v1.37.15

build: prepare to build
chore: 升级fs
2026-04-25 21:27:32 +08:00 · 2025-12-07 00:58:12 +08:00 · 2025-12-07 00:56:13 +08:00 · 2025-12-07 00:56:06 +08:00 · 2025-12-07 00:55:38 +08:00 · 2025-12-07 00:47:24 +08:00
52 changed files with 1026 additions and 159 deletions
@@ -44,7 +44,8 @@ jobs:
      - name: deploy-certd-demo
        uses: tyrrrz/action-http-request@master
        with:
-          url: http://flow-openapi.aliyun.com/pipeline/webhook/lzCzlGrLCOHQaTMMt0mG
+          # 通过webhook 触发 certd-demo来部署
+          url: ${{ secrets.WEBHOOK_CERTD_DEMO }}
          method: POST
          headers: |
            Content-Type: application/json
@@ -121,10 +121,12 @@ jobs:
      - name: deploy-certd-doc
        uses: tyrrrz/action-http-request@master
        with:
-          url: http://flow-openapi.aliyun.com/pipeline/webhook/IiSxLDp9aOhgDUxJPytv
+          url: ${{ secrets.WEBHOOK_CERTD_DOC }}
          method: POST
          body: |
-            {}
+            {
+              "CERTD_VERSION": "1.0.0"
+            }
          headers: |
            Content-Type: application/json
          retry-count: 3
@@ -3,6 +3,19 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Bug Fixes
+
+* oidc 支持nonce ([a5ca411](https://github.com/certd/certd/commit/a5ca41131b308b36b17ca359d9709ea8e9b7cee1))
+
+### Performance Improvements
+
+* 第三方登录支持gitee ([5cee7d4](https://github.com/certd/certd/commit/5cee7d44f17bd36972f477bc1f270999da558d05))
+* 邮件模版安全优化 ([adca151](https://github.com/certd/certd/commit/adca151e4f07a4c6a2a753bfa48ee0d4d6469fd2))
+* 支持部署到中国移动CDN ([4351304](https://github.com/certd/certd/commit/43513049beff407558d2a234415521464165cebc))
+* 支持k8s apply ([d55954a](https://github.com/certd/certd/commit/d55954a36391ebe6a9397ff7dcfb710193ac5e34))
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 ### Bug Fixes
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.37.14"
+  "version": "1.37.15"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/publishlab/node-acme-client/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.37.14](https://github.com/publishlab/node-acme-client/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/acme-client
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.37.14",
+    "version": "1.37.15",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.37.14",
+        "@certd/basic": "^1.37.15",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.7.2",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/basic
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/basic
@@ -1 +1 @@
-00:57
+00:56
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.37.14",
+  "version": "1.37.15",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/pipeline
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.37.14",
+  "version": "1.37.15",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.37.14",
-    "@certd/plus-core": "^1.37.14",
+    "@certd/basic": "^1.37.15",
+    "@certd/plus-core": "^1.37.15",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.37.14",
+  "version": "1.37.15",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.37.14",
+  "version": "1.37.15",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.37.14",
+  "version": "1.37.15",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -3,6 +3,13 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Performance Improvements
+
+* 邮件模版安全优化 ([adca151](https://github.com/certd/certd/commit/adca151e4f07a4c6a2a753bfa48ee0d4d6469fd2))
+* 支持k8s apply ([d55954a](https://github.com/certd/certd/commit/d55954a36391ebe6a9397ff7dcfb710193ac5e34))
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.37.14",
+  "version": "1.37.15",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.37.14",
+    "@certd/basic": "^1.37.15",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -1,4 +1,4 @@
-import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret } from "@kubernetes/client-node";
+import { CoreV1Api, KubeConfig, NetworkingV1Api, V1Ingress, V1Secret, KubernetesObjectApi, loadYaml, KubernetesObject } from "@kubernetes/client-node";
 import dns from "dns";
 import { ILogger } from "@certd/basic";
 import { merge } from "lodash-es";
@@ -27,6 +27,11 @@ export class K8sClient {
  }

  init() {
+    const kubeconfig = this.getKubeConfig();
+    this.client = kubeconfig.makeApiClient(CoreV1Api);
+  }
+
+  getKubeConfig() {
    const kubeconfig = new KubeConfig();
    kubeconfig.loadFromString(this.kubeConfigStr);
    this.kubeconfig = kubeconfig;
@@ -41,16 +46,35 @@ export class K8sClient {
    } catch (e) {
      this.logger.warn("skipTLSVerify error", e);
    }
+    return kubeconfig;
+  }

-    this.client = kubeconfig.makeApiClient(CoreV1Api);
+  getKubeClient() {
+    const kc = this.getKubeConfig();
+    const client = KubernetesObjectApi.makeApiClient(kc);
+    return client;
+  }

-    // const reqOpts = { kubeconfig, request: {} } as any;
-    // if (this.lookup) {
-    //   reqOpts.request.lookup = this.lookup;
-    // }
-    //
-    // const backend = new Request(reqOpts);
-    // this.client = new Client({ backend, version: '1.13' });
+  async apply(manifest: string) {
+    const yml = loadYaml<KubernetesObject>(manifest);
+    const client = this.getKubeClient();
+    try {
+      await client.create(yml);
+    } catch (e) {
+      this.logger.error("apply error", e.response?.body);
+      if (e.response?.body?.reason === "AlreadyExists") {
+        //patch
+        this.logger.info("patch existing resource: ", yml.metadata?.name);
+        const existing = await client.read(yml as any);
+        if (!yml.metadata) {
+          yml.metadata = {};
+        }
+        yml.metadata.resourceVersion = existing.body.metadata.resourceVersion;
+        await client.patch(yml);
+        return;
+      }
+      throw e;
+    }
  }

