feat: 域名验证方法支持CNAME间接方式，此方式支持所有域名注册商，且无需提供Access授权，但是需要手动添加cname解析

packages/core/acme-client/src/auto.js

@@ -118,16 +118,16 @@ module.exports = async (client, userOpts) => {
             /* Trigger challengeCreateFn() */
             log(`[auto] [${d}] Trigger challengeCreateFn()`);
             const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
-            let recordItem = null;
+
             try {
-                recordItem = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
+                const { recordReq, recordRes, dnsProvider } = await opts.challengeCreateFn(authz, challenge, keyAuthorization);
                 log(`[auto] [${d}] challengeCreateFn success`);
                 log(`[auto] [${d}] add challengeRemoveFn()`);
                 clearTasks.push(async () => {
                     /* Trigger challengeRemoveFn(), suppress errors */
                     log(`[auto] [${d}] Trigger challengeRemoveFn()`);
                     try {
-                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem);
+                        await opts.challengeRemoveFn(authz, challenge, keyAuthorization, recordReq, recordRes, dnsProvider);
                     }
                     catch (e) {
                         log(`[auto] [${d}] challengeRemoveFn threw error: ${e.message}`);

packages/core/acme-client/src/verify.js

@@ -68,6 +68,7 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
 
         if (txtRecords.length) {
             log(`Found ${txtRecords.length} TXT records at ${recordName}`);
+            log(`TXT records: ${JSON.stringify(txtRecords)}`);
             return [].concat(...txtRecords);
         }
     }

packages/core/acme-client/types/index.d.ts

@@ -55,8 +55,8 @@ export interface ClientExternalAccountBindingOptions {
 
 export interface ClientAutoOptions {
     csr: CsrBuffer | CsrString;
-    challengeCreateFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string) => Promise<any>;
-    challengeRemoveFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string, recordRes:any) => Promise<any>;
+    challengeCreateFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string) => Promise<{recordReq:any,recordRes:any,dnsProvider:any}>;
+    challengeRemoveFn: (authz: Authorization, challenge: rfc8555.Challenge, keyAuthorization: string,recordReq:any, recordRes:any,dnsProvider:any) => Promise<any>;
     email?: string;
     termsOfServiceAgreed?: boolean;
     skipChallengeVerification?: boolean;

packages/core/pipeline/src/core/executor.ts

@@ -10,7 +10,7 @@ import { createAxiosService } from "../utils/util.request.js";
 import { IAccessService } from "../access/index.js";
 import { RegistryItem } from "../registry/index.js";
 import { Decorator } from "../decorator/index.js";
-import { IEmailService } from "../service/index.js";
+import { ICnameProxyService, IEmailService } from "../service/index.js";
 import { FileStore } from "./file-store.js";
 import { hashUtils, utils } from "../utils/index.js";
 // import { TimeoutPromise } from "../utils/util.promise.js";
@@ -21,6 +21,7 @@ export type ExecutorOptions = {
   onChanged: (history: RunHistory) => Promise<void>;
   accessService: IAccessService;
   emailService: IEmailService;
+  cnameProxyService: ICnameProxyService;
   fileRootDir?: string;
   user: UserInfo;
 };
@@ -221,7 +222,7 @@ export class Executor {
     //从outputContext读取输入参数
     const input = _.cloneDeep(step.input);
     Decorator.inject(define.input, instance, input, (item, key) => {
-      if (item.component?.name === "pi-output-selector") {
+      if (item.component?.name === "output-selector") {
         const contextKey = input[key];
         if (contextKey != null) {
           if (typeof contextKey !== "string") {
@@ -268,6 +269,7 @@ export class Executor {
       inputChanged,
       accessService: this.options.accessService,
       emailService: this.options.emailService,
+      cnameProxyService: this.options.cnameProxyService,
       pipelineContext: this.pipelineContext,
       userContext: this.contextFactory.getContext("user", this.options.user.id),
       fileStore: new FileStore({

packages/core/pipeline/src/plugin/api.ts

@@ -3,7 +3,7 @@ import { FileItem, FormItemProps, Pipeline, Runnable, Step } from "../dt/index.j
 import { FileStore } from "../core/file-store.js";
 import { Logger } from "log4js";
 import { IAccessService } from "../access/index.js";
-import { IEmailService } from "../service/index.js";
+import { ICnameProxyService, IEmailService } from "../service/index.js";
 import { IContext, PluginRequestHandleReq, RunnableCollection } from "../core/index.js";
 import { ILogger, logger, utils } from "../utils/index.js";
 import { HttpClient } from "../utils/util.request.js";
@@ -70,6 +70,8 @@ export type TaskInstanceContext = {
   accessService: IAccessService;
   //邮件服务
   emailService: IEmailService;
+  //cname记录服务
+  cnameProxyService: ICnameProxyService;
   //流水线上下文
   pipelineContext: IContext;
   //用户上下文
@@ -84,7 +86,7 @@ export type TaskInstanceContext = {
   signal: AbortSignal;
   //工具类
   utils: typeof utils;
-
+  //用户信息
   user: UserInfo;
 };
 

packages/core/pipeline/src/service/cname.ts

@@ -0,0 +1,16 @@
+export type CnameProvider = {
+  id: any;
+  domain: string;
+  dnsProviderType: string;
+  accessId: any;
+};
+export type CnameRecord = {
+  id: any;
+  domain: string;
+  hostRecord: string;
+  recordValue: string;
+  cnameProvider: CnameProvider;
+};
+export type ICnameProxyService = {
+  getByDomain: (domain: string) => Promise<CnameRecord>;
+};

packages/core/pipeline/src/service/index.ts

@@ -1 +1,2 @@
 export * from "./email.js";
+export * from "./cname.js";