Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev

2026-04-23 19:57:27 +08:00 · 2025-12-27 15:05:52 +08:00
parent 5359a7670f 7e1c7a6de2
commit c159ec4a9a
36 changed files with 920 additions and 166 deletions
@@ -40,4 +40,5 @@ export * from './plugin-xinnet/index.js'
 export * from './plugin-xinnetconnet/index.js'
 export * from './plugin-oauth/index.js'
 export * from './plugin-cmcc/index.js'
-export * from './plugin-template/index.js'
+export * from './plugin-template/index.js'
+export * from './plugin-ucloud/index.js'
@@ -1,9 +1,10 @@
 import { AccessInput, BaseAccess, IsAccess } from '@certd/pipeline';

 export const AwsRegions = [
-  { label: 'cn-north-1', value: 'cn-north-1' },
-  { label: 'cn-northwest-1', value: 'cn-northwest-1' },
-  { label: '---------------', value: '--',disabled: true },
+  { label: '------中国区------', value: 'cn',disabled: true },
+  { label: '北京', value: 'cn-north-1' },
+  { label: '宁夏', value: 'cn-northwest-1' },
+  { label: '------海外-----', value: 'out',disabled: true },
  { label: 'us-east-1', value: 'us-east-1' },
  { label: 'us-east-2', value: 'us-east-2' },
  { label: 'us-west-1', value: 'us-west-1' },
@@ -72,7 +73,7 @@ export class AwsAccess extends BaseAccess {
      options: AwsRegions,
    },
    required: true,
-    helper: '请选择您的默认AWS区域，默认us-east-1',
+    helper: '请选择您的默认AWS区域，主要区分中国区还是海外区即可',
    options: AwsRegions,
  })
  region = '';
@@ -32,7 +32,7 @@ export class AwsRoute53Provider extends AbstractDnsProvider {
      fullRecord: fullRecord,
      type: type,
      value: value,
-      action: 'CREATE',
+      action: 'UPSERT',
    });
    return {
      hostedZoneId: ZoneId,
@@ -1,8 +1,8 @@
 // 导入所需的 SDK 模块
 import { AwsAccess } from '../access.js';
 import { CertInfo } from '@certd/plugin-cert';
-import {ILogger, utils} from '@certd/basic';
-type AwsClientOptions = { access: AwsAccess; region: string, logger:ILogger };
+import { ILogger, utils } from '@certd/basic';
+type AwsClientOptions = { access: AwsAccess; region: string, logger: ILogger };

 export class AwsClient {
  options: AwsClientOptions;
@@ -52,24 +52,24 @@ export class AwsClient {
    });
  }

-   async route53GetHostedZoneId(name:string) :Promise<{ZoneId:string,ZoneName:string}> {
+  async route53GetHostedZoneId(name: string): Promise<{ ZoneId: string, ZoneName: string }> {
    const hostedZones = await this.route53ListHostedZones(name);
-    const zoneId = hostedZones[0].Id.replace('/hostedzone/','');
+    const zoneId = hostedZones[0].Id.replace('/hostedzone/', '');
    this.logger.info(`获取到hostedZoneId:${zoneId},name:${hostedZones[0].Name}`);
    return {
      ZoneId: zoneId,
      ZoneName: hostedZones[0].Name,
    };
  }
-  async route53ListHostedZones(name:string) :Promise<{Id:string,Name:string}[]> {
-    const {  ListHostedZonesByNameCommand } =await import("@aws-sdk/client-route-53"); // ES Modules import
+  async route53ListHostedZones(name: string): Promise<{ Id: string, Name: string }[]> {
+    const { ListHostedZonesByNameCommand } = await import("@aws-sdk/client-route-53"); // ES Modules import

    const client = await this.route53ClientGet();
    const input = { // ListHostedZonesByNameRequest
      DNSName: name,
    };
    const command = new ListHostedZonesByNameCommand(input);