  /**
@@ -168,6 +192,7 @@ export class K8sClient {
    const oldIngress = await client.readNamespacedIngress(ingressName, namespace);
    const newIngress = merge(oldIngress.body, opts.body);
    const res = await client.replaceNamespacedIngress(ingressName, namespace, newIngress);
+
    this.logger.info("ingress patched", opts.body);
    return res;
  }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/lib-server
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/lib-server
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.37.14",
+  "version": "1.37.15",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.37.14",
-    "@certd/basic": "^1.37.14",
-    "@certd/pipeline": "^1.37.14",
-    "@certd/plugin-lib": "^1.37.14",
-    "@certd/plus-core": "^1.37.14",
+    "@certd/acme-client": "^1.37.15",
+    "@certd/basic": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
+    "@certd/plugin-lib": "^1.37.15",
+    "@certd/plus-core": "^1.37.15",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.37.14",
+  "version": "1.37.15",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/plugin-cert
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.37.14",
+  "version": "1.37.15",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.37.14",
-    "@certd/basic": "^1.37.14",
-    "@certd/pipeline": "^1.37.14",
-    "@certd/plugin-lib": "^1.37.14",
+    "@certd/acme-client": "^1.37.15",
+    "@certd/basic": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
+    "@certd/plugin-lib": "^1.37.15",
    "@google-cloud/publicca": "^1.3.0",
    "dayjs": "^1.11.7",
    "jszip": "^3.10.1",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/plugin-lib
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.37.14",
+  "version": "1.37.15",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,8 +22,8 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.10",
    "@aws-sdk/client-s3": "^3.787.0",
-    "@certd/basic": "^1.37.14",
-    "@certd/pipeline": "^1.37.14",
+    "@certd/basic": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Performance Improvements
+
+* 第三方登录支持gitee ([5cee7d4](https://github.com/certd/certd/commit/5cee7d44f17bd36972f477bc1f270999da558d05))
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.37.14",
+  "version": "1.37.15",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -33,11 +33,11 @@
    "@aws-sdk/s3-request-presigner": "^3.535.0",
    "@certd/vue-js-cron-light": "^4.0.14",
    "@ctrl/tinycolor": "^4.1.0",
-    "@fast-crud/editor-code": "^1.27.6",
-    "@fast-crud/fast-crud": "^1.27.6",
-    "@fast-crud/fast-extends": "^1.27.6",
-    "@fast-crud/ui-antdv4": "^1.27.6",
-    "@fast-crud/ui-interface": "^1.27.6",
+    "@fast-crud/editor-code": "^1.27.7",
+    "@fast-crud/fast-crud": "^1.27.7",
+    "@fast-crud/fast-extends": "^1.27.7",
+    "@fast-crud/ui-antdv4": "^1.27.7",
+    "@fast-crud/ui-interface": "^1.27.7",
    "@iconify/tailwind": "^1.2.0",
    "@iconify/vue": "^4.1.1",
    "@manypkg/get-packages": "^2.2.2",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.37.14",
-    "@certd/pipeline": "^1.37.14",
+    "@certd/lib-iframe": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -164,7 +164,7 @@ const steps = ref<Step[]>([
      {
        image: "/static/doc/images/15-1-email.png",
        title: t("guide.scheduleAndEmailTask.setEmailNotification"),
-        descriptions: [t("guide.scheduleAndEmailTask.suggestErrorAndRecoveryEmails"), t("guide.scheduleAndEmailTask.basicVersionNeedsMailServer")],
+        descriptions: [t("guide.scheduleAndEmailTask.suggestErrorAndRecoveryEmails")],
      },
      {
        title: t("guide.scheduleAndEmailTask.tutorialEndTitle"),
@@ -82,7 +82,7 @@ provide("fn:ai.open", openChat);
      <LockScreen :avatar @to-login="handleLogout" />
    </template>
    <template #header-right-0>
-      <div v-if="!settingStore.isComm" class="hover:bg-accent ml-1 mr-2 cursor-pointer rounded-full hidden md:block">
+      <div class="hover:bg-accent ml-1 mr-2 cursor-pointer rounded-full hidden md:block">
        <tutorial-button class="flex-center header-btn" />
      </div>
      <div class="hover:bg-accent ml-1 mr-2 cursor-pointer rounded-full">
@@ -75,7 +75,7 @@
        <div>
          <span v-if="!settingStore.isComm">
            <span>Powered by</span>
-            <a> handsfree.work </a>
+            <a> handfree.work </a>
          </span>

          <template v-if="siteInfo.licenseTo">
@@ -74,6 +74,7 @@ const sysPublic: Ref<SysPublicSetting> = computed(() => {
  .login-container {
    width: 100%;
    height: 100%;
+    overflow: auto;
    background: #f0f2f5 url(/static/background.svg) no-repeat 50%;
    background-size: 100%;
    //padding: 50px 0 84px;
@@ -64,7 +64,6 @@ export default {
    recommendDailyRun: "Recommend configuring to run once daily; new certs requested 35 days before expiry and auto-skipped otherwise",
    setEmailNotification: "Set Email Notifications",
    suggestErrorAndRecoveryEmails: "Suggest listening for 'On Error' and 'Error to Success' to quickly troubleshoot failures (basic version requires mail server setup)",
-    basicVersionNeedsMailServer: "(basic version requires configuring mail server)",
    tutorialEndTitle: "Tutorial End",
    thanksForWatching: "Thank you for watching, hope it helps you",
  },
@@ -61,10 +61,9 @@ export default {
    description: "自动运行",
    setSchedule: "设置定时执行",
    pipelineSuccessThenSchedule: "流水线测试成功，接下来配置定时触发，以后每天定时执行就不用管了",
-    recommendDailyRun: "推荐配置每天运行一次，在到期前35天才会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
+    recommendDailyRun: "推荐配置每天运行一次，默认到期前35天会重新申请新证书并部署，没到期前会自动跳过，不会重复申请。",
    setEmailNotification: "设置邮件通知",
-    suggestErrorAndRecoveryEmails: "建议选择监听'错误时'和'错误转成功'两种即可，在意外失败时可以尽快去排查问题，（基础版需要配置邮件服务器）",
-    basicVersionNeedsMailServer: "（基础版需要配置邮件服务器）",
+    suggestErrorAndRecoveryEmails: "建议选择监听'错误时'和'错误转成功'两种即可，在意外失败时可以尽快去排查问题",
    tutorialEndTitle: "教程结束",
    thanksForWatching: "感谢观看，希望对你有所帮助",
  },
@@ -16,12 +16,14 @@
        <a-descriptions-item :label="t('authentication.email')">{{ userInfo.email }}</a-descriptions-item>
        <a-descriptions-item :label="t('authentication.phoneNumber')">{{ userInfo.phoneCode }}{{ userInfo.mobile }}</a-descriptions-item>
        <a-descriptions-item v-if="settingStore.sysPublic.oauthEnabled && settingStore.isPlus" label="第三方账号绑定">
-          <div v-for="item in computedOauthBounds" :key="item.name" class="flex items-center gap-2 mb-2">
-            <fs-icon :icon="item.icon" class="mr-2 text-blue-500" />
-            <span class="mr-2 w-36">{{ item.title }}</span>
-            <a-button v-if="item.bound" type="primary" danger @click="unbind(item.name)">解绑</a-button>
-            <a-button v-else type="primary" @click="bind(item.name)">绑定</a-button>
-          </div>
+          <template v-for="item in computedOauthBounds" :key="item.name">
+            <div v-if="item.addonId" class="flex items-center gap-2 mb-2">
+              <fs-icon :icon="item.icon" class="mr-2 text-blue-500 w-5 flex justify-center items-center" />
+              <span class="mr-2 w-36">{{ item.title }}</span>
+              <a-button v-if="item.bound" type="primary" danger @click="unbind(item.name)">解绑</a-button>
+              <a-button v-else type="primary" @click="bind(item.name)">绑定</a-button>
+            </div>
+          </template>
        </a-descriptions-item>
        <a-descriptions-item :label="t('common.handle')">
          <a-button type="primary" @click="doUpdate">{{ t("authentication.updateProfile") }}</a-button>
@@ -40,6 +42,7 @@ import { useI18n } from "/src/locales";
 import { useUserProfile } from "./use";
 import { Modal } from "ant-design-vue";
 import { useSettingStore } from "/@/store/settings";
+import { isEmpty } from "lodash-es";

 const { t } = useI18n();

