Merge branch 'v2-dev' into v2-dev-auto

# Conflicts: # packages/ui/certd-client/src/locales/langs/en-US/certd.ts # packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts
2026-04-24 04:17:25 +08:00 · 2025-07-11 17:44:04 +08:00
parent 39dc5c8160 8273031d7e
commit 4bef527ebb
74 changed files with 1173 additions and 96 deletions
@@ -26,11 +26,11 @@ process.on('uncaughtException', error => {
 });

@Configuration({
-  // detectorOptions: {
-  //   ignore: [
-  //     '**/plugins/**'
-  //   ]
-  // },
+  detectorOptions: {
+    ignore: [
+      '**/plugins/**'
+    ]
+  },
  imports: [
    koa,
    orm,
@@ -291,7 +291,8 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
          body: {
            title: `站点证书即将过期，剩余${validDays}天，<${site.name}>`,
            content,
-            url
+            url,
+            errorMessage: "站点证书即将过期"
          }
        },
        site.userId
@@ -25,3 +25,8 @@ export * from './plugin-flex/index.js'
 export * from './plugin-farcdn/index.js'
 export * from './plugin-fnos/index.js'
 export * from './plugin-rainyun/index.js'
+export * from './plugin-cloudflare/index.js'
+export * from './plugin-github/index.js'
+export * from './plugin-namesilo/index.js'
+export * from './plugin-proxmox/index.js'
+export * from './plugin-wangsu/index.js'
@@ -0,0 +1,185 @@
+import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { AliyunAccess, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+
+@IsTaskPlugin({
+  name: "AliyunDeployCertToVod",
+  title: "阿里云-部署至VOD",
+  icon: "svg:icon-aliyun",
+  group: pluginGroups.aliyun.key,
+  desc: "部署证书到阿里云视频点播（vod）",
+  needPlus: false,
+  default: {
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+export class AliyunDeployCertToVod extends AbstractTaskPlugin {
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择证书申请任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    },
+    required: true
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  // @TaskInput({
+  //   title: "大区",
+  //   value: "cn-hangzhou",
+  //   component: {
+  //     name: "a-auto-complete",
+  //     vModel: "value",
+  //     options: [
+  //       { value: "cn-hangzhou", label: "华东1（杭州）" },
+  //       { value: "ap-southeast-1", label: "新加坡" }
+  //     ]
+  //   },
+  //   required: true
+  // })
+  // regionId!: string;
+
+  @TaskInput({
+    title: "证书接入点",
+    helper: "不会选就保持默认即可",
+    value: "cas.aliyuncs.com",
+    component: {
+      name: "a-select",
+      options: [
+        { value: "cas.aliyuncs.com", label: "中国大陆" },
+        { value: "cas.ap-southeast-1.aliyuncs.com", label: "新加坡" },
+        { value: "cas.eu-central-1.aliyuncs.com", label: "德国（法兰克福）" }
+      ]
+    },
+    required: true
+  })
+  casEndpoint!: string;
+
+
+  @TaskInput({
+    title: "Access授权",
+    helper: "阿里云授权AccessKeyId、AccessKeySecret",
+    component: {
+      name: "access-selector",
+      type: "aliyun"
+    },
+    required: true
+  })
+  accessId!: string;
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "加速域名",
+      helper: "请选择要部署证书的域名",
+      action: AliyunDeployCertToVod.prototype.onGetDomainList.name,
+      watches: ["accessId"],
+      pager: true,
+      search: true
+    })
+  )
+  domainList!: string[];
+
+
+  async onInstance() {
+  }
+
+
+  async execute(): Promise<void> {
+    this.logger.info("开始部署证书到阿里云VOD");
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+
+    const client = await this.getClient(access);
+
+
+    for (const siteId of this.domainList) {
+      /**
+       * let queries : {[key: string ]: any} = { };
+       *     queries["DomainName"] = "324234234";
+       *     queries["CertName"] = "ccccccc";
+       *     queries["SSLProtocol"] = "on";
+       *     queries["SSLPub"] = "cert";
+       *     queries["SSLPri"] = "key";