-    const response = await this.doRequest(()=>client.send(command));
+    const response = await this.doRequest(() => client.send(command));
    if (response.HostedZones.length === 0) {
      throw new Error(`找不到 HostedZone ${name}`);
    }
@@ -77,9 +77,10 @@ export class AwsClient {
    return response.HostedZones;
  }

-  async route53ChangeRecord(req:{
-    hostedZoneId:string,fullRecord:string,type:string, value:string, action:"CREATE"|"DELETE"}){
-    const {  ChangeResourceRecordSetsCommand} =await import("@aws-sdk/client-route-53"); // ES Modules import
+  async route53ChangeRecord(req: {
+    hostedZoneId: string, fullRecord: string, type: string, value: string, action: "UPSERT" | "DELETE"
+  }) {
+    const { ChangeResourceRecordSetsCommand } = await import("@aws-sdk/client-route-53"); // ES Modules import
    // const { Route53Client, ChangeResourceRecordSetsCommand } = require("@aws-sdk/client-route-53"); // CommonJS import
    // import type { Route53ClientConfig } from "@aws-sdk/client-route-53";
    const client = await this.route53ClientGet();
@@ -88,9 +89,9 @@ export class AwsClient {
      ChangeBatch: { // ChangeBatch
        Changes: [ // Changes // required
          { // Change
-            Action: req.action as any , // required
+            Action: req.action as any, // required
            ResourceRecordSet: { // ResourceRecordSet
-              Name: req.fullRecord+".", // required
+              Name: req.fullRecord, // required
              Type: req.type.toUpperCase() as any,
              ResourceRecords: [ // ResourceRecords
                { // ResourceRecord
@@ -103,9 +104,9 @@ export class AwsClient {
        ],
      },
    };
-    this.logger.info(`添加域名解析参数：${JSON.stringify(input)}`);
+    this.logger.info(`设置域名解析参数：${JSON.stringify(input)}`);
    const command = new ChangeResourceRecordSetsCommand(input);
-    const response = await this.doRequest(()=>client.send(command));
+    const response = await this.doRequest(() => client.send(command));
    console.log('Add record successful:', JSON.stringify(response));
    await utils.sleep(3000);
    return response;
@@ -120,10 +121,10 @@ export class AwsClient {
 // };*/
  }

-  async doRequest<T>(call:()=>Promise<T>):Promise<T>{
-    try{
+  async doRequest<T>(call: () => Promise<T>): Promise<T> {
+    try {
      return await call();
-    }catch(err){
+    } catch (err) {
      this.logger.error(`调用接口失败:${err.Error?.Message || err.message},requestId:${err.requestId}`);
      throw err;
    }
@@ -11,7 +11,7 @@ import { CmccClient } from "./cmcc-client.js";
  name: "cmcc",
  title: "中国移动CND授权",
  desc: "",
-  icon: "clarity:plugin-line"
+  icon: "svg:cmcc"
 })
 export class CmccAccess extends BaseAccess {

@@ -15,7 +15,7 @@ import { CmccAccess } from "./access.js";
  name: "CmccDeployCertToCdn",
  title: "中国移动-部署证书到CDN",
  desc: "中国移动自动部署证书到CDN",
-  icon: "svg:icon-lucky",
+  icon: "svg:icon-cmcc",
  //插件分组
  group: pluginGroups.cdn.key,
  needPlus: true,
@@ -11,7 +11,7 @@ import {
  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
  name: "FnOSDeployToNAS",
  title: "飞牛NAS-部署证书",
-  icon: "svg:icon-lucky",
+  icon: "svg:icon-fnos",
  //插件分组
  group: pluginGroups.panel.key,
  needPlus: false,
@@ -16,7 +16,7 @@ import {KsyunAccess} from "../access.js";
  name: "KsyunRefreshCert",
