feat: 【破坏性更新】插件改为metadata加载模式，plugin-cert、plugin-lib包部分代码转移到certd-server中，影响自定义插件，需要修改相关import引用

ssh、aliyun、tencent、qiniu、oss等 access和client需要转移import
2026-06-29 07:07:36 +08:00 · 2025-12-31 17:01:37 +08:00
parent 9c26598831
commit a3fb24993d
312 changed files with 14321 additions and 597 deletions
@@ -0,0 +1,45 @@
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+
+@IsAccess({
+  name: "aliesa",
+  title: "阿里云ESA授权",
+  desc: "",
+  icon: "ant-design:aliyun-outlined",
+  order: 0,
+})
+export class AliesaAccess extends BaseAccess {
+  @AccessInput({
+    title: "阿里云授权",
+    component: {
+      name: "access-selector",
+      vModel: "modelValue",
+      type: "aliyun",
+    },
+    helper: "请选择阿里云授权",
+    required: true,
+  })
+  accessId = "";
+
+  @AccessInput({
+    title: "地区",
+    component: {
+      name: "a-select",
+      vModel: "value",
+      options: [
+        {
+          label: "杭州",
+          value: "cn-hangzhou",
+        },
+        {
+          label: "新加坡",
+          value: "ap-southeast-1",
+        },
+      ],
+    },
+    helper: "请选择ESA地区",
+    required: true,
+  })
+  region = "";
+}
+
+new AliesaAccess();
@@ -0,0 +1,71 @@
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+
+@IsAccess({
+  name: "alioss",
+  title: "阿里云OSS授权",
+  desc: "包含地域和Bucket",
+  icon: "ant-design:aliyun-outlined",
+})
+export class AliossAccess extends BaseAccess {
+  @AccessInput({
+    title: "阿里云授权",
+    component: {
+      name: "access-selector",
+      vModel: "modelValue",
+      type: "aliyun",
+    },
+    helper: "请选择阿里云授权",
+    required: true,
+  })
+  accessId = "";
+
+  @AccessInput({
+    title: "大区",
+    component: {
+      name: "a-auto-complete",
+      vModel: "value",
+      options: [
+        { value: "oss-cn-hangzhou", label: "华东1（杭州）" },
+        { value: "oss-cn-shanghai", label: "华东2（上海）" },
+        { value: "oss-cn-nanjing", label: "华东5（南京-本地地域）" },
+        { value: "oss-cn-fuzhou", label: "华东6（福州-本地地域）" },
+        { value: "oss-cn-wuhan-lr", label: "华中1（武汉-本地地域）" },
+        { value: "oss-cn-qingdao", label: "华北1（青岛）" },
+        { value: "oss-cn-beijing", label: "华北2（北京）" },
+        { value: "oss-cn-zhangjiakou", label: "华北 3（张家口）" },
+        { value: "oss-cn-huhehaote", label: "华北5（呼和浩特）" },
+        { value: "oss-cn-wulanchabu", label: "华北6（乌兰察布）" },
+        { value: "oss-cn-shenzhen", label: "华南1（深圳）" },
+        { value: "oss-cn-heyuan", label: "华南2（河源）" },
+        { value: "oss-cn-guangzhou", label: "华南3（广州）" },
+        { value: "oss-cn-chengdu", label: "西南1（成都）" },
+        { value: "oss-cn-hongkong", label: "中国香港" },
+        { value: "oss-us-west-1", label: "美国（硅谷）①" },
+        { value: "oss-us-east-1", label: "美国（弗吉尼亚）①" },
+        { value: "oss-ap-northeast-1", label: "日本（东京）①" },
+        { value: "oss-ap-northeast-2", label: "韩国（首尔）" },
+        { value: "oss-ap-southeast-1", label: "新加坡①" },
+        { value: "oss-ap-southeast-2", label: "澳大利亚（悉尼）①" },
+        { value: "oss-ap-southeast-3", label: "马来西亚（吉隆坡）①" },
+        { value: "oss-ap-southeast-5", label: "印度尼西亚（雅加达）①" },
