perf: 重构自动加载模块并优化EAB授权处理

refactor(ui): 将分散的auto-*模块整合为统一命名的auto-register模块 perf(plugin-cert): 增强EAB授权功能，支持账号私钥刷新和类型选择 test: 添加EAB授权服务和ACME账号配置的单元测试 docs: 更新AGENTS.md补充ACME/EAB使用注意事项 chore: 统一各package.json中的测试脚本配置
2026-05-16 21:27:34 +08:00 · 2026-05-10 16:57:12 +08:00
parent 37d03c10f9
commit 4755216505
32 changed files with 911 additions and 105 deletions
@@ -0,0 +1,107 @@
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { logger } from "@certd/basic";
+import { AccessService } from "@certd/lib-server";
+import { isComm } from "@certd/plus-core";
+import { PluginConfigService } from "../plugin/service/plugin-config-service.js";
+import { StorageService } from "../pipeline/service/storage-service.js";
+
+export function parseStorageValue(value?: string) {
+  if (!value) {
+    return null;
+  }
+  try {
+    const parsed = JSON.parse(value);
+    return parsed?.value || null;
+  } catch {
+    return null;
+  }
+}
+
+export function buildEabAccountKeyValue(kid: string, privateKey: string) {
+  return JSON.stringify({
+    kid,
+    privateKey,
+  });
+}
+
+export function buildLegacyGoogleAccountConfigWhere(email: string) {
+  return {
+    userId: 1,
+    scope: "user",
+    namespace: "1",
+    key: `acme.config.google.${email}`,
+  };
+}
+
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class AutoFix {
+  @Inject()
+  pluginConfigService: PluginConfigService;
+
+  @Inject()
+  accessService: AccessService;
+
+  @Inject()
+  storageService: StorageService;
+
+  async init() {
+    await this.fixGoogleCommonEabAccountKey();
+  }
+  async fixGoogleCommonEabAccountKey() {
+    if (!isComm()) {
+      return;
+    }
+    try {
+      const certApplyConfig = await this.pluginConfigService.getPluginConfig({
+        name: "CertApply",
+        type: "builtIn",
+      });
+      const googleCommonEabAccessId = certApplyConfig?.sysSetting?.input?.googleCommonEabAccessId;
+      if (!googleCommonEabAccessId) {
+        return;
+      }
+
+      const eabAccess = await this.accessService.getAccessById(googleCommonEabAccessId, false);
+      if (eabAccess.accountKey) {
+        return;
+      }
+      if (!eabAccess.kid) {
+        logger.info("公共Google EAB授权缺少KID，跳过历史ACME账号私钥修复");
+        return;
+      }
+
+      const accountConfig = await this.getLegacyGoogleAccountConfig(eabAccess.email);
+      const privateKey = accountConfig?.privateKey || accountConfig?.key || accountConfig?.accountKey;
+      if (!privateKey) {
+        logger.info("未找到可迁移到公共Google EAB授权的历史ACME账号私钥");
+        return;
+      }
+
+      const accountKey = buildEabAccountKeyValue(eabAccess.kid, privateKey);
+      await this.accessService.updateAccess({ id: googleCommonEabAccessId, eabType: "google", accountKey });
+      logger.info(`已修复公共Google EAB授权的ACME账号私钥，accessId=${googleCommonEabAccessId}`);
+    } catch (e: any) {
+      logger.error("修复公共Google EAB授权ACME账号私钥失败", e);
+    }
+  }
+
+  async getLegacyGoogleAccountConfig(email?: string) {
+    if (!email) {
+      return null;
+    }
+    const repository = this.storageService.getRepository();
+    const exact = await repository.findOne({
+      where: buildLegacyGoogleAccountConfigWhere(email),
+    });
+    const exactValue = this.parseStorageValue(exact?.value);
+    if (exactValue?.key || exactValue?.privateKey || exactValue?.accountKey) {
+      return exactValue;
+    }
+    return null;
+  }
+
+  parseStorageValue(value?: string) {
+    return parseStorageValue(value);
+  }
+}