@@ -7,7 +7,7 @@
      <template v-for="item in oauthProviderList" :key="item.type">
        <div v-if="item.addonId" class="oauth-icon-button pointer" @click="goOauthLogin(item.name)">
          <div><fs-icon :icon="item.icon" class="text-blue-600 text-40" /></div>
-          <div>{{ item.addonTitle || item.title }}</div>
+          <div class="ellipsis title" :title="item.addonTitle || item.title">{{ item.addonTitle || item.title }}</div>
        </div>
      </template>
    </div>
@@ -101,6 +101,12 @@ async function goOauthLogin(type: string) {
    gap: 8px;
    padding: 8px 8px;
    border-radius: 100px;
+    width: 100px;
+
+    .title {
+      width: 100%;
+      text-align: center;
+    }
    .fs-icon {
      font-size: 36px;
      color: #006be6;
@@ -3,6 +3,19 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.37.15](https://github.com/certd/certd/compare/v1.37.14...v1.37.15) (2025-12-06)
+
+### Bug Fixes
+
+* oidc 支持nonce ([a5ca411](https://github.com/certd/certd/commit/a5ca41131b308b36b17ca359d9709ea8e9b7cee1))
+
+### Performance Improvements
+
+* 第三方登录支持gitee ([5cee7d4](https://github.com/certd/certd/commit/5cee7d44f17bd36972f477bc1f270999da558d05))
+* 邮件模版安全优化 ([adca151](https://github.com/certd/certd/commit/adca151e4f07a4c6a2a753bfa48ee0d4d6469fd2))
+* 支持部署到中国移动CDN ([4351304](https://github.com/certd/certd/commit/43513049beff407558d2a234415521464165cebc))
+* 支持k8s apply ([d55954a](https://github.com/certd/certd/commit/d55954a36391ebe6a9397ff7dcfb710193ac5e34))
+
 ## [1.37.14](https://github.com/certd/certd/compare/v1.37.13...v1.37.14) (2025-12-02)