+       *     // runtime options
+       *     let runtime = new $Util.RuntimeOptions({ });
+       *     let request = new $OpenApi.OpenApiRequest({
+       *       query: OpenApiUtil.query(queries),
+       *     });
+       */
+      const res = await client.doRequest({
+        action: "SetVodDomainCertificate",
+        version: "2017-03-21",
+        protocol: "HTTPS",
+        data: {
+          query: {
+            DomainName: siteId,
+            CertName: this.appendTimeSuffix("certd"),
+            SSLProtocol: "on",
+            SSLPub: this.cert.crt,
+            SSLPri: this.cert.key
+          }
+        }
+      });
+      this.logger.info(`部署站点[${siteId}]证书成功：${JSON.stringify(res)}`);
+    }
+  }
+
+  async getClient(access: AliyunAccess) {
+    const endpoint = `vod.cn-shanghai.aliyuncs.com`;
+    return access.getClient(endpoint);
+  }
+
+  async onGetDomainList(data: PageSearch) {
+    if (!this.accessId) {
+      throw new Error("请选择Access授权");
+    }
+    const access = await this.getAccess<AliyunAccess>(this.accessId);
+
+    /**
+     * let queries : {[key: string ]: any} = { };
+     *     queries["PageSize"] = 50;
+     *     queries["PageNumber"] = 1;
+     *     queries["DomainName"] = "5555";
+     *     // runtime options
+     *     let runtime = new $Util.RuntimeOptions({ });
+     *     let request = new $OpenApi.OpenApiRequest({
+     *       query: OpenApiUtil.query(queries),
+     *     });
+     */
+    const client = await this.getClient(access);
+    const res = await client.doRequest({
+      action: "DescribeVodUserDomains",
+      version: "2017-03-21",
+      protocol: "HTTPS",
+      data: {
+        query: {
+          DomainName: data.searchKey,
+          PageNumber: data.pageNo,
+          PageSize: data.pageSize
+        }
+      }
+    });
+
+    const list = res?.Domains.PageData;
+    if (!list || list.length === 0) {
+      throw new Error("没有找到加速域名，请先在阿里云添加点播加速域名");
+    }
+
+    const options = list.map((item: any) => {
+      return {
+        label: item.DomainName,
+        value: item.DomainName,
+        domain: item.DomainName
+      };
+    });
+    return this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
+  }
+
+}
+
+new AliyunDeployCertToVod();
@@ -7,3 +7,5 @@ export * from './deploy-to-alb/index.js';
 export * from './deploy-to-nlb/index.js';
 export * from './deploy-to-slb/index.js';
 export * from './deploy-to-fc/index.js';
+export * from './deploy-to-esa/index.js';
+export * from './deploy-to-vod/index.js';
@@ -1,4 +1,6 @@
-import dayjs from 'dayjs';
+import dayjs from "dayjs";
+import { AliyunSslClient } from "@certd/plugin-lib";
+import { CertInfo, CertReader } from "@certd/plugin-cert";

 export const ZoneOptions = [{ value: 'cn-hangzhou' }];
 export function appendTimeSuffix(name: string) {
@@ -13,3 +15,27 @@ export function checkRet(ret: any) {
    throw new Error('执行失败：' + ret.Message);
  }
 }
+
+
+export async function  getAliyunCertId(opts:{
+  cert: string | CertInfo,
+  sslClient: AliyunSslClient,
+}) {
+  const { cert, sslClient } = opts;
+  let certId: any = cert;
+  let certName: any = CertReader.appendTimeSuffix("certd");
+  if (typeof cert === "object") {
+    const certReader = new CertReader(cert)
+    certName = certReader.buildCertName()
+
+    certId = await sslClient.uploadCert({
+      name: certName,
+      cert: cert,
+    });
+    sslClient.logger.info("上传证书成功", certId, certName);
+  }
+  return {
+    certId,
+    certName,
+  };
+}
@@ -1 +1,2 @@
 export * from './plugin-deploy-to-cloudfront.js';
+export * from './plugin-upload-to-acm.js'
@@ -47,7 +47,7 @@ export class GithubCheckRelease extends AbstractTaskPlugin {
          mode:"tags"
        }
    },
-    required:true,
+    required:false,
  })
  notificationIds!: number[];