  title: "金山云-更新CDN证书",
  desc: "金山云自动更新CDN证书",
-  icon: "svg:icon-lucky",
+  icon: "svg:icon-ksyun",
  //插件分组
  group: pluginGroups.cdn.key,
  needPlus: false,
@@ -9,7 +9,7 @@ import { CertInfo } from "@certd/plugin-cert";
  name: "rainyun",
  title: "雨云授权",
  desc: "https://app.rainyun.com/",
-  icon: "svg:icon-lucky",
+  icon: "svg:icon-rainyun",
  order: 100
 })
 export class RainyunAccess extends BaseAccess {
@@ -6,7 +6,7 @@ import { RainyunAccess } from "./access.js";
  title: "雨云",
  desc: "雨云DNS解析提供商",
  accessType: "rainyun",
-  icon: "svg:icon-lucky",
+  icon: "svg:icon-rainyun",
 })
 export class RainyunDnsProvider extends AbstractDnsProvider {

@@ -8,7 +8,7 @@ import { RainyunAccess } from "../access.js";
  name: "RainyunRefreshCert",
  title: "雨云-更新证书",
  desc: "app.rainyun.com",
-  icon: "svg:icon-lucky",
+  icon: "svg:icon-rainyun",
  //插件分组
  group: pluginGroups.cdn.key,
  needPlus: false,
@@ -0,0 +1,214 @@
+import { IsAccess, AccessInput, BaseAccess } from '@certd/pipeline';
+import { CertInfo, CertReader } from '@certd/plugin-cert';
+
+/**
+ * 这个注解将注册一个授权配置
+ * 在certd的后台管理系统中，用户可以选择添加此类型的授权
+ */
+@IsAccess({
+  name: 'ucloud',
+  title: 'UCloud授权',
+  icon: 'svg:icon-ucloud',
+  desc: '优刻得授权',
+})
+export class UCloudAccess extends BaseAccess {
+
+  /**
+   * 授权属性配置
+   */
+  @AccessInput({
+    title: '项目Id',
+    component: {
+      placeholder: '项目Id',
+    },
+    helper: "[项目管理](https://console.ucloud.cn/uaccount/iam/project_manage)项目ID列获取",
+    required: true,
+    encrypt: false,
+  })
+  projectId = '';
+
+
+  /**
+   * 授权属性配置
+   */
+  @AccessInput({
+    title: '公钥',
+    component: {
+      placeholder: '公钥',
+    },
+    helper: "[Api管理](https://console.ucloud.cn/uaccount/api_manage)获取",
+    required: true,
+    encrypt: false,
+  })
+  publicKey = '';
+
+  @AccessInput({
+    title: '私钥',
+    component: {
+      name: "a-input-password",
+      vModel: "value",
+      placeholder: '私钥',
+    },
+    required: true,
+    encrypt: true,
+  })
+  privateKey = '';
+
+
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "点击测试接口是否正常"
+  })
+  testRequest = true;
+
+  client: any;
+
+  async onTestRequest() {
+    await this.ProjectList();
+    return "ok";
+  }
+
+
+  async getClient() {
+    if (this.client) {
+      return this.client;
+    }
+    const { Client } = await import('@ucloud-sdks/ucloud-sdk-js');
+    const client = new Client({
+      config: {
+        region: 'cn-bj2',
+        projectId: this.projectId || "",
+        baseUrl: "https://api.ucloud.cn"
+      },
+      credential: {
+        publicKey: this.publicKey,
+        privateKey: this.privateKey,
+      }
+    });
+    this.client = client;
+    return client
+  }
+
+  async ProjectList() {
+    const client = await this.getClient();
+    const resp = await client.uaccount().getProjectList({
+      "Action": "GetProjectList"
+    });
+    this.ctx.logger.info(`获取到项目列表:${JSON.stringify(resp)}`);
+    return resp;
+  }
+
+  async GetRegion() {
+    const client = await this.getClient();
+    const res = await client.uaccount().getRegion({
+      "Action": "GetRegion"
+    });
+    this.ctx.logger.info(`获取到区域列表:${JSON.stringify(res)}`);
+    return res;
+  }
+
+  async CdnDominList(req: { PageNo: number, PageSize: number }) {