 **Note:** Version bump only for package @certd/ui-server
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.37.14",
+  "version": "1.37.15",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -45,20 +45,20 @@
    "@aws-sdk/client-cloudfront": "^3.699.0",
    "@aws-sdk/client-iam": "^3.699.0",
    "@aws-sdk/client-s3": "^3.705.0",
-    "@certd/acme-client": "^1.37.14",
-    "@certd/basic": "^1.37.14",
-    "@certd/commercial-core": "^1.37.14",
+    "@certd/acme-client": "^1.37.15",
+    "@certd/basic": "^1.37.15",
+    "@certd/commercial-core": "^1.37.15",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.37.14",
-    "@certd/lib-huawei": "^1.37.14",
-    "@certd/lib-k8s": "^1.37.14",
-    "@certd/lib-server": "^1.37.14",
-    "@certd/midway-flyway-js": "^1.37.14",
-    "@certd/pipeline": "^1.37.14",
-    "@certd/plugin-cert": "^1.37.14",
-    "@certd/plugin-lib": "^1.37.14",
-    "@certd/plugin-plus": "^1.37.14",
-    "@certd/plus-core": "^1.37.14",
+    "@certd/jdcloud": "^1.37.15",
+    "@certd/lib-huawei": "^1.37.15",
+    "@certd/lib-k8s": "^1.37.15",
+    "@certd/lib-server": "^1.37.15",
+    "@certd/midway-flyway-js": "^1.37.15",
+    "@certd/pipeline": "^1.37.15",
+    "@certd/plugin-cert": "^1.37.15",
+    "@certd/plugin-lib": "^1.37.15",
+    "@certd/plugin-plus": "^1.37.15",
+    "@certd/plus-core": "^1.37.15",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.120",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.120",
    "@koa/cors": "^5.0.0",
@@ -39,3 +39,4 @@ export * from './plugin-captcha/index.js'
 export * from './plugin-xinnet/index.js'
 export * from './plugin-xinnetconnet/index.js'
 export * from './plugin-oauth/index.js'
+export * from './plugin-cmcc/index.js'
@@ -0,0 +1,66 @@
+import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+import { CmccClient } from "./cmcc-client.js";
+
+/**
+ * 
+ *  tenantId: string;
+  tenantKey: string;
+  endpoint?: string;
+ */
+@IsAccess({
+  name: "cmcc",
+  title: "中国移动CND授权",
+  desc: "",
+  icon: "clarity:plugin-line"
+})
+export class CmccAccess extends BaseAccess {
+
+  @AccessInput({
+    title: 'TenantID',
+    component: {
+      placeholder: 'TenantID',
+    },
+    required: true,
+  })
+  tenantId = '';
+
+
+  @AccessInput({
+    title: 'TenantKey',
+    component: {
+      placeholder: 'TenantKey',
+    },
+    required: true,
+    encrypt: true,
+  })
+  tenantKey = '';
+
+
+  @AccessInput({
+    title: "测试",
+    component: {
+      name: "api-test",
+      action: "TestRequest"
+    },
+    helper: "点击测试接口是否正常"
+  })
+  testRequest = true;
+
+  async onTestRequest() {
+    const client = await this.getCmccClient()
+    await client.getDomainList({})
+    return "ok"
+  }
+
+  async getCmccClient() {
+    return new CmccClient({
+      tenantId: this.tenantId,
+      tenantKey: this.tenantKey,
+      http: this.ctx.http,
+      logger: this.ctx.logger,
+    })
+  }
+}
+
+
+new CmccAccess();
@@ -0,0 +1,405 @@
+import { HttpClient, ILogger } from '@certd/basic';
+import { CertInfo, CertReader } from '@certd/plugin-cert';
+import * as crypto from 'crypto';
+export interface CmcdnConfig {
+  tenantId: string;
+  tenantKey: string;
+  endpoint?: string;
+
+  http: HttpClient;
+  logger: ILogger;
+}
+/**
+ * 移动CDN平台SDK
+ */
+export class CmccClient {
+  private config: Required<CmcdnConfig>;
+  private token: string | null = null;
+  private tokenExpiresAt: number | null = null;
+  private http: HttpClient;
+  private logger: ILogger;
+
+  /**
+   * 构造函数
+   * @param config 配置信息
+   */
+  constructor(config: CmcdnConfig) {
+    this.config = {
+      endpoint: 'https://p.cdn.10086.cn/',
+      ...config,
+    };
+    this.http = config.http
+    this.logger = config.logger;
+
+    if (!this.config.tenantId) {
+      throw new Error('tenantId is required');
+    }
+
+    if (!this.config.tenantKey) {
+      throw new Error('tenantKey is required');
+    }
+  }
+
+  /**
+   * 生成SHA256哈希
+   * @param data 输入数据
+   * @returns SHA256哈希值
+   */
+  private sha256Hex(data: string): string {
+    return crypto.createHash('sha256').update(data).digest('hex');
+  }
+
+  /**
+   * 获取当前ISO8601格式时间
+   * @returns ISO8601时间字符串
+   */
+  private getCurrentIsoTime(): string {
+    return new Date().toISOString();
+  }
+
+  /**
+   * 生成认证请求签名
+   * @param datetime 请求时间
+   * @returns 签名
+   */
+  private generateAuthSign(datetime: string): string {
+    const signData = `${this.config.tenantId}${datetime}${this.config.tenantKey}`;
+    return this.sha256Hex(signData);
+  }
+
+  /**
+   * 生成API请求签名
+   * @param body 请求体
+   * @param token 认证token
+   * @returns 签名
+   */
+  private generateApiSign(body: any, token: string): string {
+    const bodyStr = body ? JSON.stringify(body) : '';
+    return this.sha256Hex(bodyStr + token);
+  }
+
+  /**
+   * 检查token是否有效
+   * @returns token是否有效
+   */
+  private isTokenValid(): boolean {
+    if (!this.token || !this.tokenExpiresAt) {
+      return false;
+    }
+    return Date.now() < this.tokenExpiresAt;
+  }
+
+
+
+  /**
+   * 获取认证token
+   * @returns 认证token
+   */
+  async getToken(): Promise<string> {
+    // 检查是否有有效的token
+    if (this.isTokenValid()) {
+      return this.token!;
+    }
+
+    const datetime = this.getCurrentIsoTime();
+    const sign = this.generateAuthSign(datetime);
+
+    const authRequest = {
+      datetime,
+      authorization: {
+        tenant_id: this.config.tenantId,
+        sign,
+      },
+    };
+
+    const response = await this.http.request({
+      baseURL: this.config.endpoint,
+      url: '/api/authentication',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Accept': 'application/json',
+      },
+      data: authRequest,
+      skipSslVerify: true,
+      logParams: false,
+      logRes: false,
+      logData: false
+    });
+
+    this.token = response.token;
+    // Token有效期为12小时
+    this.tokenExpiresAt = Date.now() + 12 * 60 * 60 * 1000;
+    return this.token;
+  }
+
+  /**
+   * 调用API
+   * @param req 请求选项
+   * @returns API响应
+   */
+  async doRequest(req: any): Promise<any> {
+    // 获取有效的token
+    const token = await this.getToken();
+
+    // 设置默认headers
+    const defaultHeaders: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'Accept': 'application/vnd.cmcdn+json',
+      'CMCDN-Auth-Token': token,
+    };
+
+    // 生成签名
+    if (req.method === 'POST' || req.method === 'PUT') {
+      const signature = this.generateApiSign(req.data, token);
+      defaultHeaders['HTTP-X-CMCDN-Signature'] = signature;
+    } else {
+      const signature = this.sha256Hex(token);
+      defaultHeaders['HTTP-X-CMCDN-Signature'] = signature;
+    }
+
+    // 合并自定义headers
+    const headers = { ...defaultHeaders, ...req.headers };
+
+    // 发送请求
+    try {
+      const response = await this.http.request({
+        baseURL: this.config.endpoint,
+        url: req.url,
+        method: req.method,
+        headers: headers,
+        data: req.data,
+        skipSslVerify: true,
+        logParams: false,
+        logRes: false,
+        logData: false
+      });
+      if (response.error_code != 0) {
+        this.logger.error(`接口请求失败,${JSON.stringify(response)}`);
+        throw new Error(response.error_msg || "接口请求失败");
+      }
+
+      return response.data;
+    } catch (error) {
+      this.logger.error(`接口请求失败,${error.response?.data?.error_msg || error.message}`);
+      throw new Error(error.response?.data?.error_msg || error.message);
+    }
+  }
+  /**
+   * 清除token
+   */
+  clearToken(): void {
+    this.token = null;
+    this.tokenExpiresAt = null;
+  }
+
+  /**
+   * 获取当前token
+   * @returns 当前token
+   */
+  getCurrentToken(): string | null {
+    return this.token;
+  }
+
+  /**
+   * 
+  域名列表查询
+  本接口由 CDN 运营平台提供 ，所有外部 EC 客户使用。该接口为客户提供该客户各状态域名列表查询。本接口仅支持 JSON 结构。
+  
+  7.1  目录信息
+  
+  
+  /api/domain_list?domainName =${domainName}&domainStatus =${domainStatus}
+  
+  
+  
+  7.2  请求方法
+  
+  GET
+  
+  
+  
+  7.3  响应状态码
+  
+  请求接收成功 ：201 ， body 内容详见下一节；
+  授权错误 ：403；
+  请求错误 ：400；
+  其他 ：见 1.2.5 状态码。
+  
+  
+  7.4  JSON 结构规范
+  7.4.1 请求 URI 参数
+  
+  序号	父元素	元素名称	约束	类型	长度	描述
+  1		domainName	?	String		域名模糊匹配过滤
+  
+  
+  
+  2		domainStatus	?	String		域名状态过滤online：启用
+  offline：停用
+  configuring：配置中
+  configure_failed ：配置失败
+  
+  
+  7.4.2 请求 URI 示例
+  GET： http://xxx.com/api/domain_list?domainName=www.test.com&domainStatus=online
+  
+  
+  
+  7.4.3  响应数据体
+  
+  
+  
+  序号	父元	元素名称	约束	类型	长度	描述
+  1		data	1	array		查询结果
+  2	data	domainName	1	String		加速域名名称
+  3	data	createTime	1	datetime		加速域名创建时间(2017-07-25  17:45:52)
+  4	data	cname	*	String		加速域名对应的 CNAME 域名
+  5	data	type	*	String		域名产品类型：
+  demand:点播产品(视音频/网页、下载);
+  live:直播产品
+  6	data	status	*	String		域名状态：启用
+  停用
+  配置中
+  配置失败待分发
+  已生效启用中
+  删除中
+  
+  
+  7.4.4  响应报文示例
+  
+  
+  {
+  "data": [{
+  "createTime": "2017-07-25 17:45:52",
+  "domainName": "www.ponshine.com",
+  "cname": "www.ponshine.com.cmcdn.cdn.10086.cn", "type ": "demand"
+  },
+  {
+  "createTime": "2018-11-07 22:09:41",
+  "domainName": "www.testcustom.com",
+  "cname": "www.testcustom.com.cmcdn.cdn.10086.cn", "type ": "live"
+  }
+  ]
+  }
+   */
+  async getDomainList(req: { domainName?: string, domainStatus?: string }) {
+
+    const res = await this.doRequest({
+      url: "/api/domain_list",
+      method: "GET",
+      params: {
+        domainName: req.domainName,
+        domainStatus: req.domainStatus,
+      }
+    })
+
+    this.logger.info("getDomainList", res);
