Merge branch 'refs/heads/v2-dev' into v2-dev-buy

# Conflicts: # docs/.vitepress/config.ts # packages/ui/certd-client/src/views/certd/pipeline/sub-domain/index.vue
2026-04-24 12:27:25 +08:00 · 2025-09-22 22:29:59 +08:00
parent b5d8161bc2 e30db9ee77
commit 81e588a896
175 changed files with 4551 additions and 684 deletions
@@ -0,0 +1,15 @@
+flyway:
+  scriptDir: './db/migration-mysql'
+
+typeorm:
+  dataSource:
+    default:
+      type: mysql # mariadb
+      host: localhost
+      port: 3309
+      logging: true
+      username: root
+      password: root
+      database: certd_comm
+
+
@@ -3,6 +3,38 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.36.21](https://github.com/certd/certd/compare/v1.36.20...v1.36.21) (2025-09-15)
+
+**Note:** Version bump only for package @certd/ui-server
+
+## [1.36.20](https://github.com/certd/certd/compare/v1.36.19...v1.36.20) (2025-09-13)
+
+### Bug Fixes
+
+* 修复证书监控某些情况下报 options.lookup不能为null的bug ([d2ecfe5](https://github.com/certd/certd/commit/d2ecfe5491b2639eb30b5cae293af6062d58bb9f))
+* 修复证书手动托管时新上传的证书无效的bug ([506385e](https://github.com/certd/certd/commit/506385e5a2600887fe30854e0713583caaa2e689))
+
+### Performance Improvements
+
+* 登录支持极验验证码 ([370db62](https://github.com/certd/certd/commit/370db62bf0aece241859244927beabba32d6a257))
+* 登录注册、找回密码都支持极验验证码和图片验证码 ([7bdde68](https://github.com/certd/certd/commit/7bdde68ecea29fe2c570fd3cb082139db6c93d93))
+* 证书到期剩余天数进度条根据实际证书有效期计算 ([#528](https://github.com/certd/certd/issues/528)) nicheng-he ([2d4586b](https://github.com/certd/certd/commit/2d4586b1c42c39f97d2a95b9453cca4bc8bfbe61))
+* add preferred chain option ([#519](https://github.com/certd/certd/issues/519))  @ZeroClover  ([902359f](https://github.com/certd/certd/commit/902359f24ed12eee4f9b65178f1d6a60378351d2))
+
+## [1.36.19](https://github.com/certd/certd/compare/v1.36.18...v1.36.19) (2025-09-05)
+
+### Bug Fixes
+
+* 前置任务输出不存在时输出警告提示 ([b59052c](https://github.com/certd/certd/commit/b59052cc43b7b070fabd8b8e914e4c2a5e0ad61c))
+* 修复mysql下购买套餐加量包无效的bug ([c26ad4c](https://github.com/certd/certd/commit/c26ad4c8075f0606d45b8da13915737968d6191a))
+
+### Performance Improvements
+
+* 增加健康检查探针  /health/liveliness 和 /health/readiness ([44019e1](https://github.com/certd/certd/commit/44019e104289fedd32a867db00e9c6cb71b389cc))
+* 支持根据id更新证书（证书Id不变接口），不过该接口为白名单功能，普通腾讯云账户无法使用 ([fe9c4f3](https://github.com/certd/certd/commit/fe9c4f3391ff07c01dd9a252225f69a129c39050))
+* 支持godaddy ([b7980aa](https://github.com/certd/certd/commit/b7980aad5ab50f58662eaddf5d84aa82876a98eb))
+* 支持ssl.com证书颁发机构 ([27b6dfa](https://github.com/certd/certd/commit/27b6dfa4d2ab3bddd284c3a34511a72e1a513a4c))
+
 ## [1.36.18](https://github.com/certd/certd/compare/v1.36.17...v1.36.18) (2025-08-28)

 ### Bug Fixes
@@ -0,0 +1,3 @@
+update cd_user_suite set is_empty = false where is_empty is null;
+
+ALTER TABLE cd_user_suite MODIFY COLUMN `is_empty` boolean default false ;
@@ -0,0 +1,2 @@
+ALTER TABLE cd_cert_info ADD COLUMN effective_time bigint;
+ALTER TABLE cd_site_info ADD COLUMN cert_effective_time bigint;
@@ -0,0 +1,13 @@
+
+CREATE TABLE `cd_addon` (
+  `id` bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id` bigint NOT NULL,
+  `name` varchar(100) NOT NULL,
+  `type` varchar(100) NOT NULL,
+  `addon_type` varchar(100) NOT NULL,
+  `is_default` boolean NOT NULL DEFAULT false,
+  `is_system` boolean NOT NULL DEFAULT false,
+  `setting` longtext,
+  `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
@@ -0,0 +1,2 @@
+update cd_user_suite set is_empty = false where is_empty is null;
+ALTER TABLE "cd_user_suite" ALTER COLUMN "is_empty" SET DEFAULT false;
@@ -0,0 +1,2 @@
+ALTER TABLE cd_cert_info ADD COLUMN effective_time bigint;
+ALTER TABLE cd_site_info ADD COLUMN cert_effective_time bigint;
@@ -0,0 +1,13 @@
+
+CREATE TABLE "cd_addon" (
+  "id" bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id" bigint NOT NULL,
+  "name" varchar(100) NOT NULL,
+  "type" varchar(100) NOT NULL,
+  "addon_type" varchar(100) NOT NULL,
+  "is_default" boolean NOT NULL DEFAULT (false),
+  "is_system" boolean NOT NULL DEFAULT (false),
+  "setting" text,
+  "create_time" timestamp NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
@@ -0,0 +1,2 @@
+ALTER TABLE cd_cert_info ADD COLUMN effective_time INTEGER;
+ALTER TABLE cd_site_info ADD COLUMN cert_effective_time INTEGER;
@@ -0,0 +1,13 @@
+
+CREATE TABLE "cd_addon" (
+  "id" integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+  "user_id" integer NOT NULL,
+  "name" varchar(100) NOT NULL,
+  "type" varchar(100) NOT NULL,
+  "addon_type" varchar(100) NOT NULL,
+  "is_default" boolean NOT NULL DEFAULT (false),
+  "is_system" boolean NOT NULL DEFAULT (false),
+  "setting" text,
+  "create_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" datetime NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
@@ -39,6 +39,7 @@ function transformPG() {
    pgSql = pgSql.replaceAll(/boolean DEFAULT \(0\)/g, 'boolean DEFAULT (false)');
    pgSql = pgSql.replaceAll(/boolean.*NOT NULL DEFAULT \(0\)/g, 'boolean NOT NULL DEFAULT (false)');
    pgSql = pgSql.replaceAll(/integer/g, 'bigint');
+    pgSql = pgSql.replaceAll(/INTEGER/g, 'bigint');
    pgSql = pgSql.replaceAll(/last_insert_rowid\(\)/g, 'LASTVAL()');
    fs.writeFileSync(`./migration-pg/${notFile}`, pgSql);
  }
@@ -66,6 +67,7 @@ function transformMysql() {
    //DEFAULT (xxx) 替换成 DEFAULT xxx
    pgSql = pgSql.replaceAll(/DEFAULT \(([^)]*)\)/g, 'DEFAULT $1');
    pgSql = pgSql.replaceAll(/integer/g, 'bigint');
+    pgSql = pgSql.replaceAll(/INTEGER/g, 'bigint');
    pgSql = pgSql.replaceAll(/last_insert_rowid\(\)/g, 'LAST_INSERT_ID()');
    //text 改成longtext
    pgSql = pgSql.replaceAll(/text/g, 'longtext');
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.36.18",
+  "version": "1.36.21",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -11,6 +11,7 @@
    "dev-commpro": "cross-env NODE_ENV=dev-commpro mwtsc --watch --run @midwayjs/mock/app",
    "dev-pg": "cross-env NODE_ENV=dev-pg mwtsc --watch --run @midwayjs/mock/app",
    "dev-mysql": "cross-env NODE_ENV=dev-mysql mwtsc --watch --run @midwayjs/mock/app",
+    "dev-mysql-comm": "cross-env NODE_ENV=dev-mysql-comm mwtsc --watch --run @midwayjs/mock/app",
    "dev-localplus": "cross-env NODE_ENV=dev-localplus mwtsc --watch --run @midwayjs/mock/app",
    "dev-pgpl": "cross-env NODE_ENV=dev-pgpl mwtsc --watch --run @midwayjs/mock/app",
    "dev-new": "cross-env NODE_ENV=dev-new mwtsc --watch --run @midwayjs/mock/app",
@@ -42,20 +43,20 @@
    "@aws-sdk/client-cloudfront": "^3.699.0",
    "@aws-sdk/client-iam": "^3.699.0",
    "@aws-sdk/client-s3": "^3.705.0",
-    "@certd/acme-client": "^1.36.18",
-    "@certd/basic": "^1.36.18",
-    "@certd/commercial-core": "^1.36.18",
+    "@certd/acme-client": "^1.36.21",
+    "@certd/basic": "^1.36.21",
+    "@certd/commercial-core": "^1.36.21",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.36.18",
-    "@certd/lib-huawei": "^1.36.18",
-    "@certd/lib-k8s": "^1.36.18",
-    "@certd/lib-server": "^1.36.18",
-    "@certd/midway-flyway-js": "^1.36.18",
-    "@certd/pipeline": "^1.36.18",
-    "@certd/plugin-cert": "^1.36.18",
-    "@certd/plugin-lib": "^1.36.18",
-    "@certd/plugin-plus": "^1.36.18",
-    "@certd/plus-core": "^1.36.18",
+    "@certd/jdcloud": "^1.36.21",
+    "@certd/lib-huawei": "^1.36.21",
+    "@certd/lib-k8s": "^1.36.21",
+    "@certd/lib-server": "^1.36.21",
+    "@certd/midway-flyway-js": "^1.36.21",
+    "@certd/pipeline": "^1.36.21",
+    "@certd/plugin-cert": "^1.36.21",
+    "@certd/plugin-lib": "^1.36.21",
+    "@certd/plugin-plus": "^1.36.21",
+    "@certd/plus-core": "^1.36.21",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.120",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.120",
    "@koa/cors": "^5.0.0",
@@ -117,7 +118,7 @@
    "socks-proxy-agent": "^8.0.4",
    "strip-ansi": "^7.1.0",
    "svg-captcha": "^1.4.0",
-    "tencentcloud-sdk-nodejs": "^4.0.983",
+    "tencentcloud-sdk-nodejs": "^4.1.112",
    "typeorm": "^0.3.20",
    "uuid": "^10.0.0"
  },
@@ -27,6 +27,7 @@ const development = {
  },
  keys: 'certd',
  koa: {
+    hostname:"::",
    port: 7001,
  },
  https: {
@@ -1,8 +1,9 @@
-import { Rule, RuleType } from '@midwayjs/validate';
-import { ALL, Body, Controller, Get, Inject, Post, Provide, Query } from '@midwayjs/core';
-import { BaseController, Constants } from '@certd/lib-server';
-import { CodeService } from '../../modules/basic/service/code-service.js';
-import { EmailService } from '../../modules/basic/service/email-service.js';
+import { Rule, RuleType } from "@midwayjs/validate";
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
+import { BaseController, Constants, SysSettingsService } from "@certd/lib-server";
+import { CodeService } from "../../modules/basic/service/code-service.js";
+import { EmailService } from "../../modules/basic/service/email-service.js";
+import { CaptchaService } from "../../modules/basic/service/captcha-service.js";

