Merge branch 'refs/heads/v2-dev' into v2-dev-buy

# Conflicts:
#	docs/.vitepress/config.ts
#	packages/ui/certd-client/src/views/certd/pipeline/sub-domain/index.vue

packages/ui/certd-server/src/modules/basic/service/captcha-service.ts

@@ -0,0 +1,54 @@
+import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { AddonService, SysSettingsService } from "@certd/lib-server";
+import { logger } from "@certd/basic";
+import { ICaptchaAddon } from "../../../plugins/plugin-captcha/api.js";
+
+@Provide()
+@Scope(ScopeEnum.Request, { allowDowngrade: true })
+export class CaptchaService {
+  @Inject()
+  sysSettingsService: SysSettingsService;
+  @Inject()
+  addonService: AddonService;
+
+
+  async getCaptcha(captchaAddonId?:number){
+    if (!captchaAddonId) {
+      const settings = await this.sysSettingsService.getPublicSettings()
+      captchaAddonId = settings.captchaAddonId ?? 0
+    }
+    const addon:ICaptchaAddon = await this.addonService.getAddonById(captchaAddonId,true,0)
+    if (!addon) {
+      throw new Error('验证码插件还未配置')
+    }
+    return  await addon.getCaptcha()
+  }
+
+
+  async doValidate(opts:{form:any,must?:boolean,captchaAddonId?:number}){
+    if (!opts.captchaAddonId) {
+      const settings = await this.sysSettingsService.getPublicSettings()
+      opts.captchaAddonId = settings.captchaAddonId ?? 0
+    }
+    const addon = await this.addonService.getById(opts.captchaAddonId,0)
+    if (!addon) {
+      if (opts.must) {
+        throw new Error('请先配置验证码插件');
+      }
+      logger.warn('验证码插件还未配置，忽略验证码校验')
+      return true
+    }
+
+    if (!opts.form) {
+      throw new Error('请输入验证码');
+    }
+    const res = await addon.onValidate(opts.form)
+    if (!res) {
+      throw new Error('验证码错误');
+    }
+
+    return true
+
+  }
+
+}

packages/ui/certd-server/src/modules/basic/service/code-service.ts

@@ -8,6 +8,7 @@ import { EmailService } from './email-service.js';
 import { AccessService } from '@certd/lib-server';
 import { AccessSysGetter } from '@certd/lib-server';
 import { isComm } from '@certd/plus-core';
+import { CaptchaService } from "./captcha-service.js";
 
 // {data: '<svg.../svg>', text: 'abcd'}
 /**
@@ -23,44 +24,19 @@ export class CodeService {
   @Inject()
   accessService: AccessService;
 
-  /**
-   */
-  async generateCaptcha(randomStr) {
-    const svgCaptcha = await import('svg-captcha');
-    const c = svgCaptcha.create();
-    //{data: '<svg.../svg>', text: 'abcd'}
-    const imgCode = c.text; // = RandomUtil.randomStr(4, true);
-    cache.set('imgCode:' + randomStr, imgCode, {
-      ttl: 2 * 60 * 1000, //过期时间 2分钟
-    });
-    return c;
-  }
+  @Inject()
+  captchaService: CaptchaService;
 
-  async getCaptchaText(randomStr) {
-    return cache.get('imgCode:' + randomStr);
-  }
 
-  async removeCaptcha(randomStr) {
-    cache.delete('imgCode:' + randomStr);
-  }
 
-  async checkCaptcha(randomStr: string, userCaptcha: string) {
-    const code = await this.getCaptchaText(randomStr);
-    if (code == null) {
-      throw new Error('验证码已过期');
-    }
-    if (code.toLowerCase() !== userCaptcha.toLowerCase()) {
-      throw new Error('验证码不正确');
-    }
-    await this.removeCaptcha(randomStr);
-    return true;
+  async checkCaptcha(body:any) {
+    return await this.captchaService.doValidate({form:body})
   }
   /**
    */
   async sendSmsCode(
     phoneCode = '86',
     mobile: string,
-    randomStr: string,
     opts?: {
       duration?: number,
       verificationType?: string,
@@ -70,9 +46,6 @@ export class CodeService {
     if (!mobile) {
       throw new Error('手机号不能为空');
     }
-    if (!randomStr) {
-      throw new Error('randomStr不能为空');
-    }
 
     const verificationCodeLength =  Math.floor(Math.max(Math.min(opts?.verificationCodeLength || 4, 8), 4));
     const duration = Math.floor(Math.max(Math.min(opts?.duration || 5, 15), 1));
@@ -96,7 +69,7 @@ export class CodeService {
       phoneCode,
     });
 