+        { value: "oss-ap-southeast-6", label: "菲律宾（马尼拉）" },
+        { value: "oss-ap-southeast-7", label: "泰国（曼谷）" },
+        { value: "oss-eu-central-1", label: "德国（法兰克福）①" },
+        { value: "oss-eu-west-1", label: "英国（伦敦）" },
+        { value: "oss-me-east-1", label: "阿联酋（迪拜）①" },
+        { value: "oss-rg-china-mainland", label: "无地域属性（中国内地）" },
+      ],
+    },
+    required: true,
+  })
+  region!: string;
+
+  @AccessInput({
+    title: "Bucket",
+    helper: "存储桶名称",
+    required: true,
+  })
+  bucket!: string;
+}
+
+new AliossAccess();
@@ -0,0 +1,129 @@
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+import { ILogger } from "@certd/basic";
+export type AliyunClientV2Req = {
+  action: string;
+  version: string;
+  protocol?: "HTTPS";
+  // 接口 HTTP 方法
+  method?: "GET" | "POST";
+  authType?: "AK";
+  style?: "RPC" | "ROA";
+  // 接口 PATH
+  pathname?: string;
+
+  data?: any;
+};
+export class AliyunClientV2 {
+  access: AliyunAccess;
+  logger: ILogger;
+  endpoint: string;
+
+  client: any;
+  constructor(opts: { access: AliyunAccess; logger: ILogger; endpoint: string }) {
+    this.access = opts.access;
+    this.logger = opts.logger;
+    this.endpoint = opts.endpoint;
+  }
+
+  async getClient() {
+    if (this.client) {
+      return this.client;
+    }
+    const $OpenApi = await import("@alicloud/openapi-client");
+    // const Credential = await import("@alicloud/credentials");
+    // //@ts-ignore
+    // const credential = new Credential.default.default({
+    //
+    //   type: "access_key",
+    // });
+    const config = new $OpenApi.Config({
+      accessKeyId: this.access.accessKeyId,
+      accessKeySecret: this.access.accessKeySecret,
+    });
+    // Endpoint 请参考 https://api.aliyun.com/product/FC
+    // config.endpoint = `esa.${this.regionId}.aliyuncs.com`;
+    config.endpoint = this.endpoint;
+    //@ts-ignore
+    this.client = new $OpenApi.default.default(config);
+    return this.client;
+  }
+
+  async doRequest(req: AliyunClientV2Req) {
+    const client = await this.getClient();
+
+    const $OpenApi = await import("@alicloud/openapi-client");
+    const $Util = await import("@alicloud/tea-util");
+    const OpenApiUtil = await import("@alicloud/openapi-util");
+    const params = new $OpenApi.Params({
+      // 接口名称
+      action: req.action,
+      // 接口版本
+      version: req.version,
+      // 接口协议
+      protocol: "HTTPS",
+      // 接口 HTTP 方法
+      method: req.method ?? "POST",
+      authType: req.authType ?? "AK",
+      style: req.style ?? "RPC",
+      // 接口 PATH
+      pathname: req.pathname ?? `/`,
+      // 接口请求体内容格式
+      reqBodyType: "json",
+      // 接口响应体内容格式
+      bodyType: "json",
+    });
+
+    if (req.data?.query) {
+      //@ts-ignore
+      req.data.query = OpenApiUtil.default.default.query(req.data.query);
+    }
+    const runtime = new $Util.RuntimeOptions({});
+    const request = new $OpenApi.OpenApiRequest(req.data);
+    // 复制代码运行请自行打印 API 的返回值
+    // 返回值实际为 Map 类型，可从 Map 中获得三类数据：响应体 body、响应头 headers、HTTP 返回的状态码 statusCode。
+    const res = await client.callApi(params, request, runtime);
+    /**
+     * res?.body?.
