From e4e16bc6a65bb082c18ca0590226f0987a47d477 Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Mon, 15 Dec 2025 23:34:47 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dipv6=E4=BD=9C=E4=B8=BA?=
 =?UTF-8?q?=E8=AF=81=E4=B9=A6=E5=9F=9F=E5=90=8D=E7=94=B3=E8=AF=B7=E8=AF=81?=
 =?UTF-8?q?=E4=B9=A6=E6=A0=A1=E9=AA=8C=E5=A4=B1=E8=B4=A5=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/core/acme-client/src/verify.js       | 10 +++++--
 packages/core/basic/.gitignore                |  1 +
 packages/core/basic/src/utils/util.domain.ts  |  2 +-
 packages/core/basic/test.mjs                  | 28 +++++++++++--------
 .../src/system/settings/service/models.ts     |  9 ++----
 .../src/dns-provider/domain-parser.ts         |  5 ++++
 .../src/plugin/cert-plugin/index.ts           |  2 +-
 .../src/plugin/validator/index.ts             | 26 ++++++++++++++++-
 8 files changed, 59 insertions(+), 24 deletions(-)

diff --git a/packages/core/acme-client/src/verify.js b/packages/core/acme-client/src/verify.js
index 6d94d7394..bcf854846 100644
--- a/packages/core/acme-client/src/verify.js
+++ b/packages/core/acme-client/src/verify.js
@@ -8,7 +8,7 @@ import {log as defaultLog} from './logger.js'
 import axios from './axios.js'
 import * as util from './util.js'
 import {isAlpnCertificateAuthorizationValid} from './crypto/index.js'
-
+import {utils} from '@certd/basic'
 
 const dns = dnsSdk.promises
 
@@ -60,11 +60,15 @@ async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix =
     }
 
     const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
-    const challengeUrl = `http://${authz.identifier.value}:${httpPort}${suffix}`;
+    let host = authz.identifier.value;
+    if(utils.domain.isIpv6(host)){
+        host = `[${host}]`;
+    }
+    const challengeUrl = `http://${host}:${httpPort}${suffix}`;
 
     if (!await doQuery(challengeUrl)) {
         const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
-        const httpsChallengeUrl = `https://${authz.identifier.value}:${httpsPort}${suffix}`;
+        const httpsChallengeUrl = `https://${host}:${httpsPort}${suffix}`;
         const res = await doQuery(httpsChallengeUrl)
         if (!res) {
             throw new Error(`[error] 验证失败，请检查以上测试url是否可以正常访问`);
diff --git a/packages/core/basic/.gitignore b/packages/core/basic/.gitignore
index c90f5f96b..f897596ac 100644
--- a/packages/core/basic/.gitignore
+++ b/packages/core/basic/.gitignore
@@ -26,3 +26,4 @@ dist-ssr
 test/user.secret.*
 test/**/*.js
 src/**/*.spec.ts
+test.mjs
diff --git a/packages/core/basic/src/utils/util.domain.ts b/packages/core/basic/src/utils/util.domain.ts
index ed08f0d22..59c1ee56f 100644
--- a/packages/core/basic/src/utils/util.domain.ts
+++ b/packages/core/basic/src/utils/util.domain.ts
@@ -58,7 +58,7 @@ function isIpv6(d: string) {
   if (!d) {
     return false;
   }
-  const isIPv6Regex = /^([\da-f]{1,4}:){2,7}[\da-f]{1,4}$/i;
+  const isIPv6Regex = /^([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{1,4}$|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4})$/gm;
   return isIPv6Regex.test(d);
 }
 
diff --git a/packages/core/basic/test.mjs b/packages/core/basic/test.mjs
index 5e87fae90..c8889c56e 100644
--- a/packages/core/basic/test.mjs
+++ b/packages/core/basic/test.mjs
@@ -1,14 +1,18 @@
-import { random } from "lodash-es";
-import { locker } from "./dist/utils/util.lock.js";
+// import { random } from "lodash-es";
+// import { locker } from "./dist/utils/util.lock.js";
 
-async function testLocker() {
-  for (let i = 0; i < 10; i++) {
-    await locker.execute("test", async () => {
-      console.log("test", i);
-      await new Promise(resolve => setTimeout(resolve, Math.random() * 1000));
-      throw new Error("test error");
-    });
-  }
-}
+// async function testLocker() {
+//   for (let i = 0; i < 10; i++) {
+//     await locker.execute("test", async () => {
+//       console.log("test", i);
+//       await new Promise(resolve => setTimeout(resolve, Math.random() * 1000));
+//       throw new Error("test error");
+//     });
+//   }
+// }
 
