Merge branch 'v2-dev' of https://github.com/certd/certd into v2-dev

packages/ui/Dockerfile

@@ -1,11 +1,11 @@
 FROM node:22-alpine AS builder
 
-RUN apk add build-base
-RUN wget -O - https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2 | tar -xj && \
-    cd jemalloc-5.3.0 && \
-    ./configure && \
-    make && \
-    make install
+# RUN apk add build-base
+# RUN wget -O - https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2 | tar -xj && \
+#     cd jemalloc-5.3.0 && \
+#     ./configure && \
+#     make && \
+#     make install
 
 
 WORKDIR /workspace/
@@ -24,9 +24,9 @@ FROM node:22-alpine
 EXPOSE 7001
 EXPOSE 7002
 
-# 安装jemalloc内存分配器，优化内存占用
-COPY --from=builder /usr/local/lib/libjemalloc.so.2 /usr/local/lib/
-ENV LD_PRELOAD=/usr/local/lib/libjemalloc.so.2
+# 安装jemalloc内存分配器，优化内存占用 -- 基本没用，反而更高了
+# COPY --from=builder /usr/local/lib/libjemalloc.so.2 /usr/local/lib/
+# ENV LD_PRELOAD=/usr/local/lib/libjemalloc.so.2
 
 
 RUN apk add --no-cache openssl

packages/ui/certd-client/CHANGELOG.md

@@ -3,6 +3,19 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.17](https://github.com/certd/certd/compare/v1.37.16...v1.37.17) (2025-12-29)
+
+### Performance Improvements
+
+* 批量修改定时时间支持随机时间 ([d0f653d](https://github.com/certd/certd/commit/d0f653da9a2970920e961e7404ff04080bccd343))
+* 批量运行优化，支持普通运行和强制重新运行 ([039c62b](https://github.com/certd/certd/commit/039c62b09b37cdda35d33c6ee9adecad62dee75c))
+* 优化源码方式部署，前端无需编译 ([13ddc97](https://github.com/certd/certd/commit/13ddc979ec7953e3db8db76dd23fd85a3b3c7997))
+* 支持部署到goedge ([44bf4b1](https://github.com/certd/certd/commit/44bf4b1cc1aafa2d711c3b8e408009f0ceb413eb))
+* 支持从阿里云商用证书订单中获取证书 ([8872466](https://github.com/certd/certd/commit/887246696861c3a0b1f99fd9ad978caea423c650))
+* 支持授权给管理员查看和下载用户证书 ([1347355](https://github.com/certd/certd/commit/1347355cb117694abe99da385352a19771a32e84))
+* 执行队列数量支持设置 ([cd94488](https://github.com/certd/certd/commit/cd944882c3272adad4a2da94a3889a01fe05fe13))
+* aws route53 ([8caab1f](https://github.com/certd/certd/commit/8caab1fd9264df548f467b94202d567107b7a30b))
+
 ## [1.37.16](https://github.com/certd/certd/compare/v1.37.15...v1.37.16) (2025-12-15)
 
 ### Bug Fixes

packages/ui/certd-client/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-client",
-  "version": "1.37.16",
+  "version": "1.37.17",
   "private": true,
   "scripts": {
     "dev": "vite --open",
@@ -106,8 +106,8 @@
     "zod-defaults": "^0.1.3"
   },
   "devDependencies": {
-    "@certd/lib-iframe": "^1.37.16",
-    "@certd/pipeline": "^1.37.16",
+    "@certd/lib-iframe": "^1.37.17",
+    "@certd/pipeline": "^1.37.17",
     "@rollup/plugin-commonjs": "^25.0.7",
     "@rollup/plugin-node-resolve": "^15.2.3",
     "@types/chai": "^4.3.12",