-    const key = this.buildSmsCodeKey(phoneCode, mobile, randomStr, opts?.verificationType);
+    const key = this.buildSmsCodeKey(phoneCode, mobile,  opts?.verificationType);
     cache.set(key, smsCode, {
       ttl: duration * 60 * 1000, //5分钟
     });
@@ -106,12 +79,10 @@ export class CodeService {
   /**
    *
    * @param email 收件邮箱
-   * @param randomStr
    * @param opts title标题 content内容模版 duration有效时间单位分钟 verificationType验证类型
    */
   async sendEmailCode(
     email: string,
-    randomStr: string,
     opts?: {
       title?: string,
       content?: string,
@@ -123,9 +94,7 @@ export class CodeService {
     if (!email) {
       throw new Error('Email不能为空');
     }
-    if (!randomStr) {
-      throw new Error('randomStr不能为空');
-    }
+
 
     let siteTitle = 'Certd';
     if (isComm()) {
@@ -149,7 +118,7 @@ export class CodeService {
       receivers: [email],
     });
 
-    const key = this.buildEmailCodeKey(email, randomStr, opts?.verificationType);
+    const key = this.buildEmailCodeKey(email,opts?.verificationType);
     cache.set(key, code, {
       ttl: duration * 60 * 1000, //5分钟
     });
@@ -159,31 +128,32 @@ export class CodeService {
   /**
    * checkSms
    */
-  async checkSmsCode(opts: { mobile: string; phoneCode: string; smsCode: string; randomStr: string; verificationType?: string; throwError: boolean; errorNum?: number }) {
-    const key = this.buildSmsCodeKey(opts.phoneCode, opts.mobile, opts.randomStr, opts.verificationType);
-    if (isDev()) {
+  async checkSmsCode(opts: { mobile: string; phoneCode: string; smsCode: string;  verificationType?: string; throwError: boolean; maxErrorCount?: number }) {
+    const key = this.buildSmsCodeKey(opts.phoneCode, opts.mobile, opts.verificationType);
+    return this.checkValidateCode("sms",key, opts.smsCode, opts.throwError, opts.maxErrorCount);
+
+  }
+
+  buildSmsCodeKey(phoneCode: string, mobile: string, verificationType?: string) {
+    return ['sms', verificationType, phoneCode, mobile].filter(item => !!item).join(':');
+  }
+
+  buildEmailCodeKey(email: string, verificationType?: string) {
+    return ['email', verificationType, email].filter(item => !!item).join(':');
+  }
+  checkValidateCode(type:string,key: string, userCode: string, throwError = true, maxErrorCount = 3) {
+    // 记录异常次数key
+    if (isDev() && userCode==="1234567") {
       return true;
     }
-    return this.checkValidateCode(key, opts.smsCode, opts.throwError, opts.errorNum);
-  }
-
-  buildSmsCodeKey(phoneCode: string, mobile: string, randomStr: string, verificationType?: string) {
-    return ['sms', verificationType, phoneCode, mobile, randomStr].filter(item => !!item).join(':');
-  }
-
-  buildEmailCodeKey(email: string, randomStr: string, verificationType?: string) {
-    return ['email', verificationType, email, randomStr].filter(item => !!item).join(':');
-  }
-  checkValidateCode(key: string, userCode: string, throwError = true, errorNum = 3) {
-    // 记录异常次数key
     const err_num_key = key + ':err_num';
-    //验证图片验证码
+    //验证邮件验证码
     const code = cache.get(key);
     if (code == null || code !== userCode) {
       let maxRetryCount = false;
-      if (!!code && errorNum > 0) {
+      if (!!code && maxErrorCount > 0) {
         const err_num = cache.get(err_num_key) || 0
-        if(err_num >= errorNum - 1) {
+        if(err_num >= maxErrorCount - 1) {
           maxRetryCount = true;
           cache.delete(key);
           cache.delete(err_num_key);
@@ -194,7 +164,8 @@ export class CodeService {
         }
       }
       if (throwError) {
-        throw new CodeErrorException(!maxRetryCount ? '验证码错误': '验证码错误请获取新的验证码');
+        const label = type ==='sms' ? '手机' : '邮箱';
+        throw new CodeErrorException(!maxRetryCount ? `${label}验证码错误`: `${label}验证码错误请获取新的验证码`);
       }
       return false;
     }
@@ -203,9 +174,9 @@ export class CodeService {
     return true;
   }
 