 export class SmsCodeReq {
  @Rule(RuleType.string().required())
@@ -11,11 +12,8 @@ export class SmsCodeReq {
  @Rule(RuleType.string().required())
  mobile: string;

-  @Rule(RuleType.string().required().max(10))
-  randomStr: string;
-
-  @Rule(RuleType.string().required().max(4))
-  imgCode: string;
+  @Rule(RuleType.required())
+  captcha: any;

  @Rule(RuleType.string())
  verificationType: string;
@@ -25,11 +23,8 @@ export class EmailCodeReq {
  @Rule(RuleType.string().required())
  email: string;

-  @Rule(RuleType.string().required().max(10))
-  randomStr: string;
-
-  @Rule(RuleType.string().required().max(4))
-  imgCode: string;
+  @Rule(RuleType.required())
+  captcha: any;

  @Rule(RuleType.string())
  verificationType: string;
@@ -48,6 +43,17 @@ export class BasicController extends BaseController {

  @Inject()
  emailService: EmailService;
+  @Inject()
+  sysSettingsService: SysSettingsService;
+
+  @Inject()
+  captchaService: CaptchaService;
+
+  @Post('/captcha/get', { summary: Constants.per.guest })
+  async getCaptcha(@Query("captchaAddonId") captchaAddonId:number) {
+      const form = await this.captchaService.getCaptcha(captchaAddonId)
+      return this.ok(form);
+  }

  @Post('/sendSmsCode', { summary: Constants.per.guest })
  public async sendSmsCode(
@@ -64,8 +70,8 @@ export class BasicController extends BaseController {
      // opts.verificationCodeLength = 6; //部分厂商这里会设置参数长度这里就不改了
    }

-    await this.codeService.checkCaptcha(body.randomStr, body.imgCode);
-    await this.codeService.sendSmsCode(body.phoneCode, body.mobile, body.randomStr, opts);
+    await this.codeService.checkCaptcha(body.captcha);
+    await this.codeService.sendSmsCode(body.phoneCode, body.mobile, opts);
    return this.ok(null);
  }

@@ -88,16 +94,10 @@ export class BasicController extends BaseController {
      opts.verificationCodeLength = 6;
    }

-    await this.codeService.checkCaptcha(body.randomStr, body.imgCode);
-    await this.codeService.sendEmailCode(body.email, body.randomStr, opts);
+    await this.codeService.checkCaptcha(body.captcha);
+    await this.codeService.sendEmailCode(body.email, opts);
    // 设置缓存内容
    return this.ok(null);
  }

-  @Get('/captcha', { summary: Constants.per.guest })
-  public async getCaptcha(@Query('randomStr') randomStr: any) {
-    const captcha = await this.codeService.generateCaptcha(randomStr);
-    this.ctx.res.setHeader('Content-Type', 'image/svg+xml');
-    return captcha.data;
-  }
 }
@@ -23,7 +23,7 @@ const unhiddenHtml = `

@Provide()
@Controller('/api/unhidden')
-export class HnhiddenController {
+export class UnhiddenController {
    @Inject()
    ctx: IMidwayKoaContext;
    @Inject()
@@ -0,0 +1,83 @@
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
+import { AddonRequestHandleReq, AddonService, Constants } from "@certd/lib-server";
+import { AddonController } from "../../user/addon/addon-controller.js";
+
+@Provide()
+@Controller('/api/sys/addon')
+export class SysAddonController extends AddonController {
+  @Inject()
+  service2: AddonService;
+
+  getService(): AddonService {
+    return this.service2;
+  }
+
+  getUserId() {
+    // checkComm();
+    return 0;
+  }
+
+  @Post('/page', { summary: 'sys:settings:view' })
+  async page(@Body(ALL) body: any) {
+    return await super.page(body);
+  }
+
+  @Post('/list', { summary: 'sys:settings:view' })
+  async list(@Body(ALL) body: any) {
+    return await super.list(body);
+  }
+
+  @Post('/add', { summary: 'sys:settings:edit' })
+  async add(@Body(ALL) bean: any) {
+    return await super.add(bean);
+  }
+
+  @Post('/update', { summary: 'sys:settings:edit' })
+  async update(@Body(ALL) bean: any) {
+    return await super.update(bean);
+  }
+  @Post('/info', { summary: 'sys:settings:view' })
+  async info(@Query('id') id: number) {
+    return await super.info(id);
+  }
+
+  @Post('/delete', { summary: 'sys:settings:edit' })
+  async delete(@Query('id') id: number) {
+    return await super.delete(id);
+  }
+  @Post('/define', { summary: Constants.per.authOnly })
+  async define(@Query('type') type: string,@Query('addonType') addonType: string) {
+    return await super.define(type,addonType);
+  }
+
+  @Post('/getTypeDict', { summary: Constants.per.authOnly })
+  async getTypeDict(@Query('addonType') addonType: string) {
+    return await super.getTypeDict(addonType);
+  }
+
+  @Post('/simpleInfo', { summary: Constants.per.authOnly })
+  async simpleInfo(@Query('addonType') addonType: string,@Query('id') id: number) {
+    return await super.simpleInfo(addonType,id);
+  }
+
+  @Post('/getDefaultId', { summary: Constants.per.authOnly })
+  async getDefaultId(@Query('addonType') addonType: string) {
+   return await super.getDefaultId(addonType);
+  }
+
+  @Post('/setDefault', { summary: Constants.per.authOnly })
+  async setDefault(@Query('addonType') addonType: string,@Query('id') id: number) {
+    return await super.setDefault(addonType,id);
+  }
+
+
+  @Post('/options', { summary: Constants.per.authOnly })
+  async options(@Query('addonType') addonType: string) {
+    return await super.options(addonType);
+  }
+
+  @Post('/handle', { summary: Constants.per.authOnly })
+  async handle(@Body(ALL) body: AddonRequestHandleReq) {
+   return await super.handle(body);
+  }
+}
@@ -1,4 +1,4 @@
-import {ALL, Body, Controller, Inject, Post, Provide, Query} from '@midwayjs/core';
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
 import {
  CrudController,
  SysPrivateSettings,
@@ -6,14 +6,14 @@ import {
  SysSafeSetting,
  SysSettingsEntity,
  SysSettingsService
-} from '@certd/lib-server';
-import {cloneDeep, merge} from 'lodash-es';
-import {PipelineService} from '../../../modules/pipeline/service/pipeline-service.js';
-import {UserSettingsService} from '../../../modules/mine/service/user-settings-service.js';
-import {getEmailSettings} from '../../../modules/sys/settings/fix.js';
-import {http, logger, simpleNanoId, utils} from '@certd/basic';
-import {CodeService} from '../../../modules/basic/service/code-service.js';
-import {SmsServiceFactory} from '../../../modules/basic/sms/factory.js';
+} from "@certd/lib-server";
+import { cloneDeep, merge } from "lodash-es";
+import { PipelineService } from "../../../modules/pipeline/service/pipeline-service.js";
+import { UserSettingsService } from "../../../modules/mine/service/user-settings-service.js";
+import { getEmailSettings } from "../../../modules/sys/settings/fix.js";
+import { http, logger, utils } from "@certd/basic";
+import { CodeService } from "../../../modules/basic/service/code-service.js";
+import { SmsServiceFactory } from "../../../modules/basic/sms/factory.js";