+
+    return res.data;
+  }
+
+  /**
+   * /api/config/action?commandType =saveCrt&version =1
+  12.1.2 请求方法
+  新增 POST
+  修改 PUT
+  12.1.3 响应状态码
+  请求接收成功： 200/201 ， body内容详见下一节；
+  授权错误 ：403；
+  请求错误 ：400；
+  其他 ：见1.2.5状态码。
+  12.1.4 JSON 结构规范
+  12.1.4.1请求数据体
+  
+  参数	说明	类型	约束
+  
+  
+  
+  certificate	证书 ，仅支持 PEM 格式，
+  证书内的换行符使用字符串“\n”代替
+  内容如需加密传输可使用
+  PBEWith MD5And DES 加密 ，秘钥将私下
+  提供	
+  
+  
+  string	
+  
+  
+  必选
+  
+  
+  
+  private_key	私钥 ，仅支持 PEM 格式，
+  私钥内的换行符使用字符串“\n”代替
+  内容如需加密传输可使用
+  PBEWith MD5And DES 加密 ，秘钥将私下
+  提供	
+  
+  
+  string	
+  
+  
+  必选
+  
+  crt_name	证书名称 ，不支持修改 ，有传 unique_id
+  时不需要
+  (仅支持英文字母、数字、下划线 ，最大长	
+  string	
+  必选
+  
+  
+  
+    度为 32 个字符)		
+  
+  unique_id	证书唯一 id ，修改证书时该项必选；
+  修改证书时 ，如历史证书已绑定域名，
+  修改后证书也需支持对应域名	
+  string	
+  修改必选
+  contact_name	证书联系人	string	可选
+  contact_mobile	证书联系人手机号	string	可选
+  contact_email	证书联系人邮箱	string	可选
+  
+  12.1.4.2请求报文示例
+   */
+  async uploadCert(req: { cert: CertInfo }) {
+
+    const certReader = new CertReader(req.cert);
+    const res = await this.doRequest({
+      url: "/api/config/action?commandType=saveCrt&version=1",
+      method: "POST",
+      data: {
+        certificate: req.cert.crt,
+        private_key: req.cert.key,
+        crt_name: certReader.buildCertName(),
+      }
+    })
+
+    this.logger.info("uploadCert", res);
+
+    return res;
+  }
+
+  /**
+   * 
+   * @param req 
+   */
+  async deployCertToCdn(req: { domainNames: string[], certId: string }) {
+    // /api/config/action?commandType = manageDomainBaseConfig&version = 1
+    const res = await this.doRequest({
+      url: "/api/config/action?commandType=manageDomainBaseConfig&version=1",
+      method: "PUT",
+      data: {
+        modify_type: 0,
+        domains: req.domainNames,
+        https_enable: true,
+        unique_id: req.certId,
+      }
+    })
+    this.logger.info("deployCertToCdn", res);
+
+    return res.data;
+  }
+
+}
@@ -0,0 +1,2 @@
+export * from './access.js'
+export * from './plugin-deploy-to-cdn.js'
@@ -0,0 +1,126 @@
+import {
+  IsTaskPlugin,
+  PageSearch,
+  pluginGroups,
+  RunStrategy,
+  TaskInput
+} from "@certd/pipeline";
+import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
+import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
+import { AbstractPlusTaskPlugin } from "@certd/plugin-plus";
+import { CmccAccess } from "./access.js";
+
+@IsTaskPlugin({
+  //命名规范，插件类型+功能（就是目录plugin-demo中的demo），大写字母开头，驼峰命名
+  name: "CmccDeployCertToCdn",
+  title: "中国移动-部署证书到CDN",
+  desc: "中国移动自动部署证书到CDN",
+  icon: "svg:icon-lucky",
+  //插件分组
+  group: pluginGroups.cdn.key,
+  needPlus: true,
+  default: {
+    //默认值配置照抄即可
+    strategy: {
+      runStrategy: RunStrategy.SkipWhenSucceed
+    }
+  }
+})
+//类名规范，跟上面插件名称（name）一致
+export class CmccDeployCertToCdn extends AbstractPlusTaskPlugin {
+  //证书选择，此项必须要有
+  @TaskInput({
+    title: "域名证书",
+    helper: "请选择前置任务输出的域名证书",
+    component: {
+      name: "output-selector",
+      from: [...CertApplyPluginNames]
+    }
+    // required: true, // 必填
+  })
+  cert!: CertInfo;
+
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
+  certDomains!: string[];
+
+  //授权选择框
+  @TaskInput({
+    title: "中国移动-授权",
+    component: {
+      name: "access-selector",
+      type: "cmcc" //固定授权类型
+    },
+    required: true //必填
+  })
+  accessId!: string;
+  //
+
+  @TaskInput(
+    createRemoteSelectInputDefine({
+      title: "加速域名",
+      helper: "要更新的中国移动CDN域名",
+      action: CmccDeployCertToCdn.prototype.onGetDomainList.name,
+      pager: false,
+      search: false
+    })
+  )
+  domainList!: string[];
+
+  //插件实例化时执行的方法
+  async onInstance() {
+  }
+
+  //插件执行方法
+  async execute(): Promise<void> {
+    const access = await this.getAccess<CmccAccess>(this.accessId);
+
+    const client = await access.getCmccClient();
+    this.logger.info(`----------- 开始更新证书：${this.domainList}`);
+
+
+    const newCert = await client.uploadCert({
+      cert: this.cert
+    })
+
+    const certId = newCert.unique_id
+    this.logger.info(`----------- 上传证书成功,证书ID:${certId}`);
+
+    await client.deployCertToCdn({
+      certId: certId,
+      domainNames: this.domainList
+    });
+    this.logger.info(`----------- 更新证书${this.domainList}成功,等待10s`);
+    await this.ctx.utils.sleep(10000);
+    this.logger.info("部署完成");
+  }
+
+  async onGetDomainList(data: PageSearch = {}) {
+    const access = await this.getAccess<CmccAccess>(this.accessId);
+    const client= await access.getCmccClient();
+    const res = await client.getDomainList({})
+    const list = res || []
+    if (!list || list.length === 0) {
+      throw new Error("没有找到加速域名");
+    }
+
+
+    /**
+     * certificate-id
+     * name
+     * dns-names
+     */
+    const options = list.map((item: any) => {
+      return {
+        label: `${item.domainName}`,
+        value: item.domainName,
+        domain: item.domainName
+      };
+    });
+    return {
+      list: this.ctx.utils.options.buildGroupOptions(options, this.certDomains),
+    };
+  }
+}
+
+//实例化一下，注册插件
+new CmccDeployCertToCdn();
@@ -1,3 +1,4 @@
 export * from './api.js'
 export * from './oidc/plugin-oidc.js'
 export * from './wx/plugin-wx.js'
+export * from './oauth2/plugin-gitee.js'
@@ -0,0 +1,155 @@
+import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
+import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
+
+@IsAddon({
+  addonType: "oauth",
+  name: 'gitee',
+  title: 'Gitee认证',
+  desc: 'Gitee OAuth2登录',
+  icon:"simple-icons:gitee:red",
+  showTest: false,
+})
+export class GiteeOauthProvider extends BaseAddon implements IOauthProvider {
+
+  @AddonInput({
+    title: "ClientId",
+    helper: "[gitee 第三方应用管理](https://gitee.com/oauth/applications)创建应用后获取",
+    required: true,
+  })
+  clientId = "";
+
+  @AddonInput({
+    title: "ClientSecretKey",
+    component: {
+      placeholder: "ClientSecretKey / appSecretKey",
+    },
+    required: true,
+  })
+  clientSecretKey = "";
+
+  // @AddonInput({
+  //   title: "授权地址",
+  //   helper: "授权请求url",
+  //   component: {
+  //     placeholder: "https://xxxxx.com/oauth/authorize",
+  //   },
+  //   required: true,
+  // })
+  // authorizeEndpoint = "";
+
+  /**
+   * gitee.authorizeURL = https://gitee.com/oauth/authorize
+gitee.accessToken = https://gitee.com/oauth/token
+gitee.userInfo = https://gitee.com/api/v5/user
+   */
+
+  // @AddonInput({
+  //   title: "Token获取地址",
+  //   helper: "Token获取url",
+  //   component: {
+  //     placeholder: "https://xxxxx.com/oauth/token",
+  //   },
+  //   required: true,
+  // })
+  // tokenEndpoint = "";
+
+  //  @AddonInput({
+  //   title: "用户信息获取地址",
+  //   helper: "用户信息url",
+  //   component: {
+  //     placeholder: "https://xxxxx.com/api/user_info",
+  //   },
+  //   required: true,
+  // })
+  // userInfoEndpoint = "";
+
+  // @AddonInput({
+  //   title: "Scope",
+  //   helper: "授权Scope",
+  //   value:"user_info",
+  //   component: {
+  //     placeholder: "profile",
+  //   },
+  //   required: true,
+  // })
+  // scope: string;
+
+
+  
+  async buildLoginUrl(params: BuildLoginUrlReq) {
+
+    let scope = "user_info" // Scope of the access request
+    let state:any = {
+      forType: params.forType || 'login',
+    }
+    state = this.ctx.utils.hash.base64(JSON.stringify(state))
+
+    const authorizeEndpoint = "https://gitee.com/oauth/authorize"
+    const redirectUrl = encodeURIComponent(params.redirectUri)
+    // https://gitee.com/oauth/authorize?client_id=5bb5f4158af41c50c7a17b5d9068244e97d3ee572def6a57ed32fd8c9d760ad1&redirect_uri=http%3A%2F%2Fcasdoor.docmirror.cn%3A8000%2Fcallback&response_type=code
+    const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
+    return {
+      loginUrl,
+      ticketValue: {
+        state,
+      },
+    };
+  }
+
+  async onCallback(req: OnCallbackReq) {
+    
+    //校验state
+
+    const code = req.code || ""
+
+    const tokenEndpoint = "https://gitee.com/oauth/token"
+
+    const uri = new URL(req.currentURL)
+    const redirectUri = `${uri.origin}${uri.pathname}`
+    const res = await this.ctx.utils.http.request( {
+        url: tokenEndpoint,
+        method: "post",
+        data:{
+        // https://gitee.com/oauth/token?
+        // grant_type=authorization_code&code={code}&client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret}
+          grant_type: "authorization_code",
+          code,
+          client_id: this.clientId,
+          redirect_uri: redirectUri,
+          client_secret: this.clientSecretKey,
+        }
+    })
+    
+    const tokens = res
+
+
+    const userInfoEndpoint = "https://gitee.com/api/v5/user"
+
+    // 获取用户信息
+     const userInfoRes = await this.ctx.utils.http.request( {
+        url: userInfoEndpoint,
+        method: "get",
+        params:{
+          access_token: tokens.access_token,
+        }
+    })
+    const userInfo = userInfoRes
+
+    return {
+      token:{
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresIn: tokens.expires_in,
+      },
+      userInfo: {
+        openId: userInfo.id,
+        nickName: userInfo.name || userInfo.nick_name || "",
+        avatar: userInfo.avatar_url,
+      },
+    }
+  };
+
+  async buildLogoutUrl(params: BuildLogoutUrlReq) {
+    return {};
+  }
+}
@@ -90,24 +90,16 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
      code_challenge,
      code_challenge_method: 'S256',
      state,
+      nonce: client.randomNonce(),
    }