+    const client = await this.getClient();
+    const resp = await client.ucdn().getUcdnDomainInfoList({
+      "Action": "GetUcdnDomainInfoList",
+      "ProjectId": this.projectId || "",
+      "PageNo": req.PageNo,
+      "PageSize": req.PageSize,
+    });
+    this.ctx.logger.info(`获取到CDN域名列表:${JSON.stringify(resp)}`);
+    return resp;
+  }
+
+  async CdnAddCert(req: { certName: string, cert: CertInfo }) {
+    const client = await this.getClient();
+    const resp = await client.ucdn().addCertificate({
+      "Action": "AddCertificate",
+      "ProjectId": this.projectId || "",
+      "CertName": req.certName,
+      "UserCert": req.cert.crt,
+      "PrivateKey": req.cert.key
+    });
+    this.ctx.logger.info(`添加CDN证书:${JSON.stringify(resp)}`);
+    return resp;
+  }
+
+
+  async SslUploadCert(req: { cert: CertInfo }) {
+    const { cert } = req
+    /**
+&SslPublicKey=lXUzWbSR
+&SslCaKey=lXUzWbSR
+&SslMD5=lXUzWbSR
+&CertificateName=GoodCertcification
+     */
+    const certReader = new CertReader(cert)
+    const certName = certReader.buildCertName()
+    const crtBase64 = this.ctx.utils.hash.base64(cert.crt)
+    const keyBase64 = this.ctx.utils.hash.base64(cert.key)
+    const allDomains = certReader.getAllDomains().join(",")
+        
+    this.ctx.logger.info(`----------- 上传USSL证书，certName:${certName},domains:${allDomains}`);
+    try {
+      const resp = await this.invoke({
+        Action: "UploadNormalCertificate",
+        "SslPublicKey": crtBase64,
+        "SslPrivateKey": keyBase64,
+        "CertificateName": certName,
+        "SslMD5": this.ctx.utils.hash.md5(crtBase64 + keyBase64)
+      });
+      this.ctx.logger.info(`----------- 上传USSL证书成功，certId:${resp.CertificateID}`);
+      return { type: "ussl", id: resp.CertificateID, name: certName, resourceId: resp.LongResourceID,domains:allDomains }
+    } catch (err) {
+
+      if(err.message.includes("重复上传证书")){
+        //查找证书
+        const certList = await this.SslGetCertList(certReader.getMainDomain());
+       
+        const cert = certList.find((item: any) => item.Domains === allDomains)
+        if(cert){
+          this.ctx.logger.info(`----------- 找到已存在证书，certId:${cert.CertificateID}`);
+          return { type: "ussl", id: cert.CertificateID, name: certName, domains: cert.Domains }
+        }
+      }
+
+      this.ctx.logger.error(`上传USSL证书失败:${err}`);
+      throw err;
+    }
+
+
+  }
+
+  async SslGetCertList(domain: string) {
+    const resp = await this.invoke({
+      Action: "GetCertificateList",
+      Mode: "trust",
+      Domain: domain,
+      Sort:"2"
+    });
+    return resp.CertificateList||[];
+  }
+
+
+  async invoke(req: { Action: string, [key: string]: any }) {
+    const { Request } = await import('@ucloud-sdks/ucloud-sdk-js');
+    const client = await this.getClient();
+    const resp = await client.invoke(new Request({
+      ...req
+    }));
+    this.ctx.logger.info(`请求UCloud API:${JSON.stringify(resp)}`);
+    const res = resp.data || {}
+    if (res.RetCode !== 0) {
+      throw new Error(res.Message)
+    }
+
+    return res;
+  }
+
+}
+
+new UCloudAccess();
@@ -0,0 +1,2 @@
+export * from './access.js';
+export * from './plugins/index.js';
@@ -0,0 +1,2 @@
+export * from './plugin-deploy-to-cdn.js';
+export * from './plugin-upload-to-ussl.js';
@@ -0,0 +1,189 @@