@@ -74,9 +74,21 @@ export class GithubCheckRelease extends AbstractTaskPlugin {
      name: 'a-textarea',
      vModel: 'value',
      rows: 6,
-      placeholder: `#拉取最新版镜像\ndocker pull greper/certd:latest \n#重建容器 \nnohup sh -c 'sleep 10; cd ~/deploy/certd/ ; docker compose down; docker compose up -d' >/dev/null & `,
+      placeholder: `
+# 拉取最新镜像
+docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
+# 升级容器命令， 替换成你自己的实际部署位置及更新命令
+export RESTART_CERT='sleep 10; cd ~/deploy/certd/ ; docker compose down; docker compose up -d'
+# 构造一个脚本10s后在后台执行，避免容器销毁时执行太快，导致流水线任务无法结束
+nohup sh -c '$RESTART_CERT' >/dev/null  2>&1 & echo '10秒后重启' && exit`,
    },
-    helper: '有新版本后执行命令，比如：拉取最新版镜像，然后重建容器\n注意：自己升级自己需要使用nobup配合sleep',
+    helper: `有新版本后执行命令，比如：拉取最新版镜像，然后重建容器
+注意：自己升级自己需要使用nohup配合sleep
+自动升级命令示例：
+docker pull registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
+export RESTART_CERT='sleep 10; cd ~/deploy/certd/ ; docker compose down; docker compose up -d'
+nohup sh -c '$RESTART_CERT' >/dev/null  2>&1 & echo '10秒后重启' && exit
+`,
    required: false,
  })
  script!: string;
@@ -108,24 +120,24 @@ export class GithubCheckRelease extends AbstractTaskPlugin {
    //仅每行开头的* 替换成 -， *号前面可以有空格
    const body = res.body.replace(/^(\s*)\* /gm, "$1- ")

-    if (this.notificationIds == null){
-      this.notificationIds = [0]
-    }
-    //发送通知
-    for (const notificationId of this.notificationIds) {
-      await this.ctx.notificationService.send({
-        id: notificationId,
-        useDefault: false,
-        useEmail:false,
-        logger: this.logger,
-        body: {
-          title: `${this.repoName} 新版本 ${this.lastVersion} 发布`,
-          content: `${body}\n\n > [Certd](https://certd.docmirror.cn)，不止证书自动化，插件解锁无限可能！\n\n`,
-          url: `https://github.com/${this.repoName}/releases/tag/${this.lastVersion}`,
-        }
-      })
+    if (this.notificationIds && this.notificationIds.length > 0){
+      //发送通知
+      for (const notificationId of this.notificationIds) {
+        await this.ctx.notificationService.send({
+          id: notificationId,
+          useDefault: false,
+          useEmail:false,
+          logger: this.logger,
+          body: {
+            title: `${this.repoName} 新版本 ${this.lastVersion} 发布`,
+            content: `${body}\n\n > [Certd](https://certd.docmirror.cn)，不止证书自动化，插件解锁无限可能！\n\n`,
+            url: `https://github.com/${this.repoName}/releases/tag/${this.lastVersion}`,
+          }
+        })
+      }
    }

+
    if (this.script != null && this.script.trim() != "") {
      const connectConf = await this.getAccess(this.sshAccessId);
      const sshClient = new SshClient(this.logger);
@@ -1,2 +1,3 @@
 export * from './host-shell-execute/index.js';
 export * from './upload-to-host/index.js';
+export * from './copy-to-local/index.js'
@@ -1,3 +1,3 @@
 export * from './access/index.js';
 export * from './dns-provider/index.js';
-export * from './plugins/deploy-to-cdn/index.js';
+export * from './plugins/index.js';
@@ -0,0 +1,2 @@
+export * from './deploy-to-cdn/index.js'
+export * from './upload-to-ccm/index.js'
@@ -7,7 +7,7 @@ import { BaseNotification, IsNotification, NotificationBody, NotificationInput }
  needPlus: true,
 })
 // https://open.dingtalk.com/document/orgapp/the-creation-and-installation-of-the-application-robot-in-the?spm=ding_open_doc.document.0.0.242d1563cDgZz3
-export class DingTalkNotification extends BaseNotification {
+export class FeishuNotification extends BaseNotification {
  @NotificationInput({
    title: 'webhook地址',
    component: {
@@ -10,3 +10,5 @@ export * from './discord/index.js';
 export * from './slack/index.js';
 export * from './bark/index.js';
 export * from './feishu/index.js';
+export * from './dingtalk/index.js';
+export * from './vocechat/index.js';
@@ -1 +1,2 @@