-    // if (!config.serverMetadata().supportsPKCE()) {
-    //     /**
-    //      * We cannot be sure the server supports PKCE so we're going to use state too.
-    //      * Use of PKCE is backwards compatible even if the AS doesn't support it which
-    //      * is why we're using it regardless. Like PKCE, random state must be generated
-    //      * for every redirect to the authorization_endpoint.
-    //      */
-    //     parameters.state = client.randomState()
-    // }
-
    let redirectTo = client.buildAuthorizationUrl(config, parameters)
    return {
      loginUrl: redirectTo.href,
      ticketValue: {
        codeVerifier: code_verifier,
        state,
+        nonce: parameters.nonce,
      },
    };
  }
@@ -120,8 +112,9 @@ export class OidcOauthProvider extends BaseAddon implements IOauthProvider {
      config,
      req.currentURL,
      {
-        expectedState: client.skipStateCheck ,
+        expectedState: req.ticketValue.state,
        pkceCodeVerifier: req.ticketValue.codeVerifier,
+        expectedNonce: req.ticketValue.nonce,
      }
    )

@@ -1,6 +1,7 @@
 import {AbstractTaskPlugin, FileItem, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput} from '@certd/pipeline';
 import {CertInfo, CertReader} from "@certd/plugin-cert";
 import dayjs from "dayjs";
+import { get } from 'lodash-es';

