccessById = accessService.getById.bind(accessService);
|
||||
return new AccessGetter(this.userId, this.projectId, getAccessById, runtimeDepsService);
|
||||
return new AccessGetter(this.userId, this.projectId, getAccessById);
|
||||
}
|
||||
|
||||
async getCnameProxyService(): Promise<CnameProxyService> {
|
||||
|
||||
@@ -974,6 +974,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
|
||||
await this.checkUserId(id, projectId, "projectId");
|
||||
}
|
||||
await this.delete(id);
|
||||
ids.push(id);
|
||||
}
|
||||
return ids.length;
|
||||
}
|
||||
|
||||
@@ -270,6 +270,7 @@ export class PluginService extends BaseService<PluginEntity> {
|
||||
return;
|
||||
}
|
||||
await this.registerPlugin(item);
|
||||
await this.runtimeDepsService.refreshPluginDeps();
|
||||
}
|
||||
|
||||
async unRegisterById(id: any) {
|
||||
@@ -297,6 +298,7 @@ export class PluginService extends BaseService<PluginEntity> {
|
||||
} else {
|
||||
logger.warn(`不支持的插件类型:${item.pluginType}`);
|
||||
}
|
||||
await this.runtimeDepsService.refreshPluginDeps();
|
||||
}
|
||||
|
||||
async update(param: any) {
|
||||
|
||||
@@ -150,6 +150,11 @@ export class RuntimeDepsService {
|
||||
@Config("runtimeDeps.lazyDependencies")
|
||||
lazyDependencies: Record<string, string> = {};
|
||||
|
||||
/**
|
||||
* 从插件 registry 收集到的懒加载依赖,键为包名,值为版本范围
|
||||
*/
|
||||
pluginLazyDependencies: Record<string, string> = {};
|
||||
|
||||
@Inject()
|
||||
registryResolver!: NpmRegistryResolver;
|
||||
|
||||
@@ -339,7 +344,8 @@ export class RuntimeDepsService {
|
||||
|
||||
private async resolveMissingRuntimeSpecifier(specifier: string, runtimeError: any, logger?: ILogger) {
|
||||
const packageName = this.parsePackageName(specifier);
|
||||
const lazyRange = this.lazyDependencies?.[packageName];
|
||||
const mergedDeps = this.getMergedLazyDependencies();
|
||||
const lazyRange = mergedDeps[packageName];
|
||||
if (!lazyRange) {
|
||||
try {
|
||||
return this.resolveProjectSpecifier(specifier, runtimeError).resolved;
|
||||
@@ -565,6 +571,56 @@ export class RuntimeDepsService {
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* 合并 package.json 的 lazyDependencies 和插件注册表收集到的 dependPackages
|
||||
* 插件依赖优先(同名时使用插件声明的版本)
|
||||
*/
|
||||
getMergedLazyDependencies(): Record<string, string> {
|
||||
return { ...this.lazyDependencies, ...this.pluginLazyDependencies };
|
||||
}
|
||||
|
||||
/**
|
||||
* 从所有插件注册表中收集 dependPackages,合并到 pluginLazyDependencies
|
||||
*/
|
||||
collectPluginDeps() {
|
||||
const registries: Array<{ registry: Registry<any>; keyFormatter?: (name: string) => string }> = [
|
||||
{ registry: pluginRegistry },
|
||||
{ registry: accessRegistry },
|
||||
{ registry: notificationRegistry },
|
||||
{ registry: dnsProviderRegistry },
|
||||
{ registry: addonRegistry },
|
||||
];
|
||||
|
||||
const deps: Record<string, string> = {};
|
||||
for (const { registry } of registries) {
|
||||
const defineList = registry.getDefineList();
|
||||
for (const define of defineList) {
|
||||
const dependPackages = (define as any).dependPackages as Record<string, string> | undefined;
|
||||
if (!dependPackages) {
|
||||
continue;
|
||||
}
|
||||
for (const [pkgName, range] of Object.entries(dependPackages)) {
|
||||
const existing = deps[pkgName];
|
||||
if (existing && !areRangesCompatible(existing, range)) {
|
||||
logger.warn(`懒加载依赖版本冲突: ${pkgName} => ${existing} vs ${range},保留已有版本`);
|
||||
continue;
|
||||
}
|
||||
deps[pkgName] = range;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
this.pluginLazyDependencies = deps;
|
||||
logger.info(`从插件注册表收集到 ${Object.keys(deps).length} 个懒加载依赖`);
|
||||
}
|
||||
|
||||
/**
|
||||
* 刷新插件懒加载依赖:收集所有插件的 dependPackages 到内存列表,实际安装延迟到 importRuntime 时触发
|
||||
*/
|
||||
async refreshPluginDeps() {
|
||||
this.collectPluginDeps();
|
||||
}
|
||||
|
||||
private readInstallState(statePath: string): any {
