v1.39.0

build: prepare to build
fix: 修复京东云域名申请证书报错的bug
2026-04-25 05:07:25 +08:00 · 2026