-await testLocker();
+// await testLocker();
+
+import { domainUtils } from "./dist/utils/util.domain.js";
+
+console.log(domainUtils.isIpv6("::0:0:0:FFFF:129.144.52.38"));
diff --git a/packages/libs/lib-server/src/system/settings/service/models.ts b/packages/libs/lib-server/src/system/settings/service/models.ts
index 17a0fd54c..5df3952f7 100644
--- a/packages/libs/lib-server/src/system/settings/service/models.ts
+++ b/packages/libs/lib-server/src/system/settings/service/models.ts
@@ -134,12 +134,9 @@ export class SysEmailConf extends BaseSettings {
 
   templates:{
     registerCode?: EmailTemplate,
-    forgotPasswordCode?: EmailTemplate,
-    certSuccessNotify?: EmailTemplate,
-    certSend?: EmailTemplate,
-    pipelineNotify?: EmailTemplate,
-    test?: EmailTemplate,
-    siteMonitorNotify?: EmailTemplate,
+    forgotPassword?: EmailTemplate,
+    pipelineResult?: EmailTemplate,
+    common?: EmailTemplate,
   }
 }
 
diff --git a/packages/plugins/plugin-cert/src/dns-provider/domain-parser.ts b/packages/plugins/plugin-cert/src/dns-provider/domain-parser.ts
index 40ae592e5..b1c7838da 100644
--- a/packages/plugins/plugin-cert/src/dns-provider/domain-parser.ts
+++ b/packages/plugins/plugin-cert/src/dns-provider/domain-parser.ts
@@ -21,6 +21,11 @@ export class DomainParser implements IDomainParser {
   }
 
   async parse(fullDomain: string) {
+    //如果是ip
+    if (utils.domain.isIp(fullDomain)) {
+      return fullDomain;
+    }
+
     this.logger.info(`查找主域名:${fullDomain}`);
     const cacheKey = `domain_parse:${fullDomain}`;
     const value = utils.cache.get(cacheKey);
diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
index 506776403..7774cda01 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
@@ -220,7 +220,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
           if(form.challengeType === 'cname' ){
               return '请按照上面的提示，给要申请证书的域名添加CNAME记录，添加后，点击验证，验证成功后不要删除记录，申请和续期证书会一直用它'
           }else if (form.challengeType === 'http'){
-              return '请按照上面的提示，给每个域名设置文件上传配置，证书申请过程中会上传校验文件到网站根目录下'
+              return '请按照上面的提示，给每个域名设置文件上传配置，证书申请过程中会上传校验文件到网站根目录的.well-known/acme-challenge/目录下'
           }else if (form.challengeType === 'http'){
               return '给每个域名单独配置dns提供商'
           }
diff --git a/packages/ui/certd-client/src/plugin/validator/index.ts b/packages/ui/certd-client/src/plugin/validator/index.ts
index 105b9a10d..392b258f8 100644
--- a/packages/ui/certd-client/src/plugin/validator/index.ts
+++ b/packages/ui/certd-client/src/plugin/validator/index.ts
@@ -1,4 +1,26 @@
 import Validator from "async-validator";
+
+function isIpv6(d: string) {
+  if (!d) {
+    return false;
+  }
+  const isIPv6Regex = /^([0-9A-Fa-f]{0,4}:){2,7}([0-9A-Fa-f]{1,4}$|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4})$/gm;
+  return isIPv6Regex.test(d);
+}
+function isIpv4(d: string) {
+  if (!d) {
+    return false;
+  }
+  const isIPv4Regex = /^(\d{1,3}\.){3}\d{1,3}$/;
+  return isIPv4Regex.test(d);
+}
+function isIp(d: string) {
+  if (!d) {
+    return false;
+  }
+  return isIpv4(d) || isIpv6(d);
+}
+
 // 自定义验证器函数
 export function isDomain(rule: any, value: any) {
   if (value == null || value == "") {
@@ -14,7 +36,9 @@ export function isDomain(rule: any, value: any) {
   const compiled = new RegExp(exp);
   for (const domain of domains) {
     //域名可以是泛域名，中文域名，数字域名，英文域名，域名中可以包含-和. ,可以_开头
-
+    if (isIp(domain)) {
+      continue;
+    }
     if (!compiled.test(domain)) {
       throw new Error(`域名有误：${domain}，请输入正确的域名`);
     }