packages/ui/certd-client/src/locales/langs/zh-CN/certd.ts

@@ -775,7 +775,7 @@ export default {
 
       pipelineMaxRunningCount: "同时最大运行流水线数量",
       pipelineMaxRunningCountHelper: "同一个用户同时运行的最大流水线数量，避免同时触发太多导致ACME账户被限制",
-      pipelineMaxRunningCountRecommend: "推荐5-10",
+      pipelineMaxRunningCountRecommend: "推荐5-15，默认10",
 
       fixedCertExpireDays: "固定证书有效期天数",
       fixedCertExpireDaysHelper: "固定证书有效期天数，有助于列表进度条整齐显示",

packages/ui/certd-server/.env

@@ -1 +1,2 @@
 LEGO_VERSION=4.30.1
+

packages/ui/certd-server/.gitignore

@@ -22,4 +22,6 @@ run/
 tools/lego/*
 !tools/lego/readme.md
 test.mjs
-isolate-*.log
+isolate-*.log
+
+ui-*.zip

packages/ui/certd-server/CHANGELOG.md

@@ -3,6 +3,35 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.37.17](https://github.com/certd/certd/compare/v1.37.16...v1.37.17) (2025-12-29)
+
+### Bug Fixes
+
+* 发送证书到邮箱插件的邮件模版转为使用邮箱配置中的通用模版 ([c5a3003](https://github.com/certd/certd/commit/c5a3003cf7b640500a90ec2c8961859ffe6fdb18))
+* 首页最快到期证书，不包含已禁用的流水线 ([d731956](https://github.com/certd/certd/commit/d731956b066e4dbbe24d4de7b3d3679b355eb97c))
+* 修复部署到华为obs 报错的bug ([dd19afc](https://github.com/certd/certd/commit/dd19afce928a7f36312af9df1e7e5ed3eb1e214a))
+* 修复从模版创建的流水线不会自动执行的bug ([833808c](https://github.com/certd/certd/commit/833808c5deb716122b241d3d67349d2d6a18bf45))
+* 修复流水线列表step数量统计错误的bug ([0e5a4fb](https://github.com/certd/certd/commit/0e5a4fb098d3261b690c551cf2b95198cac487e7))
+* 修复用户删除后，用相同的oauth授权登录报错用户不存在的问题 ([e505916](https://github.com/certd/certd/commit/e5059165259e4d757abc811c0c14bbc4a3dbaee9))
+* 修复站点ip监控报主站与ip证书过期时间不一致的问题 ([62f8525](https://github.com/certd/certd/commit/62f8525dd5da95dc07ed103f602644c6e5f7f8e3))
+* 修复serverchan3 没有选择tags报错的bug ([5bbf210](https://github.com/certd/certd/commit/5bbf210394883c4893c365bd16e999490b6e9b41))
+
+### Performance Improvements
+
+* 批量修改定时时间支持随机时间 ([d0f653d](https://github.com/certd/certd/commit/d0f653da9a2970920e961e7404ff04080bccd343))
+* 批量运行优化，支持普通运行和强制重新运行 ([039c62b](https://github.com/certd/certd/commit/039c62b09b37cdda35d33c6ee9adecad62dee75c))
+* 升级lego到4.30.1版本 ([136e8dd](https://github.com/certd/certd/commit/136e8dd7c5ff7199ff4b0bcca95b8a03aa847553))
+* 腾讯云EO增加请求参数打印 ([5b5deac](https://github.com/certd/certd/commit/5b5deac7d98684eda5c68384241a4d62c48d803b))
+* 优化阿里云esa清理证书时机 ([5359a76](https://github.com/certd/certd/commit/5359a7670fac5a18c4294b37a34227308a0deed6))
+* 支持部署到goedge ([44bf4b1](https://github.com/certd/certd/commit/44bf4b1cc1aafa2d711c3b8e408009f0ceb413eb))
+* 支持授权给管理员查看和下载用户证书 ([1347355](https://github.com/certd/certd/commit/1347355cb117694abe99da385352a19771a32e84))
+* 支持执行队列，避免同一时间触发流水线太多导致被限制 ([888d959](https://github.com/certd/certd/commit/888d9591fe9730b529e1c355d71f41e7ec9b479d))
+* 支持aws route53 dns ([cbb8319](https://github.com/certd/certd/commit/cbb8319cfa48673e81ec15894adc3376c173c97e))
+* 支持ucloud waf（未测试） ([a248367](https://github.com/certd/certd/commit/a248367b154c38661a6797ef64e37ec99d4e2abf))
+* 支持ucloud，上传到ussl，部署到ucdn ([e61daae](https://github.com/certd/certd/commit/e61daaee2d0dec19710cd4ec759219a071f2435e))
+* 执行队列数量支持设置 ([cd94488](https://github.com/certd/certd/commit/cd944882c3272adad4a2da94a3889a01fe05fe13))
+* aws route53 ([8caab1f](https://github.com/certd/certd/commit/8caab1fd9264df548f467b94202d567107b7a30b))
+
 ## [1.37.16](https://github.com/certd/certd/compare/v1.37.15...v1.37.16) (2025-12-15)
 