 export * from './deploy-to-cdn/index.js';
+export * from './upload-cert/index.js';
@@ -1,2 +1,3 @@
 export * from "./plugins/index.js";
 export * from "./access.js";
+export * from "./dns-provider.js";
@@ -0,0 +1 @@
+export * from './plugin-refresh-cert.js'
@@ -7,3 +7,5 @@ export * from './deploy-to-cos/index.js';
 export * from './deploy-to-eo/index.js';
 export * from './delete-expiring-cert/index.js';
 export * from './deploy-to-tke-ingress/index.js';
+export * from './deploy-to-live/index.js';
+export * from './start-instances/index.js';
@@ -1,4 +1,4 @@
-import { VolcengineOpts } from "./dns-client.js";
+import { VolcengineOpts } from "./ve-client.js";
 import { CertInfo } from "@certd/plugin-cert";

 export class VolcengineCdnClient {
@@ -1,12 +1,7 @@
-import { VolcengineAccess } from "./access.js";
-import { http, HttpClient, ILogger } from "@certd/basic";
+import {http} from "@certd/basic";
 import querystring from "querystring";
+import {VolcengineOpts} from "./ve-client.js";

-export type VolcengineOpts = {
-  access: VolcengineAccess
-  logger: ILogger
-  http: HttpClient
-}

 export type VolcengineReq = {
  method?: string;
@@ -1,3 +1,6 @@
 export * from './plugins/index.js';
 export * from './access.js';
 export * from './volcengine-dns-provider.js';
+export * from './ve-client.js';
+export * from './dns-client.js';
+export * from './cdn-client.js';
@@ -3,3 +3,5 @@ export * from './plugin-deploy-to-clb.js'
 export * from './plugin-upload-to-cert-center.js'
 export * from './plugin-deploy-to-alb.js'
 export * from './plugin-deploy-to-live.js'
+export * from './plugin-deploy-to-dcdn.js'
+export * from './plugin-deploy-to-vod.js'
@@ -0,0 +1,161 @@
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+import { HttpRequestConfig } from "@certd/basic";
+import { CertInfo } from "@certd/plugin-cert";
+
+
+
+/**
+ */
+@IsAccess({
+  name: "wangsu",
+  title: "网宿授权",
+  desc: "",
+  icon: "svg:icon-lucky"
+})
+export class WangsuAccess extends BaseAccess {
+
+  @AccessInput({
+    title: "accessKeyId",
+    component: {
+      placeholder: "accessKeyId",
+      component: {
+        name: "a-input",
+        vModel: "value"
+      }
+    },
+    helper: "[点击前往获取AccessKey](https://console.wangsu.com/account/accessKey?rsr=ws)",
+    encrypt: false,
+    required: true
+  })
+  accessKeyId!: string;
+
+  @AccessInput({
+    title: "accessKeySecret",
+    component: {
+      placeholder: "accessKeySecret",
+      component: {
+        name: "a-input",
+        vModel: "value"
+      }
+    },
+    encrypt: true,
+    required: true
+  })
+  accessKeySecret!: string;
+
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "点击测试接口是否正常"
+  })
+  testRequest = true;
+
+  async onTestRequest() {
+    await this.getCertList({  });
+    return "ok";
+  }
+
+  async getCertList(req: { }) {
+    /**
+     * certificate-id
+     * name
+     * dns-names
+     */
+    const res = await this.doRequest({
+      url: "/api/ssl/certificate",
+      method: "GET",
+    });
+
+    return res["ssl-certificate"]
+  }
+
+  async getCertInfo(req:{certId:string}){
+    return await this.doRequest({
+      url: `/api/certificate/${req.certId}`,
+      method:"GET",
+    });
+  }
+
+  async updateCert(req: {
+    certId: string,
+    cert: CertInfo,
+  }) {
+
+    const certInfo=  await this.getCertInfo({certId:req.certId});
+
+    const name = certInfo.name;
+    const {cert,certId} = req;
+    return await this.doRequest({
+      url: `/api/certificate/${certId}`,
+      method:"PUT",
+      data: {
+        /**
+         * name: string;
+         *   certificate?: string;
+         *   privateKey?: string;
+         *   autoRenew?: string;
+         *   isNeedAlarm?: string;
+         *   csrId?: number;
+         *   comment?: string;
+         */
+        name:name,