|
||||
if (!fs.existsSync(statePath)) {
|
||||
return null;
|
||||
|
||||
@@ -105,7 +105,7 @@ export class PaymentAlipay implements IPaymentProvider {
|
||||
}
|
||||
|
||||
private async createAlipaySdk() {
|
||||
const AlipaySdk = await import("alipay-sdk");
|
||||
const AlipaySdk = await this.access.importRuntime("alipay-sdk");
|
||||
|
||||
const alipaySdk = new AlipaySdk.AlipaySdk({
|
||||
appId: this.access.appId,
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import { IPaymentProvider, TradeEntity, UpdateTrade, UpdateTradeInfo } from "@certd/commercial-core";
|
||||
import WxPay from "wechatpay-node-v3";
|
||||
import dayjs from "dayjs";
|
||||
import { logger } from "@certd/basic"; // 支持使用require
|
||||
import { logger } from "@certd/basic";
|
||||
import { WxpayAccess } from "../../../plugins/plugin-plus/wxpay/access.js";
|
||||
export class PaymentWxpay implements IPaymentProvider {
|
||||
access: WxpayAccess;
|
||||
@@ -26,7 +25,7 @@ export class PaymentWxpay implements IPaymentProvider {
|
||||
* }
|
||||
*/
|
||||
|
||||
const pay = this.createSdk();
|
||||
const pay = await this.createSdk();
|
||||
|
||||
const result: any = await pay.query({ out_trade_no: tradeNo });
|
||||
logger.info(`微信支付查询订单返回:${JSON.stringify(result)}`);
|
||||
@@ -58,7 +57,7 @@ export class PaymentWxpay implements IPaymentProvider {
|
||||
async createOrder(trade: TradeEntity, opts: { bindUrl: string; clientIp: string }) {
|
||||
const notify_url = `${opts.bindUrl}/api/payment/notify/wxpay`;
|
||||
|
||||
const pay = this.createSdk();
|
||||
const pay = await this.createSdk();
|
||||
|
||||
const params = {
|
||||
description: trade.title,
|
||||
@@ -83,7 +82,9 @@ export class PaymentWxpay implements IPaymentProvider {
|
||||
};
|
||||
}
|
||||
|
||||
private createSdk() {
|
||||
private async createSdk() {
|
||||
const WxPayLib = await this.access.importRuntime("wechatpay-node-v3");
|
||||
const WxPay = WxPayLib.default;
|
||||
const pay = new WxPay({
|
||||
appid: this.access.appId,
|
||||
mchid: this.access.mchid,
|
||||
@@ -94,7 +95,7 @@ export class PaymentWxpay implements IPaymentProvider {
|
||||
}
|
||||
|
||||
async onNotify(notifyData: any, updateTrade: UpdateTrade) {
|
||||
const pay = this.createSdk();
|
||||
const pay = await this.createSdk();
|
||||
const { ciphertext, associated_data, nonce } = notifyData.resource;
|
||||
logger.info(`微信支付notify:${JSON.stringify(notifyData)}`);
|
||||
const key = this.access.key;
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
|
||||
import FormData from "form-data";
|
||||
import { authenticator } from "otplib";
|
||||
|
||||
export interface ProxyHost {
|
||||
id: number;
|
||||
@@ -274,6 +273,7 @@ export class NginxProxyManagerAccess extends BaseAccess {
|
||||
|
||||
let code: string;
|
||||
try {
|
||||
const { authenticator } = await this.importRuntime("otplib");
|
||||
code = authenticator.generate(this.totpSecret);
|
||||
} catch (error) {
|
||||
throw this.describeError(error, "Generating TOTP code");
|
||||
|
||||
+9
-6
@@ -57,12 +57,12 @@ input:
|
||||
action: TestRequest
|
||||
helper: 测试登录并拉取代理主机列表。
|
||||
content: |
|
||||
const { BaseAccess } = await import("@certd/pipeline");
|
||||
const httpsModule = await import("node:https");
|
||||
const { URL } = await import("node:url");
|
||||
const axiosModule = await import("axios");
|
||||
const formDataModule = await import("form-data");
|
||||
const { authenticator } = await import("otplib");
|
||||
const runtimeImport = import;
|
||||
const { BaseAccess } = await runtimeImport("@certd/pipeline");
|
||||
const httpsModule = await runtimeImport("node:https");
|
||||
const { URL } = await runtimeImport("node:url");
|
||||
const axiosModule = await runtimeImport("axios");
|
||||
const formDataModule = await runtimeImport("form-data");
|
||||
|
||||
