mirror of
https://github.com/certd/certd.git
synced 2026-04-24 12:27:25 +08:00
perf: 优化天翼云cdn 等待5秒部署完成
This commit is contained in:
xiaojunnuo
@@ -6,9 +6,10 @@ import { LoginService } from "../../../modules/login/service/login-service.js";
|
||||
import { CodeService } from "../../../modules/basic/service/code-service.js";
|
||||
import { UserService } from "../../../modules/sys/authority/service/user-service.js";
|
||||
import { UserEntity } from "../../../modules/sys/authority/entity/user.js";
|
||||
import { logger, simpleNanoId } from "@certd/basic";
|
||||
import { logger, simpleNanoId, utils } from "@certd/basic";
|
||||
import { OauthBoundService } from "../../../modules/login/service/oauth-bound-service.js";
|
||||
import { OauthBoundEntity } from "../../../modules/login/entity/oauth-bound.js";
|
||||
import { checkPlus } from "@certd/plus-core";
|
||||
|
||||
/**
|
||||
*/
|
||||
@@ -50,14 +51,14 @@ export class ConnectController extends BaseController {
|
||||
}
|
||||
|
||||
@Post('/login', { summary: Constants.per.guest })
|
||||
public async login(@Body(ALL) body: { type: string }) {
|
||||
public async login(@Body(ALL) body: { type: string, forType?:string }) {
|
||||
|
||||
const addon = await this.getOauthProvider(body.type);
|
||||
const installInfo = await this.sysSettingsService.getSetting<SysInstallInfo>(SysInstallInfo);
|
||||
const bindUrl = installInfo?.bindUrl || "";
|
||||
//构造登录url
|
||||
const redirectUrl = `${bindUrl}api/oauth/callback/${body.type}`;
|
||||
const { loginUrl, ticketValue } = await addon.buildLoginUrl({ redirectUri: redirectUrl });
|
||||
const { loginUrl, ticketValue } = await addon.buildLoginUrl({ redirectUri: redirectUrl, forType: body.forType });
|
||||
const ticket = this.codeService.setValidationValue(ticketValue)
|
||||
this.ctx.cookies.set("oauth_ticket", ticket, {
|
||||
httpOnly: true,
|
||||
@@ -68,6 +69,9 @@ export class ConnectController extends BaseController {
|
||||
}
|
||||
@Get('/callback/:type', { summary: Constants.per.guest })
|
||||
public async callback(@Param('type') type: string, @Query() query: Record<string, string>) {
|
||||
|
||||
checkPlus()
|
||||
|
||||
//处理登录回调
|
||||
const addon = await this.getOauthProvider(type);
|
||||
const request = this.ctx.request;
|
||||
@@ -103,7 +107,9 @@ export class ConnectController extends BaseController {
|
||||
userInfo,
|
||||
});
|
||||
|
||||
const redirectUrl = `${bindUrl}#/oauth/callback/${type}?validationCode=${validationCode}`;
|
||||
const state = JSON.parse(utils.hash.base64Decode(query.state));
|
||||
|
||||
const redirectUrl = `${bindUrl}#/oauth/callback/${type}?validationCode=${validationCode}&forType=${state.forType}`;
|
||||
this.ctx.redirect(redirectUrl);
|
||||
} catch (err) {
|
||||
logger.error(err);
|
||||
@@ -115,6 +121,7 @@ export class ConnectController extends BaseController {
|
||||
|
||||
@Post('/token', { summary: Constants.per.guest })
|
||||
public async token(@Body(ALL) body: { validationCode: string, type: string }) {
|
||||
checkPlus()
|
||||
const validationValue = await this.codeService.getValidationValue(body.validationCode);
|
||||
if (!validationValue) {
|
||||
throw new Error("校验码错误");
|
||||
@@ -140,24 +147,6 @@ export class ConnectController extends BaseController {
|
||||
