perf: 添加阿里云 ESA证书部署插件

- 新增 AliyunDeployCertToESA 插件类，实现证书上传和部署到阿里云 ESA 功能
- 优化证书名称生成逻辑，支持通配符域名
- 重构部分代码，提高可复用性和可维护性
- 更新相关依赖版本，确保兼容性

packages/ui/certd-server/src/modules/sys/settings/safe-service.ts

@@ -57,15 +57,12 @@ export class SafeService {
   async reloadHiddenStatus(immediate = false) {
     const hidden = await this.getHiddenSetting()
     if (hidden.enabled) {
-      logger.error("启动站点隐藏");
-      hiddenStatus.isHidden = false
-      if (immediate) {
-        hiddenStatus.isHidden = true;
-      }
+      logger.info("启动站点隐藏");
+      hiddenStatus.isHidden = immediate;
       const autoHiddenTimes = hidden.autoHiddenTimes || 5;
       hiddenStatus.startCheck(autoHiddenTimes);
     } else {
-      logger.error("关闭站点隐藏");
+      logger.info("当前站点隐藏已关闭");
       hiddenStatus.isHidden = false;
       hiddenStatus.stopCheck()
     }

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts

@@ -1,5 +1,5 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
-import { CertInfo ,CertApplyPluginNames} from '@certd/plugin-cert';
+import { CertInfo ,CertApplyPluginNames, CertReader} from '@certd/plugin-cert';
 import { AliyunAccess, AliyunClient, AliyunSslClient, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
 
 @IsTaskPlugin({
@@ -143,8 +143,9 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
         endpoint: this.casEndpoint,
       });
 
+      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
       certId = await sslClient.uploadCert({
-        name: this.appendTimeSuffix('certd'),
+        name: certName,
         cert: this.cert,
       });
     }

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-cdn/index.ts

@@ -1,7 +1,7 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
 import { AliyunAccess, AliyunClient, AliyunSslClient, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
 import { optionsUtils } from '@certd/basic/dist/utils/util.options.js';
-import { CertApplyPluginNames} from '@certd/plugin-cert';
+import { CertApplyPluginNames, CertReader } from "@certd/plugin-cert";
 @IsTaskPlugin({
   name: 'DeployCertToAliyunCDN',
   title: '阿里云-部署证书至CDN',
@@ -107,9 +107,11 @@ export class DeployCertToAliyunCDN extends AbstractTaskPlugin {
 
     let certId: any = this.cert;
 
-    const certName =  this.appendTimeSuffix(this.certName);
+    let certName =  this.appendTimeSuffix(this.certName);
 
     if (typeof this.cert === 'object') {
+      // @ts-ignore
+      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
       certId = await sslClient.uploadCert({
         name:certName,
         cert: this.cert,