+import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import { UCloudAccess } from "../access.js";
+
+@IsTaskPlugin({
+  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
+  name: "UCloudDeployToCDN",
+  title: "UCloud-部署到CDN",
+  desc: "将证书部署到UCloud CDN",
+  icon: "svg:icon-ucloud",
+  //插件分组
+  group: pluginGroups.ucloud.key,
+  needPlus: false,
+  default: {
+    //默认值配置照抄即可
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+//类名规范，跟上面插件名称（name）一致
+export class UCloudDeployToCDN extends AbstractTaskPlugin {
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames, ":UCloudCertId:"]
+    }
+    // required: true, // 必填
+  })
+  cert!: CertInfo | { type: string, id: number, name: string };
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  //授权选择框
+  @TaskInput({
+    title: "UCloud授权",
+    component: {
+      name: "access-selector",
+      type: "ucloud" //固定授权类型
+    },
+    required: true //必填
+  })
+  accessId!: string;
+  //
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "域名列表",
+      helper: "要更新的UCloud域名列表",
+
+      action: UCloudDeployToCDN.prototype.onGetDomainList.name
+    })
+  )
+  domainList!: string[];
+
+  //插件实例化时执行的方法
+  async onInstance() {
+  }
+
+  //插件执行方法
+  async execute(): Promise<void> {
+    const access = await this.getAccess<UCloudAccess>(this.accessId);
+    let certType = "ussl"
+    let certId = 0
+    let certName = this.appendTimeSuffix("certd")
+    // @ts-ignore
+    if (this.cert?.id) {
+      //从上一步传过来的ssl证书
+      // @ts-ignore
+      certId = this.cert.id
+      // @ts-ignore
+      certName = this.cert.name
+
+    } else {
+      const cert = await access.SslUploadCert({
+        cert: this.cert as CertInfo
+      });
+      certId = cert.id
+      certName = cert.name
+    }
+
+    for (const item of this.domainList) {
+      this.logger.info(`----------- 开始更新域名：${item}`);
+      await this.deployToCdn({
+        access: access,
+        certName: certName,
+        domain: item,
+        certId: certId,
+        certType: certType
+      });
+      this.logger.info(`----------- 更新域名证书${item}成功`);
+    }
+
+    this.logger.info("部署完成");
+  }
+
+
+  async deployToCdn(req: { access: any, domain: string, certId: number, certType: string, certName: string }) {
+    const { access, domain, certId, certType, certName } = req
+
+    const domainsRes = await access.invoke({
+      "Action": "GetUcdnDomainConfig",
+      "ProjectId": access.projectId,
+      "Domain": [
+        domain
+      ]
+    });
+
+    const domainList = domainsRes.DomainList || [];
+    const domainConf = domainList.find((item: any) => item.Domain === domain);
+    if (!domainConf) {
+      throw new Error(`没有找到CDN域名${domain}`);
+    }
+
+    const domainId = domainConf.DomainId;
+    const httpsStatusAbroad = domainConf.HttpsStatusAbroad;
+    let httpsStatusCn = domainConf.HttpsStatusCn;
+    if (httpsStatusAbroad === "disable" && httpsStatusCn === "disable") {
+      this.logger.info(`原CDN域名HTTPS未开启，将开启国内加速`);
+      httpsStatusCn = "enable"
+    }
+
+
+    const body: any = {
+      "Action": "UpdateUcdnDomainHttpsConfigV2",
+      "DomainId": domainId,
+      "CertName": certName,
+      "CertId": certId,
+      "CertType": certType,
+      EnableHttp2: domainConf.EnableHttp2 ||"0",