return this.ok(loginRes);
|
||||
}
|
||||
|
||||
@Post('/bind', { summary: Constants.per.loginOnly })
|
||||
public async bind(@Body(ALL) body: any) {
|
||||
//需要已登录
|
||||
const userId = this.getUserId();
|
||||
const validationValue = this.codeService.getValidationValue(body.validationCode);
|
||||
if (!validationValue) {
|
||||
throw new Error("校验码错误");
|
||||
}
|
||||
const type = validationValue.type;
|
||||
const userInfo = validationValue.userInfo;
|
||||
const openId = userInfo.openId;
|
||||
await this.oauthBoundService.bind({
|
||||
userId,
|
||||
type,
|
||||
openId,
|
||||
});
|
||||
return this.ok(1);
|
||||
}
|
||||
|
||||
@Post('/autoRegister', { summary: Constants.per.guest })
|
||||
public async autoRegister(@Body(ALL) body: { validationCode: string, type: string }) {
|
||||
@@ -185,6 +174,26 @@ export class ConnectController extends BaseController {
|
||||
return this.ok(loginRes);
|
||||
}
|
||||
|
||||
|
||||
@Post('/bind', { summary: Constants.per.loginOnly })
|
||||
public async bind(@Body(ALL) body: any) {
|
||||
//需要已登录
|
||||
const userId = this.getUserId();
|
||||
const validationValue = this.codeService.getValidationValue(body.validationCode);
|
||||
if (!validationValue) {
|
||||
throw new Error("校验码错误");
|
||||
}
|
||||
const type = validationValue.type;
|
||||
const userInfo = validationValue.userInfo;
|
||||
const openId = userInfo.openId;
|
||||
await this.oauthBoundService.bind({
|
||||
userId,
|
||||
type,
|
||||
openId,
|
||||
});
|
||||
return this.ok(1);
|
||||
}
|
||||
|
||||
@Post('/unbind', { summary: Constants.per.loginOnly })
|
||||
public async unbind(@Body(ALL) body: any) {
|
||||
//需要已登录
|
||||
@@ -196,6 +205,18 @@ export class ConnectController extends BaseController {
|
||||
return this.ok(1);
|
||||
}
|
||||
|
||||
@Post('/bounds', { summary: Constants.per.loginOnly })
|
||||
public async bounds(@Body(ALL) body: any) {
|
||||
//需要已登录
|
||||
const userId = this.getUserId();
|
||||
const bounds = await this.oauthBoundService.find({
|
||||
where :{
|
||||
userId,
|
||||
}
|
||||
});
|
||||
return this.ok(bounds);
|
||||
}
|
||||
|
||||
@Post('/providers', { summary: Constants.per.guest })
|
||||
public async providers() {
|
||||
const list = addonRegistry.getDefineList("oauth");
|
||||
|
||||
@@ -44,8 +44,11 @@ export class OauthBoundService extends BaseService<OauthBoundEntity> {
|
||||
type,
|
||||
},
|
||||
});
|
||||
if (exist) {
|
||||
throw new Error('该第三方账号已绑定用户');
|
||||
if (exist ) {
|
||||
if(exist.userId === userId){
|
||||
return;
|
||||
}
|
||||
throw new Error('该第三方账号已绑定其他用户');
|
||||
}
|
||||
|
||||
const exist2 = await this.repository.findOne({
|
||||
|
||||
@@ -38,6 +38,6 @@ export type LoginUrlReply = {
|
||||
}
|
||||
|
||||
export interface IOauthProvider {
|
||||
buildLoginUrl: (params: { redirectUri: string }) => Promise<LoginUrlReply>;
|
||||
buildLoginUrl: (params: { redirectUri: string, forType?: string }) => Promise<LoginUrlReply>;
|
||||
onCallback: (params: OnCallbackReq) => Promise<OauthToken>;
|
||||
}
|
||||
@@ -29,7 +29,7 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
|
||||
@AddonInput({
|
||||
title: "服务地址",
|
||||
helper: "Issuer地址",
|
||||
helper: "Issuer地址,去掉/.well-known/openid-configuration的服务发现地址",
|
||||
component: {
|
||||
placeholder: "https://oidc.example.com/oidc",