+        certificate: cert.crt,
+        privateKey: cert.key,
+        autoRenew:"false",
+        isNeedAlarm:"false",
+        comment: "certd"
+      }
+    });
+  }
+
+
+
+
+  async doRequest(req: HttpRequestConfig) {
+
+    const data: any = req.data;
+
+    const {AkSkConfig,AkSkAuth} = await import("./lib/index.js");
+
+    const akskConfig = new AkSkConfig();
+    akskConfig.accessKey = this.accessKeyId;
+    akskConfig.secretKey = this.accessKeySecret;
+    akskConfig.endPoint = "open.chinanetcenter.com";
+    akskConfig.uri = req.url;
+    akskConfig.method = req.method;
+
+    const requestMsg = AkSkAuth.transferHttpRequestMsg(akskConfig,data?JSON.stringify(data):"");
+    AkSkAuth.getAuthAndSetHeaders(requestMsg, akskConfig.accessKey, akskConfig.secretKey);
+
+    let response = undefined
+    try{
+       response = await this.ctx.http.request({
+        method: requestMsg.method,
+        url: requestMsg.url,
+        headers: requestMsg.headers,
+        data: requestMsg.body
+      });
+    }catch (e) {
+      if (e.response?.data?.result) {
+        throw new Error(e.response?.data?.result);
+      }
+      throw e;
+    }
+
+    if (response.code != null && response.code != 0){
+      throw new Error(response.message);
+    }
+    if (response.data != null && response.code!==null){
+      return response.data;
+    }
+    return response;
+
+  }
+}
+
+
+new WangsuAccess();
@@ -0,0 +1,2 @@
+export * from "./plugins/index.js";
+export * from "./access.js";
@@ -0,0 +1,87 @@
+import { HttpRequestMsg } from "../model/HttpRequestMsg.js";
+import { AkSkConfig } from "../model/AkSkConfig.js";
+import { CryptoUtils } from "../util/CryptoUtils.js";
+import { HttpUtils } from "../util/HttpUtils.js";
+import { Constant } from "../common/Constant.js";
+
+export class AkSkAuth {
+
+    public static invoke(akSkConfig: AkSkConfig, jsonBody: string): Promise<string | null> {
+        const requestMsg = AkSkAuth.transferHttpRequestMsg(akSkConfig, jsonBody);
+        AkSkAuth.getAuthAndSetHeaders(requestMsg, akSkConfig.accessKey, akSkConfig.secretKey);
+        return HttpUtils.call(requestMsg);
+    }
+
+    static transferHttpRequestMsg(akSkConfig: AkSkConfig, jsonBody: string): HttpRequestMsg {
+        const requestMsg = new HttpRequestMsg();
+        requestMsg.uri = akSkConfig.uri;
+        if (akSkConfig.endPoint && akSkConfig.endPoint !== Constant.END_POINT) {
+            requestMsg.host = akSkConfig.endPoint;
+            requestMsg.url = `${Constant.HTTPS_REQUEST_PREFIX}${akSkConfig.endPoint}${requestMsg.uri}`;
+        } else {
+            requestMsg.host = Constant.HTTP_DOMAIN;
+            requestMsg.url = `${Constant.HTTP_REQUEST_PREFIX}${requestMsg.uri}`;
+        }
+        requestMsg.method = akSkConfig.method;
+        requestMsg.signedHeaders = AkSkAuth.getSignedHeaders(akSkConfig.signedHeaders);
+        if (['POST', 'PUT', 'PATCH', 'DELETE'].indexOf(akSkConfig.method) !== -1) {
+            requestMsg.body = jsonBody;
+        }
+        return requestMsg;
+    }
+
+    static getAuthAndSetHeaders(requestMsg: HttpRequestMsg, accessKey: string, secretKey: string): void {
+        const timeStamp = (Date.now() / 1000 | 0).toString();
+        requestMsg.headers['Host'] = requestMsg.host;
+        requestMsg.headers[Constant.HEAD_SIGN_ACCESS_KEY] = accessKey;
+        requestMsg.headers[Constant.HEAD_SIGN_TIMESTAMP] = timeStamp;
+		requestMsg.headers["Accept"] = Constant.APPLICATION_JSON;
+        const signature = AkSkAuth.getSignature(requestMsg, secretKey, timeStamp);
+        requestMsg.headers['Authorization'] = AkSkAuth.genAuthorization(accessKey, AkSkAuth.getSignedHeaders(requestMsg.signedHeaders), signature);
+    }
+
+    private static genAuthorization(accessKey: string, signedHeaders: string, signature: string): string {