 /**
@@ -158,7 +158,7 @@ export class SysSettingsController extends CrudController<SysSettingsService> {

  @Post('/testSms', { summary: 'sys:settings:edit' })
  async testSms(@Body(ALL) body) {
-    await this.codeService.sendSmsCode(body.phoneCode, body.mobile, simpleNanoId());
+    await this.codeService.sendSmsCode(body.phoneCode, body.mobile );
    return this.ok({});
  }

@@ -0,0 +1,199 @@
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
+import {
+  AddonDefine,
+  AddonRequestHandleReq,
+  AddonService,
+  Constants,
+  CrudController,
+  newAddon,
+  ValidateException
+} from "@certd/lib-server";
+import { AuthService } from "../../../modules/sys/authority/service/auth-service.js";
+import { checkPlus } from "@certd/plus-core";
+import { http, logger, utils } from "@certd/basic";
+
+/**
+ * Addon
+ */
+@Provide()
+@Controller('/api/addon')
+export class AddonController extends CrudController<AddonService> {
+  @Inject()
+  service: AddonService;
+  @Inject()
+  authService: AuthService;
+
+  getService(): AddonService {
+    return this.service;
+  }
+
+  @Post('/page', { summary: Constants.per.authOnly })
+  async page(@Body(ALL) body) {
+    body.query = body.query ?? {};
+    delete body.query.userId;
+    const buildQuery = qb => {
+      qb.andWhere('user_id = :userId', { userId: this.getUserId() });
+    };
+    const res = await this.service.page({
+      query: body.query,
+      page: body.page,
+      sort: body.sort,
+      buildQuery,
+    });
+    return this.ok(res);
+  }
+
+  @Post('/list', { summary: Constants.per.authOnly })
+  async list(@Body(ALL) body) {
+    body.query = body.query ?? {};
+    body.query.userId = this.getUserId();
+    return super.list(body);
+  }
+
+  @Post('/add', { summary: Constants.per.authOnly })
+  async add(@Body(ALL) bean) {
+    bean.userId = this.getUserId();
+    const type = bean.type;
+    const addonType = bean.addonType;
+    if (! type || !addonType){
+        throw new ValidateException('请选择Addon类型');
+    }
+    const define: AddonDefine = this.service.getDefineByType(type,addonType);
+    if (!define) {
+      throw new ValidateException('Addon类型不存在');
+    }
+    if (define.needPlus) {
+      checkPlus();
+    }
+    return super.add(bean);
+  }
+
+  @Post('/update', { summary: Constants.per.authOnly })
+  async update(@Body(ALL) bean) {
+    await this.service.checkUserId(bean.id, this.getUserId());
+    const old = await this.service.info(bean.id);
+    if (!old) {
+      throw new ValidateException('Addon配置不存在');
+    }
+    if (old.type !== bean.type ) {
+      const addonType = old.type;
+      const type = bean.type;
+      const define: AddonDefine = this.service.getDefineByType(type,addonType);
+      if (!define) {
+        throw new ValidateException('Addon类型不存在');
+      }
+      if (define.needPlus) {
+        checkPlus();
+      }
+    }
+    delete bean.userId;
+    return super.update(bean);
+  }
+  @Post('/info', { summary: Constants.per.authOnly })
+  async info(@Query('id') id: number) {
+    await this.service.checkUserId(id, this.getUserId());
+    return super.info(id);
+  }
+
+  @Post('/delete', { summary: Constants.per.authOnly })
+  async delete(@Query('id') id: number) {
+    await this.service.checkUserId(id, this.getUserId());
+    return super.delete(id);
+  }
+
+  @Post('/define', { summary: Constants.per.authOnly })
+  async define(@Query('type') type: string,@Query('addonType') addonType: string) {
+    const notification = this.service.getDefineByType(type,addonType);
+    return this.ok(notification);
+  }
+
+  @Post('/getTypeDict', { summary: Constants.per.authOnly })
+  async getTypeDict(@Query('addonType') addonType: string) {
+    const list: any = this.service.getDefineList(addonType);
+    let dict = [];
+    for (const item of list) {
+      dict.push({
+        value: item.name,
+        label: item.title,
+        needPlus: item.needPlus ?? false,
+        icon: item.icon,
+      });
+    }
+    dict = dict.sort(a => {
+      return a.needPlus ? 0 : -1;
+    });
+    return this.ok(dict);
+  }
+
+  @Post('/simpleInfo', { summary: Constants.per.authOnly })
+  async simpleInfo(@Query('addonType') addonType: string,@Query('id') id: number) {
+    if (id === 0) {
+      //获取默认
+      const res = await this.service.getDefault(this.getUserId(),addonType);
+      if (!res) {
+        throw new ValidateException('默认Addon配置不存在');
+      }
+      const simple = await this.service.getSimpleInfo(res.id);
+      return this.ok(simple);
+    }
+    await this.authService.checkEntityUserId(this.ctx, this.service, id);
+    const res = await this.service.getSimpleInfo(id);
+    return this.ok(res);
+  }
+
+  @Post('/getDefaultId', { summary: Constants.per.authOnly })
+  async getDefaultId(@Query('addonType') addonType: string) {
+    const res = await this.service.getDefault(this.getUserId(),addonType);
+    return this.ok(res?.id);
+  }
+
+  @Post('/setDefault', { summary: Constants.per.authOnly })
+  async setDefault(@Query('addonType') addonType: string,@Query('id') id: number) {
+    await this.service.checkUserId(id, this.getUserId());
+    const res = await this.service.setDefault(id, this.getUserId(),addonType);
+    return this.ok(res);
+  }
+
+
+  @Post('/options', { summary: Constants.per.authOnly })
+  async options(@Query('addonType') addonType: string) {
+    const res = await this.service.list({
+      query: {
+        userId: this.getUserId(),
+        addonType
+      },
+    });
+    for (const item of res) {
+      delete item.setting;
+    }
+    return this.ok(res);
+  }
+
+
+  @Post('/handle', { summary: Constants.per.authOnly })
+  async handle(@Body(ALL) body: AddonRequestHandleReq) {
+    const userId = this.getUserId();
+    let inputAddon = body.input.addon;
+    if (body.input.id > 0) {
+      const oldEntity = await this.service.info(body.input.id);
+      if (oldEntity) {
+        if (oldEntity.userId !== userId) {
+          throw new Error('addon not found');
+        }
+        // const param: any = {
+        //   type: body.typeName,
+        //   setting: JSON.stringify(body.input.access),
+        // };
+        inputAddon = JSON.parse( oldEntity.setting)
+      }
+    }
+    const ctx = {
+      http: http,
+      logger:logger,
+      utils:utils,
+    }
+    const addon = await newAddon(body.addonType,body.typeName, inputAddon,ctx);
+    const res = await addon.onRequest(body);
+    return this.ok(res);
+  }
+}
@@ -29,25 +29,23 @@ export class LoginController extends BaseController {
      throw new CommonException('暂未开启自助找回');
    }
    // 找回密码的验证码允许错误次数
-    const errorNum = 5;
+    const maxErrorCount = 5;

    if(body.type === 'email') {
      this.codeService.checkEmailCode({
        verificationType: 'forgotPassword',
        email: body.input,
-        randomStr: body.randomStr,
        validateCode: body.validateCode,
-        errorNum,
+        maxErrorCount: maxErrorCount,
        throwError: true,
      });
    } else if(body.type === 'mobile') {
      await this.codeService.checkSmsCode({
        verificationType: 'forgotPassword',
        mobile: body.input,
-        randomStr: body.randomStr,
        phoneCode: body.phoneCode,
        smsCode: body.validateCode,
-        errorNum,
+        maxErrorCount: maxErrorCount,
        throwError: true,
      });
    } else {
@@ -1,8 +1,9 @@
-import { ALL, Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
-import { LoginService } from '../../../modules/login/service/login-service.js';
-import { BaseController, Constants, SysPublicSettings, SysSettingsService } from '@certd/lib-server';
-import { CodeService } from '../../../modules/basic/service/code-service.js';
-import { checkComm } from '@certd/plus-core';
+import { ALL, Body, Controller, Inject, Post, Provide } from "@midwayjs/core";
+import { LoginService } from "../../../modules/login/service/login-service.js";
+import { AddonService, BaseController, Constants, SysPublicSettings, SysSettingsService } from "@certd/lib-server";
+import { CodeService } from "../../../modules/basic/service/code-service.js";
+import { checkComm } from "@certd/plus-core";
+import { CaptchaService } from "../../../modules/basic/service/captcha-service.js";