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-esa/index.ts

@@ -0,0 +1,226 @@
+import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
+import {
+  AliyunAccess, AliyunClientV2,
+  AliyunSslClient,
+  createCertDomainGetterInputDefine,
+  createRemoteSelectInputDefine
+} from "@certd/plugin-lib";
+
+@IsTaskPlugin({
+  name: "AliyunDeployCertToESA",
+  title: "阿里云-部署至ESA",
+  icon: "svg:icon-aliyun",
+  group: pluginGroups.aliyun.key,
+  desc: "部署证书到阿里云ESA(边缘安全加速)",
+  needPlus: false,
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+export class AliyunDeployCertToESA extends AbstractTaskPlugin {
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择证书申请任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    },
+    required: true
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  @TaskInput({
+    title: "大区",
+    value: "cn-hangzhou",
+    component: {
+      name: "a-auto-complete",
+      vModel: "value",
+      options: [
+        { value: "cn-hangzhou", label: "华东1（杭州）" },
+        { value: "ap-southeast-1", label: "新加坡" }
+      ]
+    },
+    required: true
+  })
+  regionId!: string;
+
+  @TaskInput({
+    title: "证书接入点",
+    helper: "不会选就保持默认即可",
+    value: "cas.aliyuncs.com",
+    component: {
+      name: "a-select",
+      options: [
+        { value: "cas.aliyuncs.com", label: "中国大陆" },
+        { value: "cas.ap-southeast-1.aliyuncs.com", label: "新加坡" },
+        { value: "cas.eu-central-1.aliyuncs.com", label: "德国（法兰克福）" }
+      ]
+    },
+    required: true
+  })
+  casEndpoint!: string;
+
+
+  @TaskInput({
+    title: "Access授权",
+    helper: "阿里云授权AccessKeyId、AccessKeySecret",
+    component: {
+      name: "access-selector",
+      type: "aliyun"
+    },
+    required: true
+  })
+  accessId!: string;
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "站点",
+      helper: "请选择要部署证书的站点",
+      action: AliyunDeployCertToESA.prototype.onGetSiteList.name,
+      watches: ["accessId", "regionId"]
+    })
+  )
+  siteIds!: string[];
+
+
+  async onInstance() {
+  }
+
+  async getAliyunCertId(access: AliyunAccess) {
+    let certId: any = this.cert;
+    let certName: any = this.appendTimeSuffix("certd");
+    if (typeof this.cert === "object") {
+      const sslClient = new AliyunSslClient({
+        access,
+        logger: this.logger,
+        endpoint: this.casEndpoint
+      });
+
+      certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt));
+
+      certId = await sslClient.uploadCert({
+        name: certName,
+        cert: this.cert
+      });
+      this.logger.info("上传证书成功", certId, certName);
+    }
+    return {
+      certId,
+      certName
+    };
+  }
+
+  async execute(): Promise<void> {
+    this.logger.info("开始部署证书到阿里云");
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+
+    const client = await this.getClient(access);
+
+    const { certId, certName } = await this.getAliyunCertId(access);
+
+    for (const siteId of this.siteIds) {
+      try {
+        const res = await client.doRequest({
+          // 接口名称
+          action: "SetCertificate",
+          // 接口版本
+          version: "2024-09-10",
+          data: {
+            SiteId: siteId,
+            CasId: certId,
+            Type: "cas",
+            Name: certName
+          }
+        });
+        this.logger.info(`部署站点[${siteId}]证书成功：${JSON.stringify(res)}`);
+
+      } catch (e) {
+        if (e.message.includes("Certificate.Duplicated")) {
+          this.logger.info(`站点[${siteId}]证书已存在,无需重复部署`);
+        }else{
+          throw e;
+        }
+      }
+
+      try{
+        await this.clearSiteCert(client,siteId);
+      }catch (e) {
+        this.logger.error("清理站点[${siteId}]证书失败",e)
+      }
+
+    }
+  }
+
+  async getClient(access: AliyunAccess) {
+    const endpoint = `esa.${this.regionId}.aliyuncs.com`;
+    return access.getClient(endpoint);
+  }
+
+  async onGetSiteList(data: any) {
+    if (!this.accessId) {
+      throw new Error("请选择Access授权");
+    }
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+
+    const client = await this.getClient(access);
+    const res = await client.doRequest({
+      action: "ListSites",
+      version: "2024-09-10",
+      method: "GET",
+      data: {}
+    });
+
+    const list = res?.Sites;
+    if (!list || list.length === 0) {
+      throw new Error("没有找到站点，请先创建站点");
+    }
+
+    const options = list.map((item: any) => {
+      return {
+        label: item.SiteName,
+        value: item.SiteId,
+        domain: item.SiteName
+      };
+    });
+    return this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
+  }
+
+  async clearSiteCert(client: AliyunClientV2, siteId: string) {
+    this.logger.info(`开始清理站点[${siteId}]过期证书`);
+    const certListRes = await client.doRequest({
+      action: "ListCertificates",
+      version: "2024-09-10",
+      method: "GET",
+      query: {
+        SiteId: siteId
+      }
+    });
+
+    const list = certListRes.Result;
+    for (const item of list) {
+      this.logger.info(`证书${item.Name}状态：${item.Status}`);
+      if (item.Status === "Expired") {
+        this.logger.info(`证书${item.Name}已过期，执行删除`);
+        await client.doRequest({
+          action: "DeleteCertificate",
+          version: "2024-09-10",
+          // 接口 HTTP 方法
+          method: "GET",
+          query: {
+            SiteId: siteId,
+            Id: item.id
+          }
+        });
+        this.logger.info(`证书${item.Name}已删除`);
+      }
+    }
+  }
+}
+
+new AliyunDeployCertToESA();

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts

@@ -1,5 +1,5 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
-import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
 import { AliyunAccess, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
 
 @IsTaskPlugin({
@@ -141,9 +141,11 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
         bodyType: 'json',
       });
       // body params
+      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
+
       const body: { [key: string]: any } = {
         certConfig: {
-          certName: this.appendTimeSuffix('certd_fc'),
+          certName: certName,
           certificate: this.cert.crt,
           privateKey: this.cert.key,
         },

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-nlb/index.ts

@@ -1,5 +1,5 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
-import { CertInfo } from '@certd/plugin-cert';
+import { CertInfo, CertReader } from "@certd/plugin-cert";
 import { AliyunAccess, AliyunClient, AliyunSslClient, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
 import { CertApplyPluginNames} from '@certd/plugin-cert';
 @IsTaskPlugin({
@@ -139,8 +139,10 @@ export class AliyunDeployCertToNLB extends AbstractTaskPlugin {
         endpoint: this.casEndpoint,
       });
 
+      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
+
       certId = await sslClient.uploadCert({
-        name: this.appendTimeSuffix('certd'),
+        name: certName,
         cert: this.cert,
       });
     }

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-waf/index.ts

@@ -1,5 +1,5 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
-import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
 import {
   AliyunAccess,
   AliyunClient,
@@ -124,7 +124,7 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
       });
 
       certId = await sslClient.uploadCert({
-        name: this.appendTimeSuffix('certd'),
+        name: this.buildCertName(CertReader.getMainDomain(this.cert.crt)),
         cert: this.cert,
       });
     }

packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts

@@ -1,7 +1,7 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskOutput } from '@certd/pipeline';
 import { AliyunAccess } from '@certd/plugin-lib';
 import { AliyunSslClient } from '@certd/plugin-lib';
-import { CertApplyPluginNames} from '@certd/plugin-cert';
+import { CertApplyPluginNames, CertReader } from "@certd/plugin-cert";
 /**
  * 华东1（杭州）	cn-hangzhou	cas.aliyuncs.com	cas-vpc.cn-hangzhou.aliyuncs.com
  * 马来西亚（吉隆坡）	ap-southeast-3	cas.ap-southeast-3.aliyuncs.com	cas-vpc.ap-southeast-3.aliyuncs.com
@@ -97,8 +97,9 @@ export class UploadCertToAliyun extends AbstractTaskPlugin {
       logger: this.logger,
       endpoint,
     });
+    const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
     this.aliyunCertId = await client.uploadCert({
-      name: this.appendTimeSuffix('certd'),
+      name: certName,
       cert: this.cert,
     });
   }