-  checkEmailCode(opts: { randomStr: string; validateCode: string; email: string; verificationType?: string; throwError: boolean; errorNum?: number }) {
-    const key = this.buildEmailCodeKey(opts.email, opts.randomStr, opts.verificationType);
-    return this.checkValidateCode(key, opts.validateCode, opts.throwError, opts.errorNum);
+  checkEmailCode(opts: { validateCode: string; email: string; verificationType?: string; throwError: boolean; maxErrorCount?: number }) {
+    const key = this.buildEmailCodeKey(opts.email,  opts.verificationType);
+    return this.checkValidateCode('email',key, opts.validateCode, opts.throwError, opts.maxErrorCount);
   }
 
   compile(templateString: string) {

packages/ui/certd-server/src/modules/login/service/login-service.ts

@@ -1,17 +1,22 @@
-import {Config, Inject, Provide, Scope, ScopeEnum} from '@midwayjs/core';
-import {UserService} from '../../sys/authority/service/user-service.js';
-import jwt from 'jsonwebtoken';
-import {AuthException, CommonException, Need2FAException} from "@certd/lib-server";
-import {RoleService} from '../../sys/authority/service/role-service.js';
-import {UserEntity} from '../../sys/authority/entity/user.js';
-import {SysSettingsService} from '@certd/lib-server';
-import {SysPrivateSettings} from '@certd/lib-server';
-import {cache, utils} from '@certd/basic';
-import {LoginErrorException} from '@certd/lib-server/dist/basic/exception/login-error-exception.js';
-import {CodeService} from '../../basic/service/code-service.js';
-import {TwoFactorService} from "../../mine/service/two-factor-service.js";
-import {UserSettingsService} from '../../mine/service/user-settings-service.js';
-import {isPlus} from "@certd/plus-core";
+import { Config, Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
+import { UserService } from "../../sys/authority/service/user-service.js";
+import jwt from "jsonwebtoken";
+import {
+  AuthException,
+  CommonException,
+  Need2FAException,
+  SysPrivateSettings,
+  SysSettingsService
+} from "@certd/lib-server";
+import { RoleService } from "../../sys/authority/service/role-service.js";
+import { UserEntity } from "../../sys/authority/entity/user.js";
+import { cache, utils } from "@certd/basic";
+import { LoginErrorException } from "@certd/lib-server/dist/basic/exception/login-error-exception.js";
+import { CodeService } from "../../basic/service/code-service.js";
+import { TwoFactorService } from "../../mine/service/two-factor-service.js";
+import { UserSettingsService } from "../../mine/service/user-settings-service.js";
+import { isPlus } from "@certd/plus-core";
+import { AddonService } from "@certd/lib-server/dist/user/addon/service/addon-service.js";
 
 /**
  * 系统用户
@@ -35,6 +40,8 @@ export class LoginService {
   userSettingsService: UserSettingsService;
   @Inject()
   twoFactorService: TwoFactorService;
+  @Inject()
+  addonService: AddonService;
 
   checkIsBlocked(username: string) {
     const blockDurationKey = `login_block_duration:${username}`;
@@ -106,13 +113,12 @@ export class LoginService {
       mobile: req.mobile,
       phoneCode: req.phoneCode,
       smsCode: req.smsCode,
-      randomStr: req.randomStr,
       throwError: false,
     });
 
     const {mobile, phoneCode} = req;
     if (!smsChecked) {
-      this.addErrorTimes(mobile, '验证码错误');
+      this.addErrorTimes(mobile, '手机验证码错误');
     }
     let info = await this.userService.findOne({phoneCode, mobile: mobile});
     if (info == null) {

packages/ui/certd-server/src/modules/monitor/entity/cert-info.ts

@@ -30,6 +30,9 @@ export class CertInfoEntity {
   @Column({ name: 'cert_provider', comment: '证书颁发机构' })
   certProvider: string;
 