 /**
 */
@@ -16,13 +17,22 @@ export class LoginController extends BaseController {

  @Inject()
  sysSettingsService: SysSettingsService;
+  @Inject()
+  addonService: AddonService;
+
+  @Inject()
+  captchaService: CaptchaService;

  @Post('/login', { summary: Constants.per.guest })
  public async login(
    @Body(ALL)
-    user: any
+    body: any
  ) {
-    const token = await this.loginService.loginByPassword(user);
+   const settings = await this.sysSettingsService.getPublicSettings()
+    if (settings.captchaEnabled === true) {
+      await this.captchaService.doValidate({form:body.captcha,must:false,captchaAddonId:settings.captchaAddonId})
+    }
+    const token = await this.loginService.loginByPassword(body);
    this.writeTokenCookie(token);
    return this.ok(token);
  }
@@ -13,8 +13,7 @@ export type RegisterReq = {
  phoneCode?: string;

  validateCode: string;
-  imgCode: string;
-  randomStr: string;
+  captcha:any;
 };

 /**
@@ -52,7 +51,7 @@ export class RegisterController extends BaseController {
        throw new Error('用户名不能为空');
      }

-      await this.codeService.checkCaptcha(body.randomStr, body.imgCode);
+      await this.codeService.checkCaptcha(body.captcha);
      const newUser = await this.userService.register(body.type, {
        username: body.username,
        password: body.password,
@@ -68,7 +67,6 @@ export class RegisterController extends BaseController {
        mobile: body.mobile,
        phoneCode: body.phoneCode,
        smsCode: body.validateCode,
-        randomStr: body.randomStr,
        throwError: true,
      });
      const newUser = await this.userService.register(body.type, {
@@ -85,7 +83,6 @@ export class RegisterController extends BaseController {
      checkPlus();
      this.codeService.checkEmailCode({
        email: body.email,
-        randomStr: body.randomStr,
        validateCode: body.validateCode,
        throwError: true,
      });
@@ -0,0 +1,54 @@
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { AddonService, SysSettingsService } from "@certd/lib-server";
+import { logger } from "@certd/basic";
+import { ICaptchaAddon } from "../../../plugins/plugin-captcha/api.js";
+
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class CaptchaService {
+  @Inject()
+  sysSettingsService: SysSettingsService;
+  @Inject()
+  addonService: AddonService;
+
+
+  async getCaptcha(captchaAddonId?:number){
+    if (!captchaAddonId) {
+      const settings = await this.sysSettingsService.getPublicSettings()
+      captchaAddonId = settings.captchaAddonId ?? 0
+    }
+    const addon:ICaptchaAddon = await this.addonService.getAddonById(captchaAddonId,true,0)
+    if (!addon) {
+      throw new Error('验证码插件还未配置')
+    }
+    return  await addon.getCaptcha()
+  }
+
+
+  async doValidate(opts:{form:any,must?:boolean,captchaAddonId?:number}){
+    if (!opts.captchaAddonId) {
+      const settings = await this.sysSettingsService.getPublicSettings()
+      opts.captchaAddonId = settings.captchaAddonId ?? 0
+    }
+    const addon = await this.addonService.getById(opts.captchaAddonId,0)
+    if (!addon) {
+      if (opts.must) {
+        throw new Error('请先配置验证码插件');
+      }
+      logger.warn('验证码插件还未配置，忽略验证码校验')
+      return true
+    }
+
+    if (!opts.form) {
+      throw new Error('请输入验证码');
+    }
+    const res = await addon.onValidate(opts.form)
+    if (!res) {
+      throw new Error('验证码错误');
+    }
+
+    return true
+
+  }
+
+}
@@ -8,6 +8,7 @@ import { EmailService } from './email-service.js';
 import { AccessService } from '@certd/lib-server';
 import { AccessSysGetter } from '@certd/lib-server';
 import { isComm } from '@certd/plus-core';
+import { CaptchaService } from "./captcha-service.js";

 // {data: '<svg.../svg>', text: 'abcd'}
 /**
@@ -23,44 +24,19 @@ export class CodeService {
  @Inject()
  accessService: AccessService;

-  /**
-   */
-  async generateCaptcha(randomStr) {
-    const svgCaptcha = await import('svg-captcha');
-    const c = svgCaptcha.create();
-    //{data: '<svg.../svg>', text: 'abcd'}
-    const imgCode = c.text; // = RandomUtil.randomStr(4, true);
-    cache.set('imgCode:' + randomStr, imgCode, {
-      ttl: 2 * 60 * 1000, //过期时间 2分钟
-    });
-    return c;
-  }
+  @Inject()
+  captchaService: CaptchaService;

-  async getCaptchaText(randomStr) {
-    return cache.get('imgCode:' + randomStr);
-  }

-  async removeCaptcha(randomStr) {
-    cache.delete('imgCode:' + randomStr);
-  }

-  async checkCaptcha(randomStr: string, userCaptcha: string) {
-    const code = await this.getCaptchaText(randomStr);
-    if (code == null) {
-      throw new Error('验证码已过期');
-    }
-    if (code.toLowerCase() !== userCaptcha.toLowerCase()) {
-      throw new Error('验证码不正确');
-    }
-    await this.removeCaptcha(randomStr);
-    return true;
+  async checkCaptcha(body:any) {
+    return await this.captchaService.doValidate({form:body})
  }
  /**
   */
  async sendSmsCode(
    phoneCode = '86',
    mobile: string,
-    randomStr: string,
    opts?: {
      duration?: number,
      verificationType?: string,
@@ -70,9 +46,6 @@ export class CodeService {
    if (!mobile) {
      throw new Error('手机号不能为空');
    }
-    if (!randomStr) {
-      throw new Error('randomStr不能为空');
-    }

    const verificationCodeLength =  Math.floor(Math.max(Math.min(opts?.verificationCodeLength || 4, 8), 4));
    const duration = Math.floor(Math.max(Math.min(opts?.duration || 5, 15), 1));
@@ -96,7 +69,7 @@ export class CodeService {
      phoneCode,
    });

-    const key = this.buildSmsCodeKey(phoneCode, mobile, randomStr, opts?.verificationType);
+    const key = this.buildSmsCodeKey(phoneCode, mobile,  opts?.verificationType);
    cache.set(key, smsCode, {
      ttl: duration * 60 * 1000, //5分钟
    });
@@ -106,12 +79,10 @@ export class CodeService {
  /**
   *
   * @param email 收件邮箱
-   * @param randomStr
   * @param opts title标题 content内容模版 duration有效时间单位分钟 verificationType验证类型
   */
  async sendEmailCode(
    email: string,
-    randomStr: string,
    opts?: {
      title?: string,
      content?: string,
@@ -123,9 +94,7 @@ export class CodeService {
    if (!email) {
      throw new Error('Email不能为空');
    }
-    if (!randomStr) {
-      throw new Error('randomStr不能为空');
-    }
+

    let siteTitle = 'Certd';
    if (isComm()) {
@@ -149,7 +118,7 @@ export class CodeService {
      receivers: [email],
    });