+      RedirectHttp2Https: domainConf.RedirectHttp2Https || "0",
+      TlsVersion: domainConf.TlsVersion || "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3"
+    }
+    if (httpsStatusAbroad === "enable") {
+      body.HttpsStatusAbroad = httpsStatusAbroad;
+    }
+    if (httpsStatusCn === "enable") {
+      body.HttpsStatusCn = httpsStatusCn;
+    }
+    this.logger.info(`----------- 更新CDN域名HTTPS配置${domainId}，${JSON.stringify(body)}`);
+    const resp = await access.invoke(body);
+    this.logger.info(`----------- 部署CDN证书${domainId}成功，${JSON.stringify(resp)}`);
+  }
+
+  async onGetDomainList(req: PageSearch = {}) {
+    const access = await this.getAccess<UCloudAccess>(this.accessId);
+
+    const pageNo = req.pageNo ?? 1;
+    const pageSize = req.pageSize ?? 100;
+    const res = await access.CdnDominList(
+      {
+        PageNo: pageNo,
+        PageSize: pageSize
+      }
+    );
+    const total = res.TotalCount;
+    const list = res.DomainInfoList || [];
+    if (!list || list.length === 0) {
+      throw new Error("没有找到CDN域名，请先在控制台创建CDN域名");
+    }
+
+    /**
+     *  "Domain": "ucloud.certd.handsfree.work",
+      "DomainId": "ucdn-1kwdtph5ygbb"
+     */
+    const options = list.map((item: any) => {
+      return {
+        label: `${item.Domain}<${item.DomainId}>`,
+        value: `${item.Domain}`,
+        domain: item.Domain
+      };
+    });
+    return {
+      list: this.ctx.utils.options.buildGroupOptions(options, this.certDomains),
+      total: total,
+      pageNo: pageNo,
+      pageSize: pageSize
+    };
+  }
+
+}
+
+//实例化一下，注册插件
+new UCloudDeployToCDN();
@@ -0,0 +1,189 @@
+import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import { UCloudAccess } from "../access.js";
+
+@IsTaskPlugin({
+  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
+  name: "UCloudDeployToWaf",
+  title: "UCloud-部署到WAF",
+  desc: "将证书部署到UCloud WAF",
+  icon: "svg:icon-ucloud",
+  //插件分组
+  group: pluginGroups.ucloud.key,
+  needPlus: false,
+  default: {
+    //默认值配置照抄即可
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+//类名规范，跟上面插件名称（name）一致
+export class UCloudDeployToCDN extends AbstractTaskPlugin {
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames, ":UCloudCertId:"]
+    }
+    // required: true, // 必填
+  })
+  cert!: CertInfo | { type: string, id: number, name: string };
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  //授权选择框
+  @TaskInput({
+    title: "UCloud授权",
+    component: {
+      name: "access-selector",
+      type: "ucloud" //固定授权类型
+    },
+    required: true //必填
+  })
+  accessId!: string;
+  //
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "域名列表",
+      helper: "要更新的UCloud域名列表",
+
+      action: UCloudDeployToCDN.prototype.onGetDomainList.name
+    })
+  )
+  domainList!: string[];
+
+  //插件实例化时执行的方法
+  async onInstance() {
+  }
+
+  //插件执行方法
+  async execute(): Promise<void> {
+    const access = await this.getAccess<UCloudAccess>(this.accessId);
+    let certType = "ussl"
+    let certId = 0
+    let certName = this.appendTimeSuffix("certd")
+    // @ts-ignore
+    if (this.cert?.id) {
+      //从上一步传过来的ssl证书
+      // @ts-ignore
+      certId = this.cert.id
+      // @ts-ignore
+      certName = this.cert.name
+
+    } else {
+      const cert = await access.SslUploadCert({