+     */
+    return res?.body;
+  }
+}
+
+@IsAccess({
+  name: "aliyun",
+  title: "阿里云授权",
+  desc: "",
+  icon: "ant-design:aliyun-outlined",
+  order: 0,
+})
+export class AliyunAccess extends BaseAccess {
+  @AccessInput({
+    title: "accessKeyId",
+    component: {
+      placeholder: "accessKeyId",
+    },
+    helper: "登录阿里云控制台->AccessKey管理页面获取。",
+    required: true,
+  })
+  accessKeyId = "";
+  @AccessInput({
+    title: "accessKeySecret",
+    component: {
+      placeholder: "accessKeySecret",
+    },
+    required: true,
+    encrypt: true,
+    helper: "注意：证书申请需要dns解析权限；其他阿里云插件，需要对应的权限，比如证书上传需要证书管理权限；嫌麻烦就用主账号的全量权限的accessKey",
+  })
+  accessKeySecret = "";
+
+  getClient(endpoint: string) {
+    return new AliyunClientV2({
+      access: this,
+      logger: this.ctx.logger,
+      endpoint: endpoint,
+    });
+  }
+}
+
+new AliyunAccess();
@@ -0,0 +1,3 @@
+export * from "./aliyun-access.js";
+export * from "./alioss-access.js";
+export * from "./aliesa-access.js";
@@ -0,0 +1,3 @@
+export * from "./access/index.js";
+export * from "./lib/index.js";
+export * from "./utils/index.js";
@@ -0,0 +1,78 @@
+import { getGlobalAgents, ILogger } from "@certd/basic";
+
+export class AliyunClient {
+  client: any;
+  logger: ILogger;
+  agent: any;
+  useROAClient: boolean;
+
+  constructor(opts: { logger: ILogger; useROAClient?: boolean }) {
+    this.logger = opts.logger;
+    this.useROAClient = opts.useROAClient || false;
+    const agents = getGlobalAgents();
+    this.agent = agents.httpsAgent;
+  }
+
+  async getSdk() {
+    if (this.useROAClient) {
+      return await this.getROAClient();
+    }
+    const Core = await import("@alicloud/pop-core");
+    return Core.default;
+  }
+
+  async getROAClient() {
+    const Core = await import("@alicloud/pop-core");
+    console.log("aliyun sdk", Core);
+    // @ts-ignore
+    return Core.ROAClient;
+  }
+
+  async init(opts: any) {
+    const Core = await this.getSdk();
+    this.client = new Core(opts);
+    return this.client;
+  }
+
+  checkRet(ret: any) {
+    if (ret.Code != null && ret.Code !== "OK" && ret.Message !== "OK") {
+      throw new Error("执行失败：" + ret.Message);
+    }
+  }
+
+  async request(
+    name: string,
+    params: any,
+    requestOption: any = {
+      method: "POST",
+      formatParams: false,
+    }
+  ) {
+    if (!this.useROAClient) {
+      requestOption.agent = this.agent;
+    }
+
+    const getNumberFromEnv = (key: string, defValue: number) => {
+      const value = process.env[key];
+      if (value) {
+        try {
+          return parseInt(value);
+        } catch (e: any) {
+          this.logger.error(`环境变量${key}设置错误，应该是一个数字，当前值为${value}，将使用默认值：${defValue}`);
+          return defValue;
+        }
+      } else {
+        return defValue;
+      }
+    };
+
+    // 连接超时设置，仅对当前请求有效。
+    requestOption.connectTimeout = getNumberFromEnv("ALIYUN_CLIENT_CONNECT_TIMEOUT", 8000);
+    // 读超时设置，仅对当前请求有效。
+    requestOption.readTimeout = getNumberFromEnv("ALIYUN_CLIENT_READ_TIMEOUT", 8000);
+
+    const res = await this.client.request(name, params, requestOption);
+    this.checkRet(res);
+    return res;
+  }
+}
@@ -0,0 +1,3 @@
+export * from "./base-client.js";
+export * from "./ssl-client.js";
+export * from "./oss-client.js";
@@ -0,0 +1,87 @@
+import { AliyunAccess } from "../access/index.js";
+
+export class AliossClient {
+  access: AliyunAccess;
+
+  region: string;
+  bucket: string;
+  client: any;
+  constructor(opts: { access: AliyunAccess; bucket: string; region: string }) {
+    this.access = opts.access;
+    this.bucket = opts.bucket;
+    this.region = opts.region;
+  }
+
+  async init() {
+    if (this.client) {
+      return;
+    }
+    // @ts-ignore
+    const OSS = await import("ali-oss");
+    const ossClient = new OSS.default({
+      accessKeyId: this.access.accessKeyId,