-    const key = this.buildEmailCodeKey(email, randomStr, opts?.verificationType);
+    const key = this.buildEmailCodeKey(email,opts?.verificationType);
    cache.set(key, code, {
      ttl: duration * 60 * 1000, //5分钟
    });
@@ -159,31 +128,32 @@ export class CodeService {
  /**
   * checkSms
   */
-  async checkSmsCode(opts: { mobile: string; phoneCode: string; smsCode: string; randomStr: string; verificationType?: string; throwError: boolean; errorNum?: number }) {
-    const key = this.buildSmsCodeKey(opts.phoneCode, opts.mobile, opts.randomStr, opts.verificationType);
-    if (isDev()) {
+  async checkSmsCode(opts: { mobile: string; phoneCode: string; smsCode: string;  verificationType?: string; throwError: boolean; maxErrorCount?: number }) {
+    const key = this.buildSmsCodeKey(opts.phoneCode, opts.mobile, opts.verificationType);
+    return this.checkValidateCode("sms",key, opts.smsCode, opts.throwError, opts.maxErrorCount);
+
+  }
+
+  buildSmsCodeKey(phoneCode: string, mobile: string, verificationType?: string) {
+    return ['sms', verificationType, phoneCode, mobile].filter(item => !!item).join(':');
+  }
+
+  buildEmailCodeKey(email: string, verificationType?: string) {
+    return ['email', verificationType, email].filter(item => !!item).join(':');
+  }
+  checkValidateCode(type:string,key: string, userCode: string, throwError = true, maxErrorCount = 3) {
+    // 记录异常次数key
+    if (isDev() && userCode==="1234567") {
      return true;
    }
-    return this.checkValidateCode(key, opts.smsCode, opts.throwError, opts.errorNum);
-  }
-
-  buildSmsCodeKey(phoneCode: string, mobile: string, randomStr: string, verificationType?: string) {
-    return ['sms', verificationType, phoneCode, mobile, randomStr].filter(item => !!item).join(':');
-  }
-
-  buildEmailCodeKey(email: string, randomStr: string, verificationType?: string) {
-    return ['email', verificationType, email, randomStr].filter(item => !!item).join(':');
-  }
-  checkValidateCode(key: string, userCode: string, throwError = true, errorNum = 3) {
-    // 记录异常次数key
    const err_num_key = key + ':err_num';
-    //验证图片验证码
+    //验证邮件验证码
    const code = cache.get(key);
    if (code == null || code !== userCode) {
      let maxRetryCount = false;
-      if (!!code && errorNum > 0) {
+      if (!!code && maxErrorCount > 0) {
        const err_num = cache.get(err_num_key) || 0
-        if(err_num >= errorNum - 1) {
+        if(err_num >= maxErrorCount - 1) {
          maxRetryCount = true;
          cache.delete(key);
          cache.delete(err_num_key);
@@ -194,7 +164,8 @@ export class CodeService {
        }
      }
      if (throwError) {
-        throw new CodeErrorException(!maxRetryCount ? '验证码错误': '验证码错误请获取新的验证码');
+        const label = type ==='sms' ? '手机' : '邮箱';
+        throw new CodeErrorException(!maxRetryCount ? `${label}验证码错误`: `${label}验证码错误请获取新的验证码`);
      }
      return false;
    }
@@ -203,9 +174,9 @@ export class CodeService {
    return true;
  }

-  checkEmailCode(opts: { randomStr: string; validateCode: string; email: string; verificationType?: string; throwError: boolean; errorNum?: number }) {
-    const key = this.buildEmailCodeKey(opts.email, opts.randomStr, opts.verificationType);
-    return this.checkValidateCode(key, opts.validateCode, opts.throwError, opts.errorNum);
+  checkEmailCode(opts: { validateCode: string; email: string; verificationType?: string; throwError: boolean; maxErrorCount?: number }) {
+    const key = this.buildEmailCodeKey(opts.email,  opts.verificationType);
+    return this.checkValidateCode('email',key, opts.validateCode, opts.throwError, opts.maxErrorCount);
  }

  compile(templateString: string) {
@@ -1,17 +1,22 @@
-import {Config, Inject, Provide, Scope, ScopeEnum} from '@midwayjs/core';
-import {UserService} from '../../sys/authority/service/user-service.js';
-import jwt from 'jsonwebtoken';
-import {AuthException, CommonException, Need2FAException} from "@certd/lib-server";
-import {RoleService} from '../../sys/authority/service/role-service.js';
-import {UserEntity} from '../../sys/authority/entity/user.js';
-import {SysSettingsService} from '@certd/lib-server';
-import {SysPrivateSettings} from '@certd/lib-server';
-import {cache, utils} from '@certd/basic';
-import {LoginErrorException} from '@certd/lib-server/dist/basic/exception/login-error-exception.js';
-import {CodeService} from '../../basic/service/code-service.js';
-import {TwoFactorService} from "../../mine/service/two-factor-service.js";
-import {UserSettingsService} from '../../mine/service/user-settings-service.js';
-import {isPlus} from "@certd/plus-core";
+import { Config, Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { UserService } from "../../sys/authority/service/user-service.js";
+import jwt from "jsonwebtoken";
+import {
+  AuthException,
+  CommonException,
+  Need2FAException,
+  SysPrivateSettings,
+  SysSettingsService
+} from "@certd/lib-server";
+import { RoleService } from "../../sys/authority/service/role-service.js";
+import { UserEntity } from "../../sys/authority/entity/user.js";
+import { cache, utils } from "@certd/basic";
+import { LoginErrorException } from "@certd/lib-server/dist/basic/exception/login-error-exception.js";
+import { CodeService } from "../../basic/service/code-service.js";
+import { TwoFactorService } from "../../mine/service/two-factor-service.js";
+import { UserSettingsService } from "../../mine/service/user-settings-service.js";
+import { isPlus } from "@certd/plus-core";
+import { AddonService } from "@certd/lib-server/dist/user/addon/service/addon-service.js";

 /**
 * 系统用户
@@ -35,6 +40,8 @@ export class LoginService {
  userSettingsService: UserSettingsService;
  @Inject()
  twoFactorService: TwoFactorService;
+  @Inject()
+  addonService: AddonService;

  checkIsBlocked(username: string) {
    const blockDurationKey = `login_block_duration:${username}`;
@@ -106,13 +113,12 @@ export class LoginService {
      mobile: req.mobile,
      phoneCode: req.phoneCode,
      smsCode: req.smsCode,
-      randomStr: req.randomStr,
      throwError: false,
    });

    const {mobile, phoneCode} = req;
    if (!smsChecked) {
-      this.addErrorTimes(mobile, '验证码错误');
+      this.addErrorTimes(mobile, '手机验证码错误');
    }
    let info = await this.userService.findOne({phoneCode, mobile: mobile});
    if (info == null) {
@@ -30,6 +30,9 @@ export class CertInfoEntity {
  @Column({ name: 'cert_provider', comment: '证书颁发机构' })
  certProvider: string;

+  @Column({ name: 'effective_time', comment: '生效时间' })
+  effectiveTime: number;
+
  @Column({ name: 'expires_time', comment: '过期时间' })
  expiresTime: number;

@@ -26,6 +26,8 @@ export class SiteInfoEntity {
  @Column({ name: 'cert_provider', comment: '证书颁发机构', length: 100 })
  certProvider: string;

+  @Column({ name: 'cert_effective_time', comment: '证书生效时间' })
+  certEffectiveTime: number;
  @Column({ name: 'cert_expires_time', comment: '证书到期时间' })
  certExpiresTime: number;
  @Column({ name: 'last_check_time', comment: '上次检查时间' })
@@ -164,6 +164,7 @@ export class CertInfoService extends BaseService<CertInfoEntity> {
    bean.domains = domains.join(',');
    bean.domain = domains[0];
    bean.domainCount = domains.length;
+    bean.effectiveTime = certReader.effective;
    bean.expiresTime = certReader.expires;
    bean.certProvider = certReader.detail.issuer.commonName;
    bean.userId = userId
@@ -134,6 +134,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
      if (!certi) {
        throw new Error("没有发现证书");
      }
+      const effective = certi.valid_from;
      const expires = certi.valid_to;
      const allDomains = certi.subjectaltname?.replaceAll("DNS:", "").split(",") || [];
      const mainDomain = certi.subject?.CN;
@@ -149,12 +150,13 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
        certDomains: domains.join(","),
        certStatus: status,
        certProvider: issuer,
+        certEffectiveTime: dayjs(effective).valueOf(),
        certExpiresTime: dayjs(expires).valueOf(),
        lastCheckTime: dayjs().valueOf(),
        error: null,
        checkStatus: "ok"
      };
-      logger.info(`测试站点成功：id=${updateData.id},site=${site.name},expiresTime=${updateData.certExpiresTime}`)
+      logger.info(`测试站点成功：id=${updateData.id},site=${site.name},certEffectiveTime=${updateData.certEffectiveTime},expiresTime=${updateData.certExpiresTime}`)
      if (site.ipCheck) {
        delete updateData.checkStatus
      }
@@ -80,7 +80,11 @@ export class SiteTester {
      }
    }

-    options.agent = new https.Agent({ keepAlive: false, lookup: customLookup });
+    const agentOptions:any = { keepAlive: false };
+    if (customLookup) {
+      agentOptions.lookup = customLookup
+    }
+    options.agent = new https.Agent(agentOptions);