+        cert: this.cert as CertInfo
+      });
+      certId = cert.id
+      certName = cert.name
+    }
+
+    for (const item of this.domainList) {
+      this.logger.info(`----------- 开始更新域名：${item}`);
+      await this.deployToCdn({
+        access: access,
+        certName: certName,
+        domain: item,
+        certId: certId,
+        certType: certType
+      });
+      this.logger.info(`----------- 更新域名证书${item}成功`);
+    }
+
+    this.logger.info("部署完成");
+  }
+
+
+  async deployToCdn(req: { access: any, domain: string, certId: number, certType: string, certName: string }) {
+    const { access, domain, certId, certType, certName } = req
+
+    const domainsRes = await access.invoke({
+      "Action": "GetUcdnDomainConfig",
+      "ProjectId": access.projectId,
+      "Domain": [
+        domain
+      ]
+    });
+
+    const domainList = domainsRes.DomainList || [];
+    const domainConf = domainList.find((item: any) => item.Domain === domain);
+    if (!domainConf) {
+      throw new Error(`没有找到CDN域名${domain}`);
+    }
+
+    const domainId = domainConf.DomainId;
+    const httpsStatusAbroad = domainConf.HttpsStatusAbroad;
+    let httpsStatusCn = domainConf.HttpsStatusCn;
+    if (httpsStatusAbroad === "disable" && httpsStatusCn === "disable") {
+      this.logger.info(`原CDN域名HTTPS未开启，将开启国内加速`);
+      httpsStatusCn = "enable"
+    }
+
+
+    const body: any = {
+      "Action": "UpdateUcdnDomainHttpsConfigV2",
+      "DomainId": domainId,
+      "CertName": certName,
+      "CertId": certId,
+      "CertType": certType,
+      EnableHttp2: domainConf.EnableHttp2 ||"0",
+      RedirectHttp2Https: domainConf.RedirectHttp2Https || "0",
+      TlsVersion: domainConf.TlsVersion || "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3"
+    }
+    if (httpsStatusAbroad === "enable") {
+      body.HttpsStatusAbroad = httpsStatusAbroad;
+    }
+    if (httpsStatusCn === "enable") {
+      body.HttpsStatusCn = httpsStatusCn;
+    }
+    this.logger.info(`----------- 更新CDN域名HTTPS配置${domainId}，${JSON.stringify(body)}`);
+    const resp = await access.invoke(body);
+    this.logger.info(`----------- 部署CDN证书${domainId}成功，${JSON.stringify(resp)}`);
+  }
+
+  async onGetDomainList(req: PageSearch = {}) {
+    const access = await this.getAccess<UCloudAccess>(this.accessId);
+
+    const pageNo = req.pageNo ?? 1;
+    const pageSize = req.pageSize ?? 100;
+    const res = await access.CdnDominList(
+      {
+        PageNo: pageNo,
+        PageSize: pageSize
+      }
+    );
+    const total = res.TotalCount;
+    const list = res.DomainInfoList || [];
+    if (!list || list.length === 0) {
+      throw new Error("没有找到CDN域名，请先在控制台创建CDN域名");
+    }
+
+    /**
+     *  "Domain": "ucloud.certd.handsfree.work",
+      "DomainId": "ucdn-1kwdtph5ygbb"
+     */
+    const options = list.map((item: any) => {
+      return {
+        label: `${item.Domain}<${item.DomainId}>`,
+        value: `${item.Domain}`,
+        domain: item.Domain
+      };
+    });
+    return {
+      list: this.ctx.utils.options.buildGroupOptions(options, this.certDomains),
+      total: total,
+      pageNo: pageNo,
+      pageSize: pageSize
+    };
+  }
+
+}
+
+//实例化一下，注册插件
+new UCloudDeployToCDN();
@@ -0,0 +1,73 @@
