mirror of
https://github.com/certd/certd.git
synced 2026-06-30 16:39:43 +08:00
chore: format
This commit is contained in:
@@ -1,9 +1,6 @@
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
|
||||
import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
|
||||
import {
|
||||
createCertDomainGetterInputDefine,
|
||||
createRemoteSelectInputDefine,
|
||||
} from "@certd/plugin-lib";
|
||||
import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
|
||||
import { SshAccess } from "../plugin-lib/ssh/ssh-access.js";
|
||||
import { SshClient } from "../plugin-lib/ssh/ssh.js";
|
||||
|
||||
@@ -18,9 +15,9 @@ import { SshClient } from "../plugin-lib/ssh/ssh.js";
|
||||
default: {
|
||||
//默认值配置照抄即可
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.SkipWhenSucceed
|
||||
}
|
||||
}
|
||||
runStrategy: RunStrategy.SkipWhenSucceed,
|
||||
},
|
||||
},
|
||||
})
|
||||
//类名规范,跟上面插件名称(name)一致
|
||||
export class FnOSDeployToNAS extends AbstractTaskPlugin {
|
||||
@@ -30,8 +27,8 @@ export class FnOSDeployToNAS extends AbstractTaskPlugin {
|
||||
helper: "请选择前置任务输出的域名证书",
|
||||
component: {
|
||||
name: "output-selector",
|
||||
from: [...CertApplyPluginNames]
|
||||
}
|
||||
from: [...CertApplyPluginNames],
|
||||
},
|
||||
// required: true, // 必填
|
||||
})
|
||||
cert!: CertInfo;
|
||||
@@ -44,27 +41,24 @@ export class FnOSDeployToNAS extends AbstractTaskPlugin {
|
||||
title: "飞牛SSH授权",
|
||||
component: {
|
||||
name: "access-selector",
|
||||
type: "ssh" //固定授权类型
|
||||
type: "ssh", //固定授权类型
|
||||
},
|
||||
helper:"请先配置sudo免密:\nsudo visudo\n#在文件最后一行增加以下内容,需要将username替换成自己的用户名\nusername ALL=(ALL) NOPASSWD: NOPASSWD: ALL\nctrl+x 保存退出",
|
||||
required: true //必填
|
||||
helper: "请先配置sudo免密:\nsudo visudo\n#在文件最后一行增加以下内容,需要将username替换成自己的用户名\nusername ALL=(ALL) NOPASSWD: NOPASSWD: ALL\nctrl+x 保存退出",
|
||||
required: true, //必填
|
||||
})
|
||||
accessId!: string;
|
||||
|
||||
|
||||
|
||||
@TaskInput(
|
||||
createRemoteSelectInputDefine({
|
||||
title: "证书Id",
|
||||
helper: "面板证书请选择fnOS,其他FTP、webdav等证书请选择已使用,可多选(如果证书域名都匹配的话)",
|
||||
action: FnOSDeployToNAS.prototype.onGetCertList.name
|
||||
action: FnOSDeployToNAS.prototype.onGetCertList.name,
|
||||
})
|
||||
)
|
||||
certList!: number[];
|
||||
|
||||
//插件实例化时执行的方法
|
||||
async onInstance() {
|
||||
}
|
||||
async onInstance() {}
|
||||
|
||||
//插件执行方法
|
||||
async execute(): Promise<void> {
|
||||
@@ -73,22 +67,22 @@ export class FnOSDeployToNAS extends AbstractTaskPlugin {
|
||||
const client = new SshClient(this.logger);
|
||||
|
||||
//复制证书
|
||||
const list = await this.doGetCertList()
|
||||
const list = await this.doGetCertList();
|
||||
|
||||
const certReader = new CertReader(this.cert);
|
||||
const expiresAt = certReader.expires;
|
||||
const validFrom = certReader.detail.notBefore.getTime()
|
||||
const validFrom = certReader.detail.notBefore.getTime();
|
||||
for (const target of this.certList) {
|
||||
this.logger.info(`----------- 准备部署:${target}`);
|
||||
let found = false
|
||||
let found = false;
|
||||
for (const item of list) {
|
||||
if (item.sum === target) {
|
||||
this.logger.info(`----------- 找到证书,开始部署:${item.sum},${item.domain}`)
|
||||
this.logger.info(`----------- 找到证书,开始部署:${item.sum},${item.domain}`);
|
||||
const certPath = item.certificate;
|
||||
const keyPath = item.privateKey;
|
||||