|
||||
},
|
||||
@@ -56,7 +56,7 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
}
|
||||
}
|
||||
|
||||
async buildLoginUrl(params: { redirectUri: string }) {
|
||||
async buildLoginUrl(params: { redirectUri: string, forType?: string }) {
|
||||
const { config, client } = await this.getClient()
|
||||
|
||||
let redirect_uri = new URL(params.redirectUri)
|
||||
@@ -69,7 +69,10 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
*/
|
||||
let code_verifier = client.randomPKCECodeVerifier()
|
||||
let code_challenge = await client.calculatePKCECodeChallenge(code_verifier)
|
||||
let state = client.randomState()
|
||||
let state:any = {
|
||||
forType: params.forType || 'login',
|
||||
}
|
||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
||||
|
||||
let parameters: any = {
|
||||
redirect_uri,
|
||||
@@ -90,13 +93,11 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
// }
|
||||
|
||||
let redirectTo = client.buildAuthorizationUrl(config, parameters)
|
||||
|
||||
// now redirect the user to redirectTo.href
|
||||
console.log('redirecting to', redirectTo.href)
|
||||
return {
|
||||
loginUrl: redirectTo.href,
|
||||
ticketValue: {
|
||||
codeVerifier: code_verifier,
|
||||
state,
|
||||
},
|
||||
};
|
||||
}
|
||||
@@ -114,7 +115,6 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
}
|
||||
)
|
||||
|
||||
console.log('Token Endpoint Response', tokens)
|
||||
const claims = tokens.claims()
|
||||
return {
|
||||
token:{
|
||||
|
||||
@@ -124,6 +124,9 @@ export class TencentRefreshCert extends AbstractTaskPlugin {
|
||||
|
||||
let resourceTypes = []
|
||||
const resourceTypesRegions = []
|
||||
if(!this.resourceTypesRegions){
|
||||
this.resourceTypesRegions = []
|
||||
}
|
||||
for (const item of this.resourceTypesRegions) {
|
||||
const [type,region] = item.split("_")
|
||||
if (!resourceTypes.includes( type)){
|
||||
@@ -156,13 +159,17 @@ export class TencentRefreshCert extends AbstractTaskPlugin {
|
||||
break;
|
||||
}
|
||||
retryCount++
|
||||
deployRes = await sslClient.UploadUpdateCertificateInstance({
|
||||
OldCertificateId: certId,
|
||||
const params = {
|
||||
"OldCertificateId": certId,
|
||||
"ResourceTypes": resourceTypes,
|
||||
"CertificatePublicKey": this.cert.crt,
|
||||
"CertificatePrivateKey": this.cert.key,
|
||||
"CertificatePublicKey": "xxx",
|
||||
"CertificatePrivateKey": "xxx",
|
||||
"ResourceTypesRegions":resourceTypesRegions
|
||||
});
|
||||
}
|
||||
this.logger.info(`请求参数:${JSON.stringify(params)}`);
|
||||
params.CertificatePublicKey = this.cert.crt
|
||||
params.CertificatePrivateKey = this.cert.key
|
||||
deployRes = await sslClient.UploadUpdateCertificateInstance(params);
|
||||
if (deployRes && deployRes.DeployRecordId>0){
|
||||
this.logger.info(`任务创建成功,开始检查结果:${JSON.stringify(deployRes)}`);
|
||||
break;
|
||||
@@ -325,7 +332,7 @@ export class TencentRefreshCert extends AbstractTaskPlugin {
|
||||
*/
|
||||
const options = list.map((item: any) => {
|
||||
return {
|
||||
label: `${item.Alias}<${item.Domain}_${item.CertificateId}>`,
|
||||
label: `${item.CertificateId}<${item.Domain}_${item.Alias}_${item.BoundResource.length}>`,
|
||||
value: item.CertificateId,
|
||||
domain: item.SubjectAltName,
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user