+  @Column({ name: 'effective_time', comment: '生效时间' })
+  effectiveTime: number;
+
   @Column({ name: 'expires_time', comment: '过期时间' })
   expiresTime: number;
 

packages/ui/certd-server/src/modules/monitor/entity/site-info.ts

@@ -26,6 +26,8 @@ export class SiteInfoEntity {
   @Column({ name: 'cert_provider', comment: '证书颁发机构', length: 100 })
   certProvider: string;
 
+  @Column({ name: 'cert_effective_time', comment: '证书生效时间' })
+  certEffectiveTime: number;
   @Column({ name: 'cert_expires_time', comment: '证书到期时间' })
   certExpiresTime: number;
   @Column({ name: 'last_check_time', comment: '上次检查时间' })

packages/ui/certd-server/src/modules/monitor/service/cert-info-service.ts

@@ -164,6 +164,7 @@ export class CertInfoService extends BaseService<CertInfoEntity> {
     bean.domains = domains.join(',');
     bean.domain = domains[0];
     bean.domainCount = domains.length;
+    bean.effectiveTime = certReader.effective;
     bean.expiresTime = certReader.expires;
     bean.certProvider = certReader.detail.issuer.commonName;
     bean.userId = userId

packages/ui/certd-server/src/modules/monitor/service/site-info-service.ts

@@ -134,6 +134,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
       if (!certi) {
         throw new Error("没有发现证书");
       }
+      const effective = certi.valid_from;
       const expires = certi.valid_to;
       const allDomains = certi.subjectaltname?.replaceAll("DNS:", "").split(",") || [];
       const mainDomain = certi.subject?.CN;
@@ -149,12 +150,13 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
         certDomains: domains.join(","),
         certStatus: status,
         certProvider: issuer,
+        certEffectiveTime: dayjs(effective).valueOf(),
         certExpiresTime: dayjs(expires).valueOf(),
         lastCheckTime: dayjs().valueOf(),
         error: null,
         checkStatus: "ok"
       };
-      logger.info(`测试站点成功：id=${updateData.id},site=${site.name},expiresTime=${updateData.certExpiresTime}`)
+      logger.info(`测试站点成功：id=${updateData.id},site=${site.name},certEffectiveTime=${updateData.certEffectiveTime},expiresTime=${updateData.certExpiresTime}`)
       if (site.ipCheck) {
         delete updateData.checkStatus
       }

packages/ui/certd-server/src/modules/monitor/service/site-tester.ts

@@ -80,7 +80,11 @@ export class SiteTester {
       }
     }
 
-    options.agent = new https.Agent({ keepAlive: false, lookup: customLookup });
+    const agentOptions:any = { keepAlive: false };
+    if (customLookup) {
+      agentOptions.lookup = customLookup
+    }
+    options.agent = new https.Agent(agentOptions);
 
     // 创建 HTTPS 请求
     const requestPromise = safePromise((resolve, reject) => {

packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts

@@ -934,6 +934,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
                     "sslProvider": "letsencrypt",
                     "privateKeyType": "rsa_2048",
                     "certProfile": "classic",
+                    "preferredChain": "ISRG Root X1",
                     "useProxy": false,
                     "skipLocalVerify": false,
                     "maxCheckRetryCount": 20,

packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts

@@ -238,9 +238,12 @@ export class UserService extends BaseService<UserEntity> {
 
   async forgotPassword(
     data: {
-      type: ForgotPasswordType; input?: string, phoneCode?: string,
-      randomStr: string, imgCode:string, validateCode: string,
-      password: string, confirmPassword: string,
+      type: ForgotPasswordType;
+      input?: string,
+      phoneCode?: string,
+      validateCode: string,
+      password: string,
+      confirmPassword: string,
     }
   ) {
     if(!data.type) {
@@ -249,7 +252,13 @@ export class UserService extends BaseService<UserEntity> {
     if(data.password !== data.confirmPassword) {
       throw new CommonException('两次输入的密码不一致');
     }
-    const user = await this.findOne([{ [data.type]: data.input }]);
+    const where :any= {
+      [data.type]: data.input,
+    };
+    if (data.type === 'mobile' ) {
+      where.phoneCode = data.phoneCode ??  '86';
+    }
+    const user = await this.findOne({ [data.type]: data.input });
     console.log('user', user)
     if(!user) {
       throw new CommonException('用户不存在');