 ### Bug Fixes

packages/ui/certd-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@certd/ui-server",
-  "version": "1.37.16",
+  "version": "1.37.17",
   "description": "fast-server base midway",
   "private": true,
   "type": "module",
@@ -46,20 +46,20 @@
     "@aws-sdk/client-iam": "^3.699.0",
     "@aws-sdk/client-route-53": "^3.957.0",
     "@aws-sdk/client-s3": "^3.705.0",
-    "@certd/acme-client": "^1.37.16",
-    "@certd/basic": "^1.37.16",
-    "@certd/commercial-core": "^1.37.16",
+    "@certd/acme-client": "^1.37.17",
+    "@certd/basic": "^1.37.17",
+    "@certd/commercial-core": "^1.37.17",
     "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.37.16",
-    "@certd/lib-huawei": "^1.37.16",
-    "@certd/lib-k8s": "^1.37.16",
-    "@certd/lib-server": "^1.37.16",
-    "@certd/midway-flyway-js": "^1.37.16",
-    "@certd/pipeline": "^1.37.16",
-    "@certd/plugin-cert": "^1.37.16",
-    "@certd/plugin-lib": "^1.37.16",
-    "@certd/plugin-plus": "^1.37.16",
-    "@certd/plus-core": "^1.37.16",
+    "@certd/jdcloud": "^1.37.17",
+    "@certd/lib-huawei": "^1.37.17",
+    "@certd/lib-k8s": "^1.37.17",
+    "@certd/lib-server": "^1.37.17",
+    "@certd/midway-flyway-js": "^1.37.17",
+    "@certd/pipeline": "^1.37.17",
+    "@certd/plugin-cert": "^1.37.17",
+    "@certd/plugin-lib": "^1.37.17",
+    "@certd/plugin-plus": "^1.37.17",
+    "@certd/plus-core": "^1.37.17",
     "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.120",
     "@huaweicloud/huaweicloud-sdk-core": "^3.1.120",
     "@koa/cors": "^5.0.0",

packages/ui/certd-server/src/modules/pipeline/service/pipeline-service.ts

@@ -131,7 +131,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
       let stepCount = 0;
       if (pipeline.stages) {
         RunnableCollection.each(pipeline.stages, (runnable: any) => {
-          stepCount++;
+          if (runnable.runnableType === "step") {
+            stepCount++;
+          }
         });
       }
       // @ts-ignore

packages/ui/certd-server/src/plugins/plugin-goedge/access.ts

@@ -1,5 +1,5 @@
-import {AccessInput, BaseAccess, IsAccess} from "@certd/pipeline";
-import {HttpRequestConfig} from "@certd/basic";
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+import { HttpRequestConfig } from "@certd/basic";
 import { CertInfo, CertReader } from "@certd/plugin-cert";
 import dayjs from "dayjs";
 