const certDir = keyPath.substring(0, keyPath.lastIndexOf("/"));
|
||||
const fullchainPath = certDir+ "/fullchain.crt"
|
||||
const caPath = certDir+ "/issuer_certificate.crt"
|
||||
const fullchainPath = certDir + "/fullchain.crt";
|
||||
const caPath = certDir + "/issuer_certificate.crt";
|
||||
const cmd = `
|
||||
sudo tee ${certPath} > /dev/null <<'EOF'
|
||||
${this.cert.crt}
|
||||
@@ -107,16 +101,16 @@ sudo chmod 0755 "${certDir}/" -R
|
||||
|
||||
sudo -u postgres psql -d trim_connect -c "UPDATE cert SET valid_to=${expiresAt},valid_from=${validFrom} WHERE private_key='${item.privateKey}'"
|
||||
|
||||
`
|
||||
`;
|
||||
const res = await client.exec({
|
||||
connectConf: access,
|
||||
script: cmd
|
||||
});
|
||||
if (res.indexOf("Permission denied") > -1){
|
||||
this.logger.error("权限不足,请先配置 sudo 免密")
|
||||
connectConf: access,
|
||||
script: cmd,
|
||||
});
|
||||
if (res.indexOf("Permission denied") > -1) {
|
||||
this.logger.error("权限不足,请先配置 sudo 免密");
|
||||
}
|
||||
found = true
|
||||
break
|
||||
found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!found) {
|
||||
@@ -124,60 +118,57 @@ sudo -u postgres psql -d trim_connect -c "UPDATE cert SET valid_to=${expiresAt}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
this.logger.info("证书已上传,准备重启...");
|
||||
|
||||
|
||||
const restartCmd= `
|
||||
const restartCmd = `
|
||||
echo "正在重启相关服务..."
|
||||
sudo systemctl restart webdav.service
|
||||
sudo systemctl restart smbftpd.service
|
||||
sudo systemctl restart trim_nginx.service
|
||||
echo "服务重启完成!"
|
||||
`
|
||||
`;
|
||||
await client.exec({
|
||||
connectConf: access,
|
||||
script: restartCmd
|
||||
script: restartCmd,
|
||||
});
|
||||
|
||||
this.logger.info("部署完成");
|
||||
}
|
||||
|
||||
async doGetCertList(){
|
||||
async doGetCertList() {
|
||||
const access: SshAccess = await this.getAccess<SshAccess>(this.accessId);
|
||||
const client = new SshClient(this.logger);
|
||||
|
||||
/**
|
||||
* :/usr/trim/etc$ cat network_cert_all.conf | jq .
|
||||
*/
|
||||
const sslListCmd = "cat /usr/trim/etc/network_cert_all.conf | jq ."
|
||||
const sslListCmd = "cat /usr/trim/etc/network_cert_all.conf | jq .";
|
||||
|
||||
const res:string = await client.exec({
|
||||
const res: string = await client.exec({
|
||||
connectConf: access,
|
||||
script: sslListCmd
|
||||
script: sslListCmd,
|
||||
});
|
||||
let list = []
|
||||
try{
|
||||
list = JSON.parse(res.trim())
|
||||
}catch (e){
|
||||
throw new Error(`证书列表解析失败:${res}`)
|
||||
let list = [];
|
||||
try {
|
||||
list = JSON.parse(res.trim());
|
||||
} catch (e) {
|
||||
throw new Error(`证书列表解析失败:${res}`);
|
||||
}
|
||||
|
||||
if (!list || list.length === 0) {
|
||||
throw new Error("没有找到证书,请先在证书管理页面上传一次证书");
|
||||
}
|
||||
return list
|
||||
return list;
|
||||
}
|
||||
|
||||
async onGetCertList() {
|
||||
|
||||
const list = await this.doGetCertList()
|
||||
const list = await this.doGetCertList();
|
||||
|
||||
const options = list.map((item: any) => {
|
||||
return {
|
||||
label: `${item.domain}<${item.used?'已使用':"未使用"}-${item.sum}>`,
|
||||
label: `${item.domain}<${item.used ? "已使用" : "未使用"}-${item.sum}>`,
|
||||
value: item.sum,
|
||||
domain: item.san
|
||||
domain: item.san,
|
||||
};
|
||||
});
|
||||
return this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
|
||||
|
||||
Reference in New Issue
Block a user