+import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskOutput } from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { UCloudAccess } from "../access.js";
+
+@IsTaskPlugin({
+  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
+  name: "UCloudUploadToUSSL",
+  title: "UCloud-上传到USSL",
+  desc: "将证书上传到UCloud USSL",
+  icon: "svg:icon-ucloud",
+  //插件分组
+  group: pluginGroups.ucloud.key,
+  needPlus: false,
+  default: {
+    //默认值配置照抄即可
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+//类名规范，跟上面插件名称（name）一致
+export class UCloudUploadToUSSL extends AbstractTaskPlugin {
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    }
+    // required: true, // 必填
+  })
+  cert!: CertInfo;
+
+ 
+
+  //授权选择框
+  @TaskInput({
+    title: "UCloud授权",
+    component: {
+      name: "access-selector",
+      type: "ucloud" //固定授权类型
+    },
+    required: true //必填
+  })
+  accessId!: string;
+  //
+
+  @TaskOutput({
+    title: "证书ID",
+    type: "UCloudCertId",
+  })
+  certId!: {type:string,id:number,name:string};
+
+
+  //插件实例化时执行的方法
+  async onInstance() {
+  }
+
+  //插件执行方法
+  async execute(): Promise<void> {
+    const access = await this.getAccess<UCloudAccess>(this.accessId);
+    const certId = await access.SslUploadCert({cert:this.cert});
+    this.certId = certId;
+    this.logger.info("部署完成");
+  }
+
+
+
+}
+
+//实例化一下，注册插件
+new UCloudUploadToUSSL();
@@ -10,7 +10,7 @@ import { CertInfo } from "@certd/plugin-cert";
  name: "wangsu",
  title: "网宿授权",
  desc: "",
-  icon: "svg:icon-lucky"
+  icon: "svg:icon-wangsu"
 })
 export class WangsuAccess extends BaseAccess {

@@ -15,7 +15,7 @@ import { WangsuAccess } from "../access.js";
  name: "WangsuRefreshCert",
  title: "网宿-更新证书",
  desc: "网宿证书自动更新",
-  icon: "svg:icon-lucky",
+  icon: "svg:icon-wangsu",
  //插件分组
  group: pluginGroups.cdn.key,
  needPlus: false,
@@ -7,7 +7,7 @@ import crypto from "crypto";
@IsAccess({
  name: "xinnetagent",
  title: "新网授权（代理方式）",
-  icon: "lsicon:badge-new-filled",
+  icon: "svg:icon-xinnet",
  desc: ""
 })
 export class XinnetAgentAccess extends BaseAccess {
@@ -8,7 +8,7 @@ import { XinnetClient } from "@certd/plugin-plus";
@IsAccess({
  name: "xinnet",
  title: "新网授权",
-  icon: "lsicon:badge-new-filled",
+  icon: "svg:icon-xinnet",
  desc: ""
 })
 export class XinnetAccess extends BaseAccess {
@@ -11,7 +11,7 @@ export type XinnetAgentRecord = {
  name: "xinnetagent",
  title: "新网(代理方式)",
  desc: "新网域名解析(代理方式)",
-  icon: "lsicon:badge-new-filled",
+  icon: "svg:icon-xinnet",
  // 这里是对应的 cloudflare的access类型名称
  accessType: "xinnetagent",
  order: 7
@@ -16,7 +16,7 @@ export type XinnetRecord = {
  name: "xinnet",
  title: "新网",
  desc: "新网域名解析",
-  icon: "lsicon:badge-new-filled",
+  icon: "svg:icon-xinnet",
  // 这里是对应的 cloudflare的access类型名称
  accessType: "xinnet",
  order: 7
@@ -7,7 +7,7 @@ import { IsAccess, AccessInput, BaseAccess } from '@certd/pipeline';
@IsAccess({
  name: 'xinnetconnect',
  title: '新网互联授权',
-  icon: 'lsicon:badge-new-filled',
+  icon: 'svg:icon-xinnet',
  desc: '仅支持代理账号，ip需要加入白名单',
 })
 export class XinnetConnectAccess extends BaseAccess {
@@ -14,7 +14,7 @@ export type XinnetConnectRecord = {
  name: 'xinnetconnect',
  title: '新网互联',
  desc: '新网互联',
-  icon: 'lsicon:badge-new-filled',
+  icon: 'svg:icon-xinnet',
  // 这里是对应的 cloudflare的access类型名称
  accessType: 'xinnetconnect',
  order:999,