@@ -17,10 +17,10 @@ export class GoEdgeAccess extends BaseAccess {
   @AccessInput({
     title: "系统地址",
     component: {
-        name: "a-input",
-        vModel: "value"
+      name: "a-input",
+      vModel: "value"
     },
-    helper:"例如：http://yourdomain.com:8002， 需要在API节点配置中开启HTTP访问地址",
+    helper: "例如：http://yourdomain.com:8002， 需要在API节点配置中开启HTTP访问地址",
     encrypt: false,
     required: true
   })
@@ -49,7 +49,7 @@ export class GoEdgeAccess extends BaseAccess {
 
   @AccessInput({
     title: "accessKeyId",
-    helper:`用户AccessKey: 在”平台用户-用户-详情-AccessKey” 或 商业版的“访问控制” 中创建。
+    helper: `用户AccessKey: 在”平台用户-用户-详情-AccessKey” 或 商业版的“访问控制” 中创建。
 管理员AccessKey：在”系统用户-用户-详情-AccessKey” 中创建。`,
     component: {
       name: "a-input",
@@ -83,11 +83,11 @@ export class GoEdgeAccess extends BaseAccess {
   })
   testRequest = true;
 
-  accessToken: {expiresAt:number,token:string}
+  accessToken: { expiresAt: number, token: string }
 
   async onTestRequest() {
-      await this.getCertList({pageSize:1});
-      return "ok"
+    await this.getCertList({ pageSize: 1 });
+    return "ok"
   }
 
   /**
@@ -115,32 +115,32 @@ export class GoEdgeAccess extends BaseAccess {
     "ocspError": ""
    * @returns 
    */
-  async getCertList(req:{pageNo?:number,pageSize?:number,query?:string,onlyUser?:boolean,userId?:number}){
+  async getCertList(req: { pageNo?: number, pageSize?: number, query?: string, onlyUser?: boolean, userId?: number }) {
     const pageNo = req.pageNo ?? 1;
     const pageSize = req.pageSize ?? 20;
-    const body:any = {
-        keyword: req.query??"",
-	      offset: (pageNo-1)*pageSize,
-        size: pageSize,
+    const body: any = {
+      keyword: req.query ?? "",
+      offset: (pageNo - 1) * pageSize,
+      size: pageSize,
     }
-     if (req.onlyUser){
+    if (req.onlyUser) {
       body["onlyUser"] = true;
     }
-    if (req.userId){
+    if (req.userId) {
       body["userId"] = req.userId;
     }
 
     const countRes = await this.doRequest({
       url: `/SSLCertService/countSSLCerts`,
       method: "POST",
-      data:body
+      data: body
     });
     const total = countRes.count || 9999;
 
     const res = await this.doRequest({
       url: `/SSLCertService/listSSLCerts`,
       method: "POST",
-      data:body
+      data: body
     });
     // this.ctx.logger.info("getCertList",JSON.stringify(res));
     const sslCertsJSON = this.ctx.utils.hash.base64Decode(res.sslCertsJSON) || "[]";
@@ -153,21 +153,26 @@ export class GoEdgeAccess extends BaseAccess {
     }
   }
 
-  async doCertReplace(req:{certId:number,cert:CertInfo}){
+  async doCertReplace(req: { certId: number, cert: CertInfo }) {
 
-    const res = await this.doRequest({
-      url: `/SSLCertService/findEnabledSSLCertConfig`,
-      method: "POST",
-      data: {
-        sslCertId: req.certId,
-      }
-    });
-    const sslCertJSON = this.ctx.utils.hash.base64Decode(res.sslCertJSON) || "{}";
-    const sslCert = JSON.parse(sslCertJSON) ;
+    let sslCert:any = {}
+    try {
+      const res = await this.doRequest({
+        url: `/SSLCertService/findEnabledSSLCertConfig`,
+        method: "POST",
+        data: {
+          sslCertId: req.certId,
+        }
+      });
+      const sslCertJSON = this.ctx.utils.hash.base64Decode(res.sslCertJSON) || "{}";
+      sslCert = JSON.parse(sslCertJSON);
+    } catch (error) {
+      this.ctx.logger.error("获取原来的证书详情失败", error);
+    }
 