+        return `${Constant.HEAD_SIGN_ALGORITHM} Credential=${accessKey}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
+    }
+
+    private static getSignature(requestMsg: HttpRequestMsg, secretKey: string, timestamp: string): string {
+        let bodyStr = requestMsg.body || "";
+        const hashedRequestPayload = CryptoUtils.sha256Hex(bodyStr);
+        const canonicalRequest = `${requestMsg.method}\n${requestMsg.uri.split("?")[0]}\n${decodeURIComponent(requestMsg.getQueryString())}\n${AkSkAuth.getCanonicalHeaders(requestMsg.headers, AkSkAuth.getSignedHeaders(requestMsg.signedHeaders))}\n${AkSkAuth.getSignedHeaders(requestMsg.signedHeaders)}\n${hashedRequestPayload}`;
+        const stringToSign = `${Constant.HEAD_SIGN_ALGORITHM}\n${timestamp}\n${CryptoUtils.sha256Hex(canonicalRequest)}`;
+        return CryptoUtils.hmac256(secretKey, stringToSign).toLowerCase();
+    }
+
+    private static getCanonicalHeaders(headers: Record<string, string>, signedHeaders: string): string {
+        const headerNames = signedHeaders.split(";");
+        let canonicalHeaders = "";
+        for (const headerName of headerNames) {
+            const headerValue = AkSkAuth.getValueByHeader(headerName, headers);
+            if (headerValue !== null) {
+                canonicalHeaders += `${headerName}:${headerValue.toLowerCase()}\n`;
+            } else {
+                // Handle missing headers if necessary, e.g., log a warning or skip
+                console.warn(`Header ${headerName} not found in provided headers.`);
+            }
+        }
+        return canonicalHeaders;
+    }
+
+
+    private static getSignedHeaders(signedHeaders: string): string {
+        if (!signedHeaders) {
+            return "content-type;host";
+        }
+        const headers = signedHeaders.split(";");
+        return headers.map(header => header.toLowerCase()).sort().join(";");
+    }
+
+    private static getValueByHeader(name: string, customHeaderMap: { [key: string]: string }): string | null {
+        for (const key in customHeaderMap) {
+            if (key.toLowerCase() === name.toLowerCase()) {
+                return customHeaderMap[key];
+            }
+        }
+        return null;
+    }
+}
@@ -0,0 +1,19 @@
+export class Constant {
+    private constructor() {}
+
+    public static readonly HTTP_REQUEST_PREFIX: string = "https://open.chinanetcenter.com";
+    public static readonly HTTPS_REQUEST_PREFIX: string = "https://";
+    public static readonly HTTP_DOMAIN: string = "open.chinanetcenter.com";
+
+    public static readonly APPLICATION_JSON: string = "application/json";
+
+    public static readonly HEAD_SIGN_ACCESS_KEY: string = "x-cnc-accessKey";
+    public static readonly HEAD_SIGN_TIMESTAMP: string = "x-cnc-timestamp";
+    public static readonly HEAD_SIGN_ALGORITHM: string = "CNC-HMAC-SHA256";
+
+    public static readonly X_CNC_AUTH_METHOD: string = "x-cnc-auth-method";
+
+    public static readonly AUTH_METHOD: string = "AKSK";
+
+    public static readonly END_POINT: string = "{endPoint}";
+}
@@ -0,0 +1,9 @@
+export class ApiAuthException extends Error {
+    public cause?: any;
+
+    constructor(message: string, cause?: any) {
+        super(message);
+        this.cause = cause;
+        this.name = 'ApiAuthException';
+    }
+}
@@ -0,0 +1,4 @@
+import { AkSkConfig } from "./model/AkSkConfig.js";
+import { AkSkAuth } from "./auth/AkSkAuth.js";
+
+export { AkSkAuth, AkSkConfig}
@@ -0,0 +1,56 @@
+export class AkSkConfig {
+    private _accessKey: string | undefined;
+    private _secretKey: string | undefined;
+    private _uri: string | undefined;
+    private _endPoint: string | undefined;
+    private _method: string | undefined;
+    private _signedHeaders: string | undefined;
+
+    public get accessKey(): string {