@IsTaskPlugin({
  name: 'DeployCertToMailPlugin',
@@ -176,11 +177,13 @@ export class DeployCertToMailPlugin extends AbstractTaskPlugin {
    })
  }

-  compile(templateString:string) {
-    return new Function('data', `    with(data || {}) {
-        return \`${templateString}\`;
-      }
-    `);
+  compile(templateString: string) {
+    return function(data) {
+      return templateString.replace(/\${(.*?)}/g, (match, key) => {
+        const value = get(data, key, '');
+        return String(value);
+      });
+    };
  }
 }
 new DeployCertToMailPlugin();
@@ -46,7 +46,7 @@ importers:
  packages/core/acme-client:
    dependencies:
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../basic
      '@peculiar/x509':
        specifier: ^1.11.0
@@ -210,10 +210,10 @@ importers:
  packages/core/pipeline:
    dependencies:
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../basic
      '@certd/plus-core':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../pro/plus-core
      dayjs:
        specifier: ^1.11.7
@@ -409,7 +409,7 @@ importers:
  packages/libs/lib-k8s:
    dependencies:
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      '@kubernetes/client-node':
        specifier: 0.21.0
@@ -449,19 +449,19 @@ importers:
  packages/libs/lib-server:
    dependencies:
      '@certd/acme-client':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/acme-client
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      '@certd/pipeline':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/pipeline
      '@certd/plugin-lib':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../plugins/plugin-lib
      '@certd/plus-core':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../pro/plus-core
      '@midwayjs/cache':
        specifier: 3.14.0
@@ -607,16 +607,16 @@ importers:
  packages/plugins/plugin-cert:
    dependencies:
      '@certd/acme-client':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/acme-client
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      '@certd/pipeline':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/pipeline
      '@certd/plugin-lib':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../plugin-lib
      '@google-cloud/publicca':
        specifier: ^1.3.0
@@ -695,10 +695,10 @@ importers:
        specifier: ^3.787.0
        version: 3.810.0(aws-crt@1.26.2)
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      '@certd/pipeline':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/pipeline
      '@kubernetes/client-node':
        specifier: 0.21.0
@@ -783,19 +783,19 @@ importers:
  packages/pro/commercial-core:
    dependencies:
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      '@certd/lib-server':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/lib-server
      '@certd/pipeline':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/pipeline
      '@certd/plugin-plus':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../plugin-plus
      '@certd/plus-core':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../plus-core
      '@midwayjs/core':
        specifier: 3.20.11
@@ -880,22 +880,22 @@ importers:
        specifier: ^1.0.2
        version: 1.0.3
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      '@certd/lib-k8s':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/lib-k8s
      '@certd/pipeline':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/pipeline
      '@certd/plugin-cert':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../plugins/plugin-cert
      '@certd/plugin-lib':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../plugins/plugin-lib
      '@certd/plus-core':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../plus-core
      ali-oss:
        specifier: ^6.21.0
@@ -998,7 +998,7 @@ importers:
  packages/pro/plus-core:
    dependencies:
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      dayjs:
        specifier: ^1.11.7
@@ -1080,20 +1080,20 @@ importers:
        specifier: ^4.1.0
        version: 4.1.0
      '@fast-crud/editor-code':
-        specifier: ^1.27.6
-        version: 1.27.6
+        specifier: ^1.27.7
+        version: 1.27.7
      '@fast-crud/fast-crud':
-        specifier: ^1.27.6
-        version: 1.27.6(vue@3.5.14(typescript@5.8.3))
+        specifier: ^1.27.7
+        version: 1.27.7(vue@3.5.14(typescript@5.8.3))
      '@fast-crud/fast-extends':
-        specifier: ^1.27.6
-        version: 1.27.6(aws-crt@1.26.2)(vue@3.5.14(typescript@5.8.3))
+        specifier: ^1.27.7
+        version: 1.27.7(aws-crt@1.26.2)(vue@3.5.14(typescript@5.8.3))
      '@fast-crud/ui-antdv4':
-        specifier: ^1.27.6
-        version: 1.27.6
+        specifier: ^1.27.7
+        version: 1.27.7
      '@fast-crud/ui-interface':
-        specifier: ^1.27.6
-        version: 1.27.6
+        specifier: ^1.27.7
+        version: 1.27.7
      '@iconify/tailwind':
        specifier: ^1.2.0
        version: 1.2.0
@@ -1294,10 +1294,10 @@ importers:
        version: 0.1.3(zod@3.24.4)
    devDependencies:
      '@certd/lib-iframe':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/lib-iframe
      '@certd/pipeline':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/pipeline
      '@rollup/plugin-commonjs':
        specifier: ^25.0.7
@@ -1480,46 +1480,46 @@ importers:
        specifier: ^3.705.0
        version: 3.810.0(aws-crt@1.26.2)
      '@certd/acme-client':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/acme-client
      '@certd/basic':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/basic
      '@certd/commercial-core':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../pro/commercial-core
      '@certd/cv4pve-api-javascript':
        specifier: ^8.4.2
        version: 8.4.2
      '@certd/jdcloud':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/lib-jdcloud
      '@certd/lib-huawei':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/lib-huawei
      '@certd/lib-k8s':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/lib-k8s
      '@certd/lib-server':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/lib-server
      '@certd/midway-flyway-js':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../libs/midway-flyway-js
      '@certd/pipeline':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../core/pipeline
      '@certd/plugin-cert':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../plugins/plugin-cert
      '@certd/plugin-lib':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../plugins/plugin-lib
      '@certd/plugin-plus':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../pro/plugin-plus
      '@certd/plus-core':
-        specifier: ^1.37.12
+        specifier: ^1.37.14
        version: link:../../pro/plus-core
      '@huaweicloud/huaweicloud-sdk-cdn':
        specifier: ^3.1.120
@@ -3411,20 +3411,20 @@ packages:
    resolution: {integrity: sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==}
    engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0}