     const certReader = new CertReader(req.cert);
     const dnsNames = certReader.getAllDomains()
-    
+
     // /product/sslcenter/{id}
     return await this.doRequest({
       url: `/SSLCertService/updateSSLCert`,
@@ -175,31 +180,31 @@ export class GoEdgeAccess extends BaseAccess {
       data: {
         sslCertId: req.certId,
         certData: this.ctx.utils.hash.base64(req.cert.crt),
-		    keyData: this.ctx.utils.hash.base64(req.cert.key),
-        isOn: sslCert.isOn,
+        keyData: this.ctx.utils.hash.base64(req.cert.key),
+        isOn: sslCert.isOn ?? true,
         name: sslCert.name || certReader.buildCertName(),
         description: sslCert.description || "upload by certd",
         serverName: sslCert.serverName,
-        timeBeginAt: certReader.detail.notBefore.getTime()/1000,
-        timeEndAt: certReader.detail.notAfter.getTime()/1000,
+        timeBeginAt: certReader.detail.notBefore.getTime() / 1000,
+        timeEndAt: certReader.detail.notAfter.getTime() / 1000,
         dnsNames: dnsNames,
         /**
          * // 是否启用
-	bool isOn;
+  bool isOn;
 
-	// 名称
-	string name;
+  // 名称
+  string name;
 
-	// 描述（备注）
-	string description;
-	string serverName;
-	bool isCA;
-	bytes certData;
-	bytes keyData;
-	int64 timeBeginAt;
-	int64 timeEndAt;
-	[]string dnsNames;
-	[]string commonNames;
+  // 描述（备注）
+  string description;
+  string serverName;
+  bool isCA;
+  bytes certData;
+  bytes keyData;
+  int64 timeBeginAt;
+  int64 timeEndAt;
+  []string dnsNames;
+  []string commonNames;
          */
       }
     });
@@ -207,9 +212,9 @@ export class GoEdgeAccess extends BaseAccess {
   }
 
 
-  async getToken(){
+  async getToken() {
     // /APIAccessTokenService/getAPIAccessToken
-    if (this.accessToken && this.accessToken.expiresAt >dayjs().unix()){
+    if (this.accessToken && this.accessToken.expiresAt > dayjs().unix()) {
       return this.accessToken;
     }
 
@@ -226,26 +231,26 @@ export class GoEdgeAccess extends BaseAccess {
     return res;
   }
 
-  async doRequest(req:HttpRequestConfig){
+  async doRequest(req: HttpRequestConfig) {
 
-    const headers: Record<string,string> = {}
-    if(!req.url.endsWith("/getAPIAccessToken")){
-      if (!this.accessToken || this.accessToken.expiresAt < dayjs().unix()){
+    const headers: Record<string, string> = {}
+    if (!req.url.endsWith("/getAPIAccessToken")) {
+      if (!this.accessToken || this.accessToken.expiresAt < dayjs().unix()) {
         await this.getToken();
       }
       headers["X-Edge-Access-Token"] = this.accessToken.token;
     }
     let endpoint = this.endpoint;
-    if (endpoint.endsWith("/")){
-      endpoint = endpoint.slice(0,-1);
+    if (endpoint.endsWith("/")) {
+      endpoint = endpoint.slice(0, -1);
     }
-    const res =  await this.ctx.http.request({
+    const res = await this.ctx.http.request({
       url: req.url,
       baseURL: endpoint,
-      method: req.method|| "POST",
+      method: req.method || "POST",
       data: req.data,
-      params:  req.params,
-      headers:{
+      params: req.params,
+      headers: {
         ...headers,
         ...req.headers
       },