perf: 支持ucloud waf（未测试）

2026-04-23 19:57:27 +08:00 · 2025-12-27 22:57:26 +08:00
parent 7e1c7a6de2
commit a248367b15
3 changed files with 93 additions and 91 deletions
@@ -151,7 +151,7 @@ export class UCloudAccess extends BaseAccess {
    const crtBase64 = this.ctx.utils.hash.base64(cert.crt)
    const keyBase64 = this.ctx.utils.hash.base64(cert.key)
    const allDomains = certReader.getAllDomains().join(",")
-        
+
    this.ctx.logger.info(`----------- 上传USSL证书，certName:${certName},domains:${allDomains}`);
    try {
      const resp = await this.invoke({
@@ -162,15 +162,15 @@ export class UCloudAccess extends BaseAccess {
        "SslMD5": this.ctx.utils.hash.md5(crtBase64 + keyBase64)
      });
      this.ctx.logger.info(`----------- 上传USSL证书成功，certId:${resp.CertificateID}`);
-      return { type: "ussl", id: resp.CertificateID, name: certName, resourceId: resp.LongResourceID,domains:allDomains }
+      return { type: "ussl", id: resp.CertificateID, name: certName, resourceId: resp.LongResourceID, domains: allDomains }
    } catch (err) {
-      if(err.message.includes("重复上传证书")){
+      if (err.message.includes("重复上传证书")) {
        //查找证书
        const certList = await this.SslGetCertList(certReader.getMainDomain());
-       
+
        const cert = certList.find((item: any) => item.Domains === allDomains)
-        if(cert){
+        if (cert) {
          this.ctx.logger.info(`----------- 找到已存在证书，certId:${cert.CertificateID}`);
          return { type: "ussl", id: cert.CertificateID, name: certName, domains: cert.Domains }
        }
@@ -188,9 +188,21 @@ export class UCloudAccess extends BaseAccess {
      Action: "GetCertificateList",
      Mode: "trust",
      Domain: domain,
-      Sort:"2"
+      Sort: "2"
    });
-    return resp.CertificateList||[];
+    return resp.CertificateList || [];
  }
  async WafSiteList(req: { PageNo: number, PageSize: number , FullDomain?: string }):Promise<{DomainHostList?:{RecordId:string,FullDomain:string}[],TotalCount:number}> {
    const resp = await this.invoke({
      "Action": "DescribeWafDomainHostInfo",
      "ProjectId": this.projectId,
      "Limit": req.PageSize,
      "Offset": (req.PageNo - 1) * req.PageSize,
      "FullDomain": req.FullDomain || undefined
    });
    this.ctx.logger.info(`获取到WAF站点列表:${JSON.stringify(resp)}`);
    return resp;
  }
@@ -1,2 +1,3 @@
 export * from './plugin-deploy-to-cdn.js';
-export * from './plugin-upload-to-ussl.js';
+export * from './plugin-upload-to-ussl.js';
 export * from './plugin-deploy-to-waf.js';
@@ -1,5 +1,5 @@
 import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
-import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
 import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
 import { UCloudAccess } from "../access.js";
@@ -20,18 +20,18 @@ import { UCloudAccess } from "../access.js";
  }
 })
 //类名规范，跟上面插件名称（name）一致
-export class UCloudDeployToCDN extends AbstractTaskPlugin {
+export class UCloudDeployToWaf extends AbstractTaskPlugin {
  //证书选择，此项必须要有
  @TaskInput({
    title: "域名证书",
    helper: "请选择前置任务输出的域名证书",
    component: {
      name: "output-selector",
-      from: [...CertApplyPluginNames, ":UCloudCertId:"]
+      from: [...CertApplyPluginNames]
    }
    // required: true, // 必填
  })
-  cert!: CertInfo | { type: string, id: number, name: string };
+  cert!: CertInfo ;
  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -53,7 +53,7 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin {
      title: "域名列表",
      helper: "要更新的UCloud域名列表",
-      action: UCloudDeployToCDN.prototype.onGetDomainList.name
+      action: UCloudDeployToWaf.prototype.onGetDomainList.name
    })
  )
  domainList!: string[];
@@ -65,34 +65,40 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin {
  //插件执行方法
  async execute(): Promise<void> {
    const access = await this.getAccess<UCloudAccess>(this.accessId);
    let certType = "ussl"
    let certId = 0
    let certName = this.appendTimeSuffix("certd")
    // @ts-ignore
    if (this.cert?.id) {
      //从上一步传过来的ssl证书
      // @ts-ignore
      certId = this.cert.id
      // @ts-ignore
      certName = this.cert.name
-    } else {
+    const res = await this.addWafDomainCertificateInfo({
-      const cert = await access.SslUploadCert({
+      access: access,
-        cert: this.cert as CertInfo
+      cert: this.cert
-      });
+    });
-      certId = cert.id
+    this.logger.info(`----------- 上传证书成功：${JSON.stringify(res)}`);
-      certName = cert.name
+    const certId = res.Id;
    }
    for (const item of this.domainList) {
      this.logger.info(`----------- 开始更新域名：${item}`);
-      await this.deployToCdn({
+
-        access: access,
+      const domainInfo =await access.WafSiteList({