+        return this._accessKey;
+    }
+
+    public set accessKey(value: string) {
+        this._accessKey = value;
+    }
+
+    public get secretKey(): string {
+        return this._secretKey;
+    }
+
+    public set secretKey(value: string) {
+        this._secretKey = value;
+    }
+
+    public get uri(): string {
+        return this._uri;
+    }
+
+    public set uri(value: string) {
+        this._uri = value;
+    }
+
+    public get endPoint(): string {
+        return this._endPoint;
+    }
+
+    public set endPoint(value: string) {
+        this._endPoint = value;
+    }
+
+    public get method(): string {
+        return this._method;
+    }
+
+    public set method(value: string) {
+        this._method = value;
+    }
+
+    public get signedHeaders(): string {
+        return this._signedHeaders;
+    }
+
+    public set signedHeaders(value: string) {
+        this._signedHeaders = value;
+    }
+}
@@ -0,0 +1,75 @@
+import { Constant } from '../common/Constant.js'; // Assuming you have a TypeScript version of this
+
+export class HttpRequestMsg {
+    uri: string ;
+    url: string;
+    host: string;
+    method: string;
+    protocol: string;
+    params: Record<string, string>;
+    headers: Record<string, string>;
+    body: string;
+    signedHeaders: string;
+    msg: any;
+
+    constructor() {
+        this.params = {};
+        this.headers = {};
+        this.putHeader('Content-Type', Constant.APPLICATION_JSON);
+        this.putHeader(Constant.X_CNC_AUTH_METHOD, Constant.AUTH_METHOD);
+    }
+
+    putParam(name: string, value: string): void {
+        this.params[name] = value;
+    }
+
+    getParam(name: string): string | null {
+        const value = this.params[name];
+        return value && value.trim() !== '' ? value : null;
+    }
+
+    getQueryString(): string {
+        if(this.uri == undefined)
+         return "";
+        const index = this.uri.indexOf("?");
+        if (this.method === 'POST' || index === -1) {
+            return "";
+        }
+        return this.uri.substring(index + 1);
+    }
+
+    putHeader(name: string, value: string): void {
+        this.headers[name] = value;
+    }
+
+    getHeader(name: string): string | null {
+        for (const key in this.headers) {
+            if (key.toLowerCase() === name.toLowerCase()) {
+                return this.headers[key];
+            }
+        }
+        return null;
+    }
+
+    getHeaderByNames(...names: string[]): string | null {
+        for (const name of names) {
+            const value = this.getHeader(name);
+            if (value) {
+                return value;
+            }
+        }
+        return null;
+    }
+
+    removeHeader(name: string): void {
+        for (const key in this.headers) {
+            if (key.toLowerCase() === name.toLowerCase()) {
+                delete this.headers[key];
+            }
+        }
+    }
+
+    setJsonBody(object: any): void {
+        this.body = JSON.stringify(object);
+    }
+}
@@ -0,0 +1,23 @@
+import CryptoJS from 'crypto-js';
+
+export class CryptoUtils {
+    private constructor() {}
+
+    /**
+     * hmac+sha256+hex
+     */
+    public static sha256Hex(s: string): string {
+        const hash = CryptoJS.SHA256(s);
+        return hash.toString(CryptoJS.enc.Hex).toLowerCase();
+    }
+
+    /**
+     * hmac+sha256
+     */
+    public static hmac256(secretKey: string, message: string): string {
+        const keyWordArray = CryptoJS.enc.Utf8.parse(secretKey);
+        const messageWordArray = CryptoJS.enc.Utf8.parse(message);
+        const hash = CryptoJS.HmacSHA256(messageWordArray, keyWordArray);
+        return hash.toString(CryptoJS.enc.Hex).toLowerCase();
+    }
+}
@@ -0,0 +1,30 @@
