perf: 支持ucloud，上传到ussl，部署到ucdn

2026-04-15 05:00:52 +08:00 · 2025-12-27 01:54:47 +08:00
parent 8caab1fd92
commit e61daaee2d
9 changed files with 505 additions and 90 deletions
--- a/packages/ui/certd-server/src/plugins/plugin-ucloud/access.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-ucloud/access.ts
@@ -0,0 +1,214 @@
+import { IsAccess, AccessInput, BaseAccess } from '@certd/pipeline';
+import { CertInfo, CertReader } from '@certd/plugin-cert';
+
+/**
+ * 这个注解将注册一个授权配置
+ * 在certd的后台管理系统中，用户可以选择添加此类型的授权
+ */
+@IsAccess({
+  name: 'ucloud',
+  title: 'UCloud授权',
+  icon: 'lsicon:badge-new-filled',
+  desc: '优刻得授权',
+})
+export class UCloudAccess extends BaseAccess {
+
+  /**
+   * 授权属性配置
+   */
+  @AccessInput({
+    title: '项目Id',
+    component: {
+      placeholder: '项目Id',
+    },
+    helper: "[项目管理](https://console.ucloud.cn/uaccount/iam/project_manage)项目ID列获取",
+    required: true,
+    encrypt: false,
+  })
+  projectId = '';
+
+
+  /**
+   * 授权属性配置
+   */
+  @AccessInput({
+    title: '公钥',
+    component: {
+      placeholder: '公钥',
+    },
+    helper: "[Api管理](https://console.ucloud.cn/uaccount/api_manage)获取",
+    required: true,
+    encrypt: false,
+  })
+  publicKey = '';
+
+  @AccessInput({
+    title: '私钥',
+    component: {
+      name: "a-input-password",
+      vModel: "value",
+      placeholder: '私钥',
+    },
+    required: true,
+    encrypt: true,
+  })
+  privateKey = '';
+
+
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "点击测试接口是否正常"
+  })
+  testRequest = true;
+
+  client: any;
+
+  async onTestRequest() {
+    await this.ProjectList();
+    return "ok";
+  }
+
+
+  async getClient() {
+    if (this.client) {
+      return this.client;
+    }
+    const { Client } = await import('@ucloud-sdks/ucloud-sdk-js');
+    const client = new Client({
+      config: {
+        region: 'cn-bj2',
+        projectId: this.projectId || "",
+        baseUrl: "https://api.ucloud.cn"
+      },
+      credential: {
+        publicKey: this.publicKey,
+        privateKey: this.privateKey,
+      }
+    });
+    this.client = client;
+    return client
+  }
+
+  async ProjectList() {
+    const client = await this.getClient();
+    const resp = await client.uaccount().getProjectList({
+      "Action": "GetProjectList"
+    });
+    this.ctx.logger.info(`获取到项目列表:${JSON.stringify(resp)}`);
+    return resp;
+  }
+
+  async GetRegion() {
+    const client = await this.getClient();
+    const res = await client.uaccount().getRegion({
+      "Action": "GetRegion"
+    });
+    this.ctx.logger.info(`获取到区域列表:${JSON.stringify(res)}`);
+    return res;
+  }
+
+  async CdnDominList(req: { PageNo: number, PageSize: number }) {
+    const client = await this.getClient();
+    const resp = await client.ucdn().getUcdnDomainInfoList({
+      "Action": "GetUcdnDomainInfoList",
+      "ProjectId": this.projectId || "",
+      "PageNo": req.PageNo,
+      "PageSize": req.PageSize,
+    });
+    this.ctx.logger.info(`获取到CDN域名列表:${JSON.stringify(resp)}`);
+    return resp;
+  }
+
+  async CdnAddCert(req: { certName: string, cert: CertInfo }) {
+    const client = await this.getClient();
+    const resp = await client.ucdn().addCertificate({
+      "Action": "AddCertificate",
+      "ProjectId": this.projectId || "",
+      "CertName": req.certName,
+      "UserCert": req.cert.crt,
+      "PrivateKey": req.cert.key
+    });
+    this.ctx.logger.info(`添加CDN证书:${JSON.stringify(resp)}`);
+    return resp;
+  }
+
+
+  async SslUploadCert(req: { cert: CertInfo }) {
+    const { cert } = req
+    /**
+&SslPublicKey=lXUzWbSR
+&SslCaKey=lXUzWbSR
+&SslMD5=lXUzWbSR
+&CertificateName=GoodCertcification
+     */
+    const certReader = new CertReader(cert)
+    const certName = certReader.buildCertName()
+    const crtBase64 = this.ctx.utils.hash.base64(cert.crt)
+    const keyBase64 = this.ctx.utils.hash.base64(cert.key)
+    const allDomains = certReader.getAllDomains().join(",")
+        
+    this.ctx.logger.info(`----------- 上传USSL证书，certName:${certName},domains:${allDomains}`);
+    try {
+      const resp = await this.invoke({
+        Action: "UploadNormalCertificate",
+        "SslPublicKey": crtBase64,
+        "SslPrivateKey": keyBase64,
+        "CertificateName": certName,
+        "SslMD5": this.ctx.utils.hash.md5(crtBase64 + keyBase64)
+      });
+      this.ctx.logger.info(`----------- 上传USSL证书成功，certId:${resp.CertificateID}`);
+      return { type: "ussl", id: resp.CertificateID, name: certName, resourceId: resp.LongResourceID,domains:allDomains }
+    } catch (err) {
+
+      if(err.message.includes("重复上传证书")){
+        //查找证书
+        const certList = await this.SslGetCertList(certReader.getMainDomain());
+       
+        const cert = certList.find((item: any) => item.Domains === allDomains)
+        if(cert){
+          this.ctx.logger.info(`----------- 找到已存在证书，certId:${cert.CertificateID}`);
+          return { type: "ussl", id: cert.CertificateID, name: certName, domains: cert.Domains }
+        }
+      }
+
+      this.ctx.logger.error(`上传USSL证书失败:${err}`);
+      throw err;
+    }
+
+
+  }
+
+  async SslGetCertList(domain: string) {
+    const resp = await this.invoke({
+      Action: "GetCertificateList",
+      Mode: "trust",
+      Domain: domain,
+      Sort:"2"
+    });
+    return resp.CertificateList||[];
+  }
+
+
+  async invoke(req: { Action: string, [key: string]: any }) {
+    const { Request } = await import('@ucloud-sdks/ucloud-sdk-js');
+    const client = await this.getClient();
+    const resp = await client.invoke(new Request({
+      ...req
+    }));
+    this.ctx.logger.info(`请求UCloud API:${JSON.stringify(resp)}`);
+    const res = resp.data || {}
+    if (res.RetCode !== 0) {
+      throw new Error(res.Message)
+    }
+
+    return res;
+  }
+
+}
+
+new UCloudAccess();