    // 创建 HTTPS 请求
    const requestPromise = safePromise((resolve, reject) => {
@@ -934,6 +934,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
                    "sslProvider": "letsencrypt",
                    "privateKeyType": "rsa_2048",
                    "certProfile": "classic",
+                    "preferredChain": "ISRG Root X1",
                    "useProxy": false,
                    "skipLocalVerify": false,
                    "maxCheckRetryCount": 20,
@@ -238,9 +238,12 @@ export class UserService extends BaseService<UserEntity> {

  async forgotPassword(
    data: {
-      type: ForgotPasswordType; input?: string, phoneCode?: string,
-      randomStr: string, imgCode:string, validateCode: string,
-      password: string, confirmPassword: string,
+      type: ForgotPasswordType;
+      input?: string,
+      phoneCode?: string,
+      validateCode: string,
+      password: string,
+      confirmPassword: string,
    }
  ) {
    if(!data.type) {
@@ -249,7 +252,13 @@ export class UserService extends BaseService<UserEntity> {
    if(data.password !== data.confirmPassword) {
      throw new CommonException('两次输入的密码不一致');
    }
-    const user = await this.findOne([{ [data.type]: data.input }]);
+    const where :any= {
+      [data.type]: data.input,
+    };
+    if (data.type === 'mobile' ) {
+      where.phoneCode = data.phoneCode ??  '86';
+    }
+    const user = await this.findOne({ [data.type]: data.input });
    console.log('user', user)
    if(!user) {
      throw new CommonException('用户不存在');
@@ -34,3 +34,5 @@ export * from './plugin-admin/index.js'
 export * from './plugin-ksyun/index.js'
 export * from './plugin-apisix/index.js'
 export * from './plugin-dokploy/index.js'
+export * from './plugin-godaddy/index.js'
+export * from './plugin-captcha/index.js'
@@ -116,6 +116,12 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
  })
  protocol!: string;

+  @TaskInput({
+    title: '证书名称',
+    helper: '上传后将以此名称作为前缀备注',
+  })
+  certName!: string;
+
  async onInstance() {}

  async exec(cmd: string) {
@@ -179,7 +185,7 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
        bodyType: 'json',
      });
      // body params
-      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
+      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt),this.certName??"")

      const body: { [key: string]: any } = {
        certConfig: {
@@ -0,0 +1,4 @@
+export interface  ICaptchaAddon{
+  onValidate(data?:any):Promise<any>;
+  getCaptcha():Promise<any>;
+}
@@ -0,0 +1,122 @@
+import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
+import crypto from "crypto";
+import { ICaptchaAddon } from "../api.js";
+
+@IsAddon({
+  addonType:"captcha",
+  name: 'geetest',
+  title: '极验验证码v4',
+  desc: '',
+  showTest:false,
+})
+export class GeeTestCaptcha extends BaseAddon implements ICaptchaAddon{
+
+  @AddonInput({
+    title: '验证ID',
+    component: {
+      placeholder: 'captchaId',
+    },
+    helper:"[极验验证码v4](https://console.geetest.com/sensbot/management) -> 创建业务模块 -> 新增业务场景",
+    required: true,
+  })
+  captchaId = '';
+
+  @AddonInput({
+    title: '验证Key',
+    component: {
+      placeholder: 'captchaKey',
+    },
+    required: true,
+  })
+  captchaKey = '';
+
+
+  async onValidate(data?:any) {
+    if (!data) {
+      return false
+    }
+    // geetest 服务地址
+// geetest server url
+    const API_SERVER = "http://gcaptcha4.geetest.com";
+
+// geetest 验证接口
+// geetest server interface
+    const API_URL = API_SERVER + "/validate" + "?captcha_id=" + this.captchaId;
+
+
+    // 前端参数
+    // web parameter
+    var lot_number = data['lot_number'];
+    var captcha_output = data['captcha_output'];
+    var pass_token = data['pass_token'];
+    var gen_time = data['gen_time'];
+    if (!lot_number || !captcha_output || !pass_token || !gen_time) {
+      return false;
+    }
+
+    // 生成签名, 使用标准的hmac算法，使用用户当前完成验证的流水号lot_number作为原始消息message，使用客户验证私钥作为key
+    // 采用sha256散列算法将message和key进行单向散列生成最终的 “sign_token” 签名
+    // use lot_number + CAPTCHA_KEY, generate the signature
+    var sign_token = this.hmac_sha256_encode(lot_number, this.captchaKey);
+
+    // 向极验转发前端数据 + “sign_token” 签名
+    // send web parameter and “sign_token” to geetest server
+    var datas = {
+      'lot_number': lot_number,
+      'captcha_output': captcha_output,
+      'pass_token': pass_token,
+      'gen_time': gen_time,
+      'sign_token': sign_token
+    };
+
+    // post request
+    // 根据极验返回的用户验证状态, 网站主进行自己的业务逻辑
+    // According to the user authentication status returned by the geetest, the website owner carries out his own business logic
+    try{
+      const res = await this.doRequest(datas, API_URL)
+      if (res.result == "success") {
+        // 验证成功
+        // verification successful
+        return true;
+      } else {
+        // 验证失败
+        // verification failed
+        this.logger.error("极验验证不通过 ",res.reason)
+        return false;
+      }
+    }catch (e) {
+      this.ctx.logger.error("极验验证服务异常",e)
+      return true
+    }
+  }
+
+  // 生成签名
+// Generate signature
+   hmac_sha256_encode(value, key){
+    var hash = crypto.createHmac("sha256", key)
+      .update(value, 'utf8')
+      .digest('hex');
+    return hash;
+  }
+
+
+// 发送post请求, 响应json数据如：{"result": "success", "reason": "", "captcha_args": {}}
+// Send a post request and respond to JSON data, such as: {result ":" success "," reason ":" "," captcha_args ": {}}
+  async  doRequest(datas, url){
+    var options = {
+      url: url,
+      method: "POST",
+      params: datas,
+      timeout: 5000
+    };
+    const result = await this.ctx.http.request(options);
+    return result;
+  }
+
+ async  getCaptcha(): Promise<any> {
+    return {
+      captchaId: this.captchaId,
+    }
+  }
+
+}
@@ -0,0 +1,56 @@
+import { BaseAddon, IsAddon } from "@certd/lib-server";
+import { ICaptchaAddon } from "../api.js";
+import { cache } from "@certd/basic";
+import { nanoid } from "nanoid";
+
+@IsAddon({
+  addonType:"captcha",
+  name: 'image',
+  title: '图片验证码',
+  desc: '',
+  showTest:false,
+})
+export class ImageCaptcha extends BaseAddon implements ICaptchaAddon{
+
+  async onValidate(data?:any) {
+    if (!data) {
+      return false;
+    }
+    return await this.checkCaptcha(data.randomStr, data.imageCode)
+  }
+
+  async getCaptchaText(randomStr:string) {
+    return cache.get('imgCode:' + randomStr);
+  }
+
+  async removeCaptcha(randomStr:string) {
+    cache.delete('imgCode:' + randomStr);
+  }
+
+  async checkCaptcha(randomStr: string, userCaptcha: string) {
+    const code = await this.getCaptchaText(randomStr);
+    if (code == null) {
+      throw new Error('验证码已过期');
+    }
+    if (code.toLowerCase() !== userCaptcha?.toLowerCase()) {
+      throw new Error('验证码不正确');
+    }
+    await this.removeCaptcha(randomStr);
+    return true;
+  }
+
+ async  getCaptcha(): Promise<any> {
+   const svgCaptcha = await import('svg-captcha');
+   const c = svgCaptcha.create();
+   //{data: '<svg.../svg>', text: 'abcd'}
+   const imgCode = c.text; // = RandomUtil.randomStr(4, true);
+   const randomStr = nanoid(10)
+   cache.set('imgCode:' + randomStr, imgCode, {
+     ttl: 2 * 60 * 1000, //过期时间 2分钟
+   })
+   return {
+    randomStr: randomStr,
+    imageData: c.data,
+   }
+ }
+}
@@ -0,0 +1,2 @@
+export * from './geetest/index.js';
+export * from './image/index.js';
@@ -22,6 +22,7 @@ export class GcoreflushPlugin extends AbstractTaskPlugin {
  certName!: string;
  @TaskInput({
    title: '证书ID',
+    required:true,
  })
  ssl_id!: string;