+      accessKeySecret: this.access.accessKeySecret,
+      // yourRegion填写Bucket所在地域。以华东1（杭州）为例，Region填写为oss-cn-hangzhou。
+      region: this.region,
+      //@ts-ignore
+      authorizationV4: true,
+      // yourBucketName填写Bucket名称。
+      bucket: this.bucket,
+    });
+    // oss
+
+    this.client = ossClient;
+  }
+
+  async doRequest(bucket: string, xml: string, params: any) {
+    await this.init();
+    params = this.client._bucketRequestParams("POST", bucket, {
+      ...params,
+    });
+    params.content = xml;
+    params.mime = "xml";
+    params.successStatuses = [200];
+    const res = await this.client.request(params);
+    this.checkRet(res);
+    return res;
+  }
+
+  checkRet(ret: any) {
+    if (ret.Code != null) {
+      throw new Error("执行失败：" + ret.Message);
+    }
+  }
+
+  async uploadFile(filePath: string, content: Buffer | string, timeout = 1000 * 60 * 60) {
+    await this.init();
+    return await this.client.put(filePath, content, {
+      timeout,
+    });
+  }
+
+  async removeFile(filePath: string) {
+    await this.init();
+    return await this.client.delete(filePath);
+  }
+
+  async downloadFile(key: string, savePath: string, timeout = 1000 * 60 * 60) {
+    await this.init();
+    return await this.client.get(key, savePath, {
+      timeout,
+    });
+  }
+
+  async listDir(dirKey: string) {
+    await this.init();
+    const res = await this.client.listV2({
+      prefix: dirKey,
+      // max-keys: 100,
+      // continuation-token: "token",
+      // delimiter: "/",
+      // marker: "marker",
+      // encoding-type: "url",
+    });
+
+    return res.objects;
+  }
+}
@@ -0,0 +1,185 @@
+import { ILogger } from "@certd/basic";
+import { AliyunAccess } from "../access/index.js";
+import { AliyunClient } from "./index.js";
+
+export type AliyunCertInfo = {
+  crt: string; //fullchain证书
+  key: string; //私钥
+};
+export type AliyunSslClientOpts = {
+  access: AliyunAccess;
+  logger: ILogger;
+  endpoint?: string;
+  region?: string;
+};
+
+export type AliyunSslGetResourceListReq = {
+  cloudProduct: string;
+};
+
+export type AliyunSslCreateDeploymentJobReq = {
+  name: string;
+  jobType: string;
+  contactIds: string[];
+  resourceIds: string[];
+  certIds: string[];
+};
+
+export type AliyunSslUploadCertReq = {
+  name: string;
+  cert: AliyunCertInfo;
+};
+
+export type CasCertInfo = { certId: number; certName: string; certIdentifier: string; notAfter: number; casRegion: string };
+
+export class AliyunSslClient {
+  opts: AliyunSslClientOpts;
+  logger: ILogger;
+  constructor(opts: AliyunSslClientOpts) {
+    this.opts = opts;
+    this.logger = opts.logger;
+  }
+
+  checkRet(ret: any) {
+    if (ret.Code != null) {
+      throw new Error("执行失败：" + ret.Message);
+    }
+  }
+
+  async getClient() {
+    const access = this.opts.access;
+    const client = new AliyunClient({ logger: this.opts.logger });
+
+    let endpoint = this.opts.endpoint || "cas.aliyuncs.com";
+    if (this.opts.endpoint == null && this.opts.region) {
+      if (this.opts.region === "cn-hangzhou") {
+        endpoint = "cas.aliyuncs.com";
+      } else {
+        endpoint = `cas.${this.opts.region}.aliyuncs.com`;
+      }
+    }
+    await client.init({
+      accessKeyId: access.accessKeyId,
+      accessKeySecret: access.accessKeySecret,
+      endpoint: `https://${endpoint}`,
+      apiVersion: "2020-04-07",
+    });
+    return client;
+  }
+
+  async getCertInfo(certId: number): Promise<CasCertInfo> {
+    const client = await this.getClient();
+    const params = {
+      CertId: certId,
+    };
+
+    const res = await client.request("GetUserCertificateDetail", params);
+    this.checkRet(res);
+
+    return {
+      certId: certId,
+      certName: res.Name,
+      certIdentifier: res.CertIdentifier,
+      notAfter: res.NotAfter,