const https = httpsModule.default ?? httpsModule;
|
||||
const axios = axiosModule.default ?? axiosModule;
|
||||
@@ -114,6 +114,7 @@ content: |
|
||||
class NginxProxyManagerClient {
|
||||
constructor(options) {
|
||||
this.options = options;
|
||||
this.importFn = options.importFn;
|
||||
this.endpoint = normalizeEndpoint(options.endpoint);
|
||||
this.apiBaseUrl = `${this.endpoint}/api`;
|
||||
this.token = undefined;
|
||||
@@ -267,6 +268,7 @@ content: |
|
||||
|
||||
let code;
|
||||
try {
|
||||
const { authenticator } = await this.importFn("otplib");
|
||||
code = authenticator.generate(this.options.totpSecret);
|
||||
} catch (error) {
|
||||
throw describeError(error, "Generating TOTP code");
|
||||
@@ -327,6 +329,7 @@ content: |
|
||||
password: this.password,
|
||||
totpSecret: this.totpSecret || undefined,
|
||||
ignoreTls: this.ignoreTls === true,
|
||||
importFn: this.importRuntime.bind(this),
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
issuerUrl = "";
|
||||
|
||||
async getClient() {
|
||||
const client = await import("openid-client");
|
||||
const client = await this.importRuntime("openid-client");
|
||||
const server = new URL(this.issuerUrl); // Authorization Server's Issuer Identifier
|
||||
|
||||
const config = await client.discovery(server, this.clientId, this.clientSecretKey);
|
||||
|
||||
@@ -14,7 +14,8 @@ export class VolcengineCdnClient {
|
||||
if (this.service) {
|
||||
return this.service;
|
||||
}
|
||||
const { cdn } = await this.opts.access.importRuntime("@volcengine/openapi");
|
||||
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
|
||||
const { cdn } = await importRuntime("@volcengine/openapi");
|
||||
const service = new cdn.CdnService();
|
||||
// 设置ak、sk
|
||||
service.setAccessKeyId(this.opts.access.accessKeyId);
|
||||
|
||||
@@ -21,7 +21,8 @@ export class VolcengineDnsClient {
|
||||
}
|
||||
|
||||
async doRequest(req: VolcengineReq) {
|
||||
const { Signer } = await this.opts.access.importRuntime("@volcengine/openapi");
|
||||
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
|
||||
const { Signer } = await importRuntime("@volcengine/openapi");
|
||||
|
||||
// http request data
|
||||
const openApiRequestData: any = {
|
||||
|
||||
@@ -1,10 +1,12 @@
|
||||
import { VolcengineAccess } from "./access.js";
|
||||
import { HttpClient, ILogger } from "@certd/basic";
|
||||
import { ImportRuntime } from "@certd/pipeline";
|
||||
|
||||
export type VolcengineOpts = {
|
||||
access: VolcengineAccess;
|
||||
logger: ILogger;
|
||||
http: HttpClient;
|
||||
importRuntime?: ImportRuntime;
|
||||
};
|
||||
|
||||
export class VolcengineClient {
|
||||
@@ -140,7 +142,8 @@ export class VolcengineClient {
|
||||
}
|
||||
|
||||
async getTOSService(opts: { region?: string }) {
|
||||
const { TosClient } = await this.opts.access.importRuntime("@volcengine/tos-sdk");
|
||||
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
|
||||
const { TosClient } = await importRuntime("@volcengine/tos-sdk");
|
||||
|
||||
const client = new TosClient({
|
||||
accessKeyId: this.opts.access.accessKeyId,
|
||||
@@ -169,7 +172,8 @@ export class VolcengineClient {
|
||||
if (this.CommonService) {
|
||||
return this.CommonService;
|
||||
}
|
||||
const { Service } = await this.opts.access.importRuntime("@volcengine/openapi");
|
||||
const importRuntime = this.opts.importRuntime || this.opts.access.importRuntime.bind(this.opts.access);
|
||||
const { Service } = await importRuntime("@volcengine/openapi");
|
||||
|
||||
class CommonService extends Service {
|
||||
Generic: any;
|
||||
|
||||
@@ -22,6 +22,7 @@ export class VolcengineDnsProvider extends AbstractDnsProvider {
|
||||
access: this.access,
|
||||
logger: this.logger,
|
||||
http: this.http,
|
||||
importRuntime: this.importRuntime.bind(this),
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user