@@ -66,6 +67,10 @@ export class GcoreflushPlugin extends AbstractTaskPlugin {

  async execute(): Promise<void> {
    const { cert, accessId } = this;
+
+    if(!this.ssl_id){
+      throw new Error('请填写要刷新的证书ID');
+    }
    const access = (await this.getAccess(accessId)) as GcoreAccess;
    let otp = null;
    if (access.otpkey) {
@@ -0,0 +1,96 @@
+import {AccessInput, BaseAccess, IsAccess, Pager, PageSearch} from '@certd/pipeline';
+import {HttpRequestConfig} from "@certd/basic";
+
+/**
+ * 这个注解将注册一个授权配置
+ * 在certd的后台管理系统中，用户可以选择添加此类型的授权
+ */
+@IsAccess({
+  name: 'godaddy',
+  title: 'godaddy授权',
+  icon: 'simple-icons:godaddy',
+  desc: '',
+})
+export class GodaddyAccess extends BaseAccess {
+  /**
+   * 授权属性配置
+   */
+  @AccessInput({
+    title: 'Key',
+    component: {
+      placeholder: '授权key',
+    },
+    helper:"[https://developer.godaddy.com/keys](https://developer.godaddy.com/keys)，创建key（选择product，不要选择ote）",
+    required: true,
+    encrypt: false,
+  })
+  key = '';
+
+  @AccessInput({
+    title: 'Secret',
+    component: {
+      name:"a-input-password",
+      vModel:"value",
+    },
+    required: true,
+    encrypt: true,
+  })
+  secret = '';
+
+  @AccessInput({
+    title: 'HTTP代理',
+    component: {
+      placeholder: 'http://xxxxx:xx',
+    },
+    helper: '使用https_proxy',
+    required: false,
+  })
+  httpProxy = '';
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "点击测试接口是否正常(注意账号中必须要有50个域名才能使用API接口)"
+  })
+  testRequest = true;
+
+  async onTestRequest() {
+    const res = await this.getDomainList({pageSize:1});
+    this.ctx.logger.info(res)
+    return "ok"
+  }
+
+
+  async getDomainList(opts?: PageSearch){
+
+    const pager = new Pager(opts);
+    const req = {
+      url :`/v1/domains?limit=${pager.pageSize}`,
+      method: "get",
+    }
+    return await this.doRequest(req);
+  }
+
+
+  async doRequest(req: HttpRequestConfig){
+    const headers = {
+      "Authorization": `sso-key ${this.key}:${this.secret}`,
+      ...req.headers
+    };
+    return await this.ctx.http.request({
+      headers,
+      baseURL: "https://api.godaddy.com",
+      ...req,
+      logRes: true,
+      httpProxy: this.httpProxy,
+    });
+  }
+
+
+
+}
+
+new GodaddyAccess();
@@ -0,0 +1,90 @@
+import { AbstractDnsProvider, CreateRecordOptions, IsDnsProvider, RemoveRecordOptions } from "@certd/plugin-cert";
+
+import { GodaddyAccess } from "./access.js";
+
+export type GodaddyRecord = {
+  domain: string,
+  type: string,
+  name: string,
+  data: string,
+};
+
+// 这里通过IsDnsProvider注册一个dnsProvider
+@IsDnsProvider({
+  name: 'godaddy',
+  title: 'godaddy',
+  desc: 'GoDaddy',
+  icon: 'simple-icons:godaddy',
+  // 这里是对应的 cloudflare的access类型名称
+  accessType: 'godaddy',
+  order:10,
+})
+export class GodaddyDnsProvider extends AbstractDnsProvider<GodaddyRecord> {
+  access!: GodaddyAccess;
+  async onInstance() {
+    //一些初始化的操作
+    // 也可以通过ctx成员变量传递context
+    this.access = this.ctx.access as GodaddyAccess;
+  }
+
+  /**
+   * 创建dns解析记录，用于验证域名所有权
+   */
+  async createRecord(options: CreateRecordOptions): Promise<GodaddyRecord> {
+    /**
+     * fullRecord: '_acme-challenge.test.example.com',
+     * value: 一串uuid
+     * type: 'TXT',
+     * domain: 'example.com'
+     * hostRecord: _acme-challenge.test
+     */
+    const { fullRecord,hostRecord, value, type, domain } = options;
+    this.logger.info('添加域名解析：', fullRecord, value, type, domain);
+
+
+    const res = await this.access.doRequest({
+      method: 'PATCH',
+      url: '/v1/domains/'+domain+'/records',
+      data: [
+        {
+          type: 'TXT',
+          name: hostRecord,
+          data: value,
+          ttl: 600,
+        }
+      ]
+    })
+    this.logger.info('添加域名解析成功：', res);
+    return {
+      domain: domain,
+      type: 'TXT',
+      name: hostRecord,
+      data: value,
+    };
+  }
+
+
+  /**
+   *  删除dns解析记录,清理申请痕迹
+   * @param options
+   */
+  async removeRecord(options: RemoveRecordOptions<GodaddyRecord>): Promise<void> {
+    const { fullRecord, value } = options.recordReq;
+    const record = options.recordRes;
+    this.logger.info('删除域名解析：', fullRecord, value);
+    if (!record) {
+      this.logger.info('record为空，不执行删除');
+      return;
+    }
+    //这里调用删除txt dns解析记录接口
+    const {name,type,domain} = record
+    const res = await this.access.doRequest({
+      method: 'DELETE',
+      url: '/v1/domains/'+domain+`/records/${type}/${name}`,
+    })
+    this.logger.info(`删除域名解析成功:fullRecord=${fullRecord},id=${res}`);
+  }
+}
+
+//实例化这个provider，将其自动注册到系统中
+new GodaddyDnsProvider();
@@ -0,0 +1,2 @@
+export * from './dns-provider.js';
+export * from './access.js';
@@ -103,6 +103,10 @@ export class DeployCertToTencentEO extends AbstractTaskPlugin {
      logger: this.logger,
    });