+      casRegion: this.getCasRegionFromEndpoint(this.opts.endpoint),
+    };
+  }
+
+  async uploadCert(req: AliyunSslUploadCertReq) {
+    const client = await this.getClient();
+    const params = {
+      Name: req.name,
+      Cert: req.cert.crt,
+      Key: req.cert.key,
+    };
+
+    const requestOption = {
+      method: "POST",
+    };
+
+    this.opts.logger.info(`开始上传证书：${req.name}`);
+    const ret: any = await client.request("UploadUserCertificate", params, requestOption);
+    this.checkRet(ret);
+    this.opts.logger.info("证书上传成功：aliyunCertId=", ret.CertId);
+    //output
+    return ret.CertId;
+  }
+
+  async getResourceList(req: AliyunSslGetResourceListReq) {
+    const client = await this.getClient();
+    const params = {
+      CloudName: "aliyun",
+      CloudProduct: req.cloudProduct,
+    };
+
+    const requestOption = {
+      method: "POST",
+      formatParams: false,
+    };
+
+    const res = await client.request("ListCloudResources", params, requestOption);
+    this.checkRet(res);
+    return res;
+  }
+
+  async createDeploymentJob(req: AliyunSslCreateDeploymentJobReq) {
+    const client = await this.getClient();
+
+    const params = {
+      Name: req.name,
+      JobType: req.jobType,
+      ContactIds: req.contactIds.join(","),
+      ResourceIds: req.resourceIds.join(","),
+      CertIds: req.certIds.join(","),
+    };
+
+    const requestOption = {
+      method: "POST",
+      formatParams: false,
+    };
+
+    const res = await client.request("CreateDeploymentJob", params, requestOption);
+    this.checkRet(res);
+    return res;
+  }
+
+  async getContactList() {
+    const params = {};
+
+    const requestOption = {
+      method: "POST",
+      formatParams: false,
+    };
+    const client = await this.getClient();
+    const res = await client.request("ListContact", params, requestOption);
+    this.checkRet(res);
+    return res;
+  }
+
+  async doRequest(action: string, params: any, requestOption: any) {
+    const client = await this.getClient();
+    const res = await client.request(action, params, requestOption);
+    this.checkRet(res);
+    return res;
+  }
+
+  async deleteCert(certId: any) {
+    await this.doRequest("DeleteUserCertificate", { CertId: certId }, { method: "POST" });
+  }
+
+  getCasRegionFromEndpoint(endpoint: string) {
+    if (!endpoint) {
+      return "cn-hangzhou";
+    }
+    /**
+     * {value: 'cas.aliyuncs.com', label: '中国大陆'},
+     *         {value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡'},
+     *         {value: 'cas.eu-central-1.aliyuncs.com', label: '德国（法兰克福）'},
+     */
+    const region = endpoint.replace(".aliyuncs.com", "").replace("cas.", "");
+    if (region === "cas") {
+      return "cn-hangzhou";
+    }
+    return region;
+  }
+}
@@ -0,0 +1,41 @@
+import dayjs from "dayjs";
+import { CertInfo, CertReader } from "@certd/plugin-cert";
+import { AliyunSslClient } from "../lib/index.js";
+
+export const ZoneOptions = [{ value: 'cn-hangzhou' }];
+export function appendTimeSuffix(name: string) {
+  if (name == null) {
+    name = 'certd';
+  }
+  return name + '-' + dayjs().format('YYYYMMDD-HHmmss');
+}
+
+export function checkRet(ret: any) {
+  if (ret.Code != null) {
+    throw new Error('执行失败：' + ret.Message);
+  }
+}
+
+
+export async function  getAliyunCertId(opts:{
+  cert: string | CertInfo,
+  sslClient: AliyunSslClient,
+}) {
+  const { cert, sslClient } = opts;
+  let certId: any = cert;
+  let certName: any = CertReader.appendTimeSuffix("certd");
+  if (typeof cert === "object") {
+    const certReader = new CertReader(cert)
+    certName = certReader.buildCertName()
+
+    certId = await sslClient.uploadCert({
+      name: certName,
+      cert: cert,
+    });
+    sslClient.logger.info("上传证书成功", certId, certName);
+  }
+  return {
+    certId,
+    certName,
+  };
+}