+import { HttpRequestMsg } from '../model/HttpRequestMsg.js'; // Assuming you have a TypeScript version of this
+import { ApiAuthException } from '../exception/ApiAuthException.js'; // Assuming you have a TypeScript version of this
+import axios, { AxiosError } from 'axios';
+
+export class HttpUtils {
+    private constructor() { }
+    public static async call(requestMsg: HttpRequestMsg): Promise<string | null> {
+        var response;
+        try {
+            response = await axios({
+                method: requestMsg.method,
+                url: requestMsg.url,
+                headers: requestMsg.headers,
+                data: requestMsg.body
+            });
+            console.info("API invoke success. Response:", response.data);
+            return response.data;
+        } catch (error) {
+            if (error instanceof AxiosError) {
+                // Handle AxiosError specifically
+                console.error('API invoke failed. Response:', error.response.data);
+                return error.response.data;
+            } else {
+                // Handle other types of errors
+                console.error('API invoke failed.', error);
+            }
+            throw new ApiAuthException('API invoke failed.');
+        }
+    }
+}
@@ -0,0 +1 @@
+export * from "./plugin-refresh-cert.js";
@@ -0,0 +1,121 @@
+import {
+  AbstractTaskPlugin,
+  IsTaskPlugin,
+  PageSearch,
+  pluginGroups,
+  RunStrategy,
+  TaskInput
+} from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import { WangsuAccess } from "../access.js";
+
+@IsTaskPlugin({
+  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
+  name: "WangsuRefreshCert",
+  title: "网宿-更新证书",
+  desc: "网宿证书自动更新",
+  icon: "svg:icon-lucky",
+  //插件分组
+  group: pluginGroups.cdn.key,
+  needPlus: false,
+  default: {
+    //默认值配置照抄即可
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+//类名规范，跟上面插件名称（name）一致
+export class WangsuRefreshCert extends AbstractTaskPlugin {
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    }
+    // required: true, // 必填
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  //授权选择框
+  @TaskInput({
+    title: "网宿授权",
+    component: {
+      name: "access-selector",
+      type: "wangsu" //固定授权类型
+    },
+    required: true //必填
+  })
+  accessId!: string;
+  //
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "证书Id",
+      helper: "要更新的网宿证书id",
+      action: WangsuRefreshCert.prototype.onGetCertList.name,
+      pager: false,
+      search: false
+    })
+  )
+  certList!: string[];
+
+  //插件实例化时执行的方法
+  async onInstance() {
+  }
+
+  //插件执行方法
+  async execute(): Promise<void> {
+    const access = await this.getAccess<WangsuAccess>(this.accessId);
+
+    for (const item of this.certList) {
+      this.logger.info(`----------- 开始更新证书：${item}`);
+      await access.updateCert({
+        certId: item,
+        cert: this.cert
+      });
+      this.logger.info(`----------- 更新证书${item}成功`);
+    }
+
+    this.logger.info("部署完成");
+  }
+
+  async onGetCertList(data: PageSearch = {}) {
+    const access = await this.getAccess<WangsuAccess>(this.accessId);
+
+    const list = await access.getCertList({});
+    if (!list || list.length === 0) {
+      throw new Error("没有找到证书，请先在控制台上传一次证书且关联域名");
+    }
+
+    /**
+     * certificate-id
+     * name
+     * dns-names
+     */
+    const options = list.map((item: any) => {
+      const domains = item["dns-names"]
+      const certId = item["certificate-id"];
+      return {
+        label: `${item.name}<${certId}-${domains[0]}>`,
+        value: certId,
+        domain: item["dns-names"]
+      };
+    });
+    return {
+      list: this.ctx.utils.options.buildGroupOptions(options, this.certDomains),
+      total: list.length,
+      pageNo: 1,
+      pageSize: list.length
+    };
+  }
+}
+
+//实例化一下，注册插件
+new WangsuRefreshCert();