-  '@fast-crud/editor-code@1.27.6':
-    resolution: {integrity: sha512-ynEfltaR11wVDwZjwMDlgKa7B/oudyEG5rgX8uUQbCcFb13tXArz/3KButB3+kaqQWK/jNakPhb/oM1lUkjv7g==}
+  '@fast-crud/editor-code@1.27.7':
+    resolution: {integrity: sha512-5gDHH7+lMEQae9h2+LHWPNyS4CCbjYzO1sSKNXew/20FAtxoIXHGHsXO6XnYXO/+yi76Z0wpgKR1zwUBjtC7kA==}

-  '@fast-crud/fast-crud@1.27.6':
-    resolution: {integrity: sha512-V4sma2wWFLnivJT/vxEsSX5A80IRRppD6oSq935BlQ4a8tTuZ26QNNplmhL1L6Hp5NWDBDSxKfBIuJmTMBzm4A==}
+  '@fast-crud/fast-crud@1.27.7':
+    resolution: {integrity: sha512-0w2xSl/tuc1uQRBKWVzZMOZrWJ6CQB2V0/Z7sKwvSpmboTAy4vqv1Pu77wVLqVQRcvf2YN4eoP5kpANoYOu7ZA==}

-  '@fast-crud/fast-extends@1.27.6':
-    resolution: {integrity: sha512-85Eu7JuAQN9eRHi9vL9gunIApgayBrK9z6RIcPp0jY41nq5pKZA0DEQoU7jy1PL0bhvbtj9E22bDaA7rXqbTcw==}
+  '@fast-crud/fast-extends@1.27.7':
+    resolution: {integrity: sha512-ktsy0bZEYHRqFBb2kBFwGIG0wwI+YHgL0t7ka0SsPcS5n284cidHKfFMuli/ZvArRil5DefTFtZEjI4VLgloWg==}

-  '@fast-crud/ui-antdv4@1.27.6':
-    resolution: {integrity: sha512-Eszzn6KgLy9TrjsJOfe3FFu2yMFF/oslCwiy8jknbuiZs/PUOhIhdQgQAn5hwmqTas/T62C/9pje5DVbgOUbNA==}
+  '@fast-crud/ui-antdv4@1.27.7':
+    resolution: {integrity: sha512-Hysw+rECmgnZZENym9l46BlsT/c1uGCCjebQYZFfCFL0pyI4gLv5cdDdcwL5nB5pZZPHlmzCtCUEXGxWc+JCwg==}

-  '@fast-crud/ui-interface@1.27.6':
-    resolution: {integrity: sha512-T6Fgwe1WUWoYMsK0uIZu4fbtaxN5IngUy/nikPREwHTePHS6br9vQTFefG8bZv5e+L381TIETXzfU70RoSJLGg==}
+  '@fast-crud/ui-interface@1.27.7':
+    resolution: {integrity: sha512-tcxFrdxoRkgd0TROJJEOn9BNLrE4siLli1NB+2OOVpM00Z/+tS06eaMwBnGtRau4f1o/qg0XgHJwjCHTcTCD8Q==}

  '@fidm/asn1@1.0.4':
    resolution: {integrity: sha512-esd1jyNvRb2HVaQGq2Gg8Z0kbQPXzV9Tq5Z14KNIov6KfFD6PTaRIO8UpcsYiTNzOqJpmyzWgVTrUwFV3UF4TQ==}
@@ -15325,14 +15325,14 @@ snapshots:

  '@eslint/js@8.57.0': {}

-  '@fast-crud/editor-code@1.27.6':
+  '@fast-crud/editor-code@1.27.7':
    dependencies:
      js-yaml: 4.1.0
      lodash-es: 4.17.21
      monaco-editor: 0.52.2
      monaco-yaml: 5.4.0(monaco-editor@0.52.2)

-  '@fast-crud/fast-crud@1.27.6(vue@3.5.14(typescript@5.8.3))':
+  '@fast-crud/fast-crud@1.27.7(vue@3.5.14(typescript@5.8.3))':
    dependencies:
      '@iconify/types': 2.0.0
      file-saver: 2.0.5
@@ -15342,7 +15342,7 @@ snapshots:
    transitivePeerDependencies:
      - vue

-  '@fast-crud/fast-extends@1.27.6(aws-crt@1.26.2)(vue@3.5.14(typescript@5.8.3))':
+  '@fast-crud/fast-extends@1.27.7(aws-crt@1.26.2)(vue@3.5.14(typescript@5.8.3))':
    dependencies:
      '@aws-sdk/client-s3': 3.810.0(aws-crt@1.26.2)
      '@aws-sdk/s3-request-presigner': 3.810.0
@@ -15372,9 +15372,9 @@ snapshots:
      - utf-8-validate
      - vue

-  '@fast-crud/ui-antdv4@1.27.6': {}
+  '@fast-crud/ui-antdv4@1.27.7': {}

-  '@fast-crud/ui-interface@1.27.6':
+  '@fast-crud/ui-interface@1.27.7':
    dependencies:
      lodash-es: 4.17.21
Author	SHA1	Message	Date
xiaojunnuo	f2e4e59f8d	v1.37.15	2025-12-07 00:58:12 +08:00
xiaojunnuo	898205b5b1	build: prepare to build	2025-12-07 00:56:13 +08:00
xiaojunnuo	8ec6862861	chore: 升级fs	2025-12-07 00:56:06 +08:00
xiaojunnuo	c3ba6322d8	build: prepare to build	2025-12-07 00:55:38 +08:00
xiaojunnuo	e589828425	build: prepare to build	2025-12-07 00:47:24 +08:00
xiaojunnuo	c909aa161b	chore: webhook修改为隐藏变量，避免别人fork后触发我的流水线	2025-12-07 00:18:05 +08:00
xiaojunnuo	5cee7d44f1	perf: 第三方登录支持gitee	2025-12-06 17:25:02 +08:00
xiaojunnuo	973b323a99	docs: 优化教程	2025-12-06 16:24:19 +08:00
xiaojunnuo	d55954a363	perf: 支持k8s apply	2025-12-05 02:05:27 +08:00
xiaojunnuo	adca151e4f	perf: 邮件模版安全优化	2025-12-05 00:45:56 +08:00
xiaojunnuo	43513049be	perf: 支持部署到中国移动CDN	2025-12-04 00:46:25 +08:00
xiaojunnuo	a5ca41131b	fix: oidc 支持nonce	2025-12-03 22:00:35 +08:00
@@ -1 +1 @@
 :57
 :56