-        certName: certName,
+        PageNo: 1,
-        domain: item,
+        PageSize: 10,
-        certId: certId,
+        FullDomain: item
-        certType: certType
+      })
-      });
+      const list = domainInfo.DomainHostList || []
      if(!list || list.length === 0){
        throw new Error(`没有找到WAF域名${item}`)
      }
      const oldDomainInfo = list[0] as any
      const srcIpList = oldDomainInfo.SrcIPInfo.map((item: any) => item.SrcIP)
      await access.invoke({
        "Action": "UpdateWafDomainHostInfo",
        "ProjectId": access.projectId,
        "WorkRegions": oldDomainInfo.WorkRegions,
        "FullDomain": item,
        "CertificateID": certId ,
        "SrcIP":srcIpList
      })
      this.logger.info(`----------- 更新域名证书${item}成功`);
    }
@@ -100,68 +106,21 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin {
  }
  async deployToCdn(req: { access: any, domain: string, certId: number, certType: string, certName: string }) {
    const { access, domain, certId, certType, certName } = req
    const domainsRes = await access.invoke({
      "Action": "GetUcdnDomainConfig",
      "ProjectId": access.projectId,
      "Domain": [
        domain
      ]
    });
    const domainList = domainsRes.DomainList || [];
    const domainConf = domainList.find((item: any) => item.Domain === domain);
    if (!domainConf) {
      throw new Error(`没有找到CDN域名${domain}`);
    }
    const domainId = domainConf.DomainId;
    const httpsStatusAbroad = domainConf.HttpsStatusAbroad;
    let httpsStatusCn = domainConf.HttpsStatusCn;
    if (httpsStatusAbroad === "disable" && httpsStatusCn === "disable") {
      this.logger.info(`原CDN域名HTTPS未开启，将开启国内加速`);
      httpsStatusCn = "enable"
    }
    const body: any = {
      "Action": "UpdateUcdnDomainHttpsConfigV2",
      "DomainId": domainId,
      "CertName": certName,
      "CertId": certId,
      "CertType": certType,
      EnableHttp2: domainConf.EnableHttp2 ||"0",
      RedirectHttp2Https: domainConf.RedirectHttp2Https || "0",
      TlsVersion: domainConf.TlsVersion || "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3"
    }
    if (httpsStatusAbroad === "enable") {
      body.HttpsStatusAbroad = httpsStatusAbroad;
    }
    if (httpsStatusCn === "enable") {
      body.HttpsStatusCn = httpsStatusCn;
    }
    this.logger.info(`----------- 更新CDN域名HTTPS配置${domainId}，${JSON.stringify(body)}`);
    const resp = await access.invoke(body);
    this.logger.info(`----------- 部署CDN证书${domainId}成功，${JSON.stringify(resp)}`);
  }
  async onGetDomainList(req: PageSearch = {}) {
    const access = await this.getAccess<UCloudAccess>(this.accessId);
    const pageNo = req.pageNo ?? 1;
    const pageSize = req.pageSize ?? 100;
-    const res = await access.CdnDominList(
+    const res = await access.WafSiteList(
      {
        PageNo: pageNo,
        PageSize: pageSize
      }
    );
    const total = res.TotalCount;
-    const list = res.DomainInfoList || [];
+    const list = res.DomainHostList || [];
    if (!list || list.length === 0) {
-      throw new Error("没有找到CDN域名，请先在控制台创建CDN域名");
+      throw new Error("没有找到WAF域名，请先在控制台添加WAF站点");
    }
    /**
@@ -170,9 +129,9 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin {
     */
    const options = list.map((item: any) => {
      return {
-        label: `${item.Domain}<${item.DomainId}>`,
+        label: `${item.FullDomain}<${item.RecordId}>`,
-        value: `${item.Domain}`,
+        value: `${item.FullDomain}`,
-        domain: item.Domain
+        domain: item.FullDomain
      };
    });
    return {
@@ -183,7 +142,37 @@ export class UCloudDeployToCDN extends AbstractTaskPlugin {
    };
  }
  async addWafDomainCertificateInfo(req: { access: UCloudAccess, cert: CertInfo }) {
    const certReader = new CertReader(req.cert)
    const certName = certReader.buildCertName()
    const crtBase64 = this.ctx.utils.hash.base64(req.cert.crt)
    const keyBase64 = this.ctx.utils.hash.base64(req.cert.key)
    const allDomains = certReader.getAllDomains().join(",")
    const resp = await req.access.invoke({
      "Action": "AddWafDomainCertificateInfo",
      /**
       * Domain	string	域名	Yes
 CertificateName	string	证书名称	Yes
 SslPublicKey	string	ssl公钥	Yes
 SslMD	string	证书MD5校验值，开启keyless只需要计算公钥的md5	Yes
 SslKeyless	string	keyless开关，默认关闭；可选值：开启(on)，关闭(off)	Yes
       */
      "Domain": allDomains,
      "CertificateName": certName,
      "SslPublicKey": crtBase64,
      "SslPrivateKey": keyBase64,
      "SslMD": this.ctx.utils.hash.md5(crtBase64),
      "SslKeyless": "off"
    });
    this.ctx.logger.info(`----------- 添加WAF域名证书信息成功，${JSON.stringify(resp)}`);
    return resp;
  }
 }
 //实例化一下，注册插件
-new UCloudDeployToCDN();
+new UCloudDeployToWaf();