+    if (this.cert == null){
+      throw new Error('请选择域名证书');
+    }
+
    let tencentCertId = this.cert as string;
    if (typeof this.cert !== 'string') {
      const certReader = new CertReader(this.cert);
@@ -9,3 +9,4 @@ export * from './delete-expiring-cert/index.js';
 export * from './deploy-to-tke-ingress/index.js';
 export * from './deploy-to-live/index.js';
 export * from './start-instances/index.js';
+export * from './refresh-cert/index.js';
@@ -0,0 +1,340 @@
+import {
+  AbstractTaskPlugin,
+  IsTaskPlugin,
+  Pager,
+  PageSearch,
+  pluginGroups,
+  RunStrategy,
+  TaskInput
+} from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import { TencentAccess, TencentSslClient } from "@certd/plugin-lib";
+import { omit } from "lodash-es";
+@IsTaskPlugin({
+  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
+  name: "TencentRefreshCert",
+  title: "腾讯云-更新证书(Id不变)",
+  desc: "根据证书id一键更新腾讯云证书并自动部署（Id不变），注意该接口为腾讯云白名单功能，非白名单用户无法使用该功能",
+  icon: "svg:icon-tencentcloud",
+  //插件分组
+  group: pluginGroups.tencent.key,
+  needPlus: false,
+  default: {
+    //默认值配置照抄即可
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+//类名规范，跟上面插件名称（name）一致
+export class TencentRefreshCert extends AbstractTaskPlugin {
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    }
+    // required: true, // 必填
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  //授权选择框
+  @TaskInput({
+    title: "腾讯云授权",
+    component: {
+      name: "access-selector",
+      type: "tencent" //固定授权类型
+    },
+    required: true //必填
+  })
+  accessId!: string;
+  //
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "证书Id",
+      helper: "要更新的证书id，如果这里没有，请先给手动绑定一次证书",
+      action: TencentRefreshCert.prototype.onGetCertList.name,
+      pager: false,
+      search: false
+    })
+  )
+  certList!: string[];
+
+  // @TaskInput({
+  //   title: '资源类型',
+  //   component: {
+  //     name: 'a-select',
+  //     vModel: 'value',
+  //     allowClear: true,
+  //     mode: "tags",
+  //     options: [
+  //       { value: 'clb',label: '负载均衡'},
+  //       { value: 'cdn',label: 'CDN'},
+  //       { value: 'ddos',label: 'DDoS'},
+  //       { value: 'live',label: '直播'},
+  //       { value: 'vod',label: '点播'},
+  //       { value: 'waf',label: 'Web应用防火墙'},
+  //       { value: 'apigateway',label: 'API网关'},
+  //       { value: 'teo',label: 'TEO'},
+  //       { value: 'tke',label: '容器服务'},
+  //       { value: 'cos',label: '对象存储'},
+  //       { value: 'lighthouse',label: '轻应用服务器'},
+  //       { value: 'tse',label: '云原生微服务'},
+  //       { value: 'tcb',label: '云开发'},
+  //     ]
+  //   },
+  //   helper: '',
+  //   required: true,
+  // })
+  // resourceTypes!: string[];
+
+  @TaskInput({
+    title: '资源区域',
+    helper:"如果云资源类型区分区域，请选择区域，如果区域在选项中不存在，请手动输入",
+    component: {
+      name: 'remote-tree-select',
+      vModel: 'value',
+      action: TencentRefreshCert.prototype.onGetRegionsTree.name,
+      pager: false,
+      search: false,
+      watches: ['certList'],
+    },
+    required: false,
+  })
+  resourceTypesRegions!: string[];
+  //插件实例化时执行的方法
+  async onInstance() {
+  }
+
+  //插件执行方法
+  async execute(): Promise<void> {
+    const access = await this.getAccess<TencentAccess>(this.accessId);
+    const sslClient = new TencentSslClient({
+      access:access,
+      logger: this.logger,
+    });
+    // await access.createCert({cert:this.cert})
+
+    let resourceTypes = []
+    const resourceTypesRegions = []
+    for (const item of this.resourceTypesRegions) {
+      const [type,region] = item.split("_")
+      if (!resourceTypes.includes( type)){
+        resourceTypes.push(type)
+      }
+      if (!region){
+        continue;
+      }
+      const resourceType = resourceTypesRegions.find(item => item.ResourceType ==  type)
+      if (!resourceType){
+        resourceTypesRegions.push({
+          ResourceType: type,
+          Regions: [region]
+        })
+      }else{
+        resourceType.Regions.push(region)
+      }
+    }
+    // resourceTypes = ["clb"] //固定clb
+    const maxRetry = 10
+    for (const certId of this.certList) {
+      this.logger.info(`----------- 开始更新证书：${certId}`);
+
+      let deployRes = null
+
+      let retryCount = 0
+      while(true){
+        if (retryCount>maxRetry){
+          this.logger.error(`任务创建失败`);
+          break;
+        }
+        retryCount++
+        deployRes = await sslClient.UploadUpdateCertificateInstance({
+          OldCertificateId: certId,
+          "ResourceTypes": resourceTypes,
+          "CertificatePublicKey": this.cert.crt,
+          "CertificatePrivateKey": this.cert.key,
+          "ResourceTypesRegions":resourceTypesRegions
+        });
+        if (deployRes && deployRes.DeployRecordId>0){
+          this.logger.info(`任务创建成功，开始检查结果：${JSON.stringify(deployRes)}`);
+          break;
+        }else{
+          this.logger.info(`任务创建中，稍后查询：${JSON.stringify(deployRes)}`);
+        }
+        await this.ctx.utils.sleep(3000);
+      }
+      this.logger.info(`开始查询部署结果`);
+
+      retryCount=0
+      while(true){
+        if (retryCount>maxRetry){
+          this.logger.error(`任务结果检查失败`);
+          break;
+        }
+        retryCount++
+        //查询部署状态
+        const deployStatus = await sslClient.DescribeHostUploadUpdateRecordDetail({
+          "DeployRecordId":deployRes.DeployRecordId
+        })
+        const details = deployStatus.DeployRecordDetail
+        let allSuccess = true
+        for (const item of details) {
+          this.logger.info(`查询结果：${JSON.stringify(omit(item,"RecordDetailList"))}`);
+          if (item.Status === 2) {
+            throw new Error(`任务失败：${JSON.stringify(item.RecordDetailList)}`)
+          }else if (item.Status !== 1) {
+            //如果不是成功状态
+            allSuccess = false
+          }
+        }
+        if (allSuccess) {
+          break;
+        }
+        await this.ctx.utils.sleep(10000);
+      }
+      this.logger.info(`----------- 更新证书${certId}成功`);
+    }
+
+  }
+
+  async onGetRegionsTree(data: PageSearch = {}){
+
+    const commonRegions = [
+      /**
+       * 华南地区（广州）	waf.ap-guangzhou.tencentcloudapi.com
+       * 华东地区（上海）	waf.ap-shanghai.tencentcloudapi.com
+       * 华东地区（南京）	waf.ap-nanjing.tencentcloudapi.com
+       * 华北地区（北京）	waf.ap-beijing.tencentcloudapi.com
+       * 西南地区（成都）	waf.ap-chengdu.tencentcloudapi.com
+       * 西南地区（重庆）	waf.ap-chongqing.tencentcloudapi.com
+       * 港澳台地区（中国香港）	waf.ap-hongkong.tencentcloudapi.com
+       * 亚太东南（新加坡）	waf.ap-singapore.tencentcloudapi.com
+       * 亚太东南（雅加达）	waf.ap-jakarta.tencentcloudapi.com
+       * 亚太东南（曼谷）	waf.ap-bangkok.tencentcloudapi.com
+       * 亚太东北（首尔）	waf.ap-seoul.tencentcloudapi.com
+       * 亚太东北（东京）	waf.ap-tokyo.tencentcloudapi.com
+       * 美国东部（弗吉尼亚）	waf.na-ashburn.tencentcloudapi.com
+       * 美国西部（硅谷）	waf.na-siliconvalley.tencentcloudapi.com
+       * 南美地区（圣保罗）	waf.sa-saopaulo.tencentcloudapi.com
+       * 欧洲地区（法兰克福）	waf.eu-frankfurt.tencentcloudapi.com
+       */
+      {value:"ap-guangzhou", label:"广州"},
+      {value:"ap-shanghai", label:"上海"},
+      {value:"ap-nanjing", label:"南京"},
+      {value:"ap-beijing", label:"北京"},
+      {value:"ap-chengdu", label:"成都"},
+      {value:"ap-chongqing", label:"重庆"},
+      {value:"ap-hongkong", label:"香港"},
+      {value:"ap-singapore", label:"新加坡"},
+      {value:"ap-jakarta", label:"雅加达"},
+      {value:"ap-bangkok", label:"曼谷"},
+      {value:"ap-tokyo", label:"东京"},
+      {value:"ap-seoul", label:"首尔"},
+      {value:"na-ashburn", label:"弗吉尼亚"},
+      {value:"na-siliconvalley", label:"硅谷"},
+      {value:"sa-saopaulo", label:"圣保罗"},
+      {value:"eu-frankfurt", label:"法兰克福"},
+    ]
+
+    function buildTypeRegions(type: string) {
+      const options :any[]= []
+      for (const region of commonRegions) {
+        options.push({
+          label:  type + "_" + region.label,
+          value: type + "_" + region.value,
+        });
+      }
+      return  options
+    }
+
+    return [
+      { value: 'cdn',label: 'CDN'},
+      { value: 'ddos',label: 'DDoS'},
+      { value: 'live',label: '直播'},
+      { value: 'vod',label: '点播'},
+      { value: 'teo',label: 'TEO'},
+      { value: 'lighthouse',label: '轻应用服务器'},
+      {
+        label: "负载均衡(clb)",
+        value: "clb",
+        children: buildTypeRegions("clb"),
+      },
+      {
+        label: "Web应用防火墙(waf)",
+        value: "waf",
+        children: buildTypeRegions("waf"),
+      },
+      {
+        label: "API网关(apigateway)",
+        value: "apigateway",
+        children: buildTypeRegions("apigateway"),
+      },
+      {
+        label: "对象存储(COS)",
+        value: "cos",
+        children: buildTypeRegions("cos"),
+      },
+      {
+        label: "容器服务(tke)",
+        value: "tke",
+        children: buildTypeRegions("tke"),
+      },
+      {
+        label: "云原生微服务(tse)",
+        value: "tse",
+        children: buildTypeRegions("tse"),
+      },
+      {
+        label: "云开发(tcb)",
+        value: "tcb",
+        children: buildTypeRegions("tcb"),
+      },
+    ]
+  }
+
+  async onGetCertList(data: PageSearch = {}) {
+
+    const access = await this.getAccess<TencentAccess>(this.accessId)
+    const sslClient = new TencentSslClient({
+      access:access,
+      logger: this.logger,
+    });
+
+    const pager = new Pager(data);
+    const offset = pager.getOffset();
+    const limit = pager.pageSize
+    const res = await sslClient.DescribeCertificates({Limit:limit,Offset:offset,SearchKey:data.searchKey})
+    const list = res.Certificates
+    if (!list || list.length === 0) {
+      throw new Error("没有找到证书，你可以直接手动输入id");
+    }
+
+
+    /**
+     * certificate-id
+     * name
+     * dns-names
+     */
+    const options = list.map((item: any) => {
+      return {
+        label: `${item.Alias}<${item.Domain}_${item.CertificateId}>`,
+        value: item.CertificateId,
+        domain: item.SubjectAltName,
+      };
+    });
+    return {
+      list: this.ctx.utils.options.buildGroupOptions(options, this.certDomains),
+    };
+  }
+}
+
+//实例化一下，注册插件
+new TencentRefreshCert();
@@ -65,7 +65,7 @@ export class UpyunClient {
        Cookie: req.cookie
      }
    });
-    if (res.msg.errors.length > 0) {
+    if (res.msg?.errors?.length > 0) {
      throw new Error(JSON.stringify(res.msg));
    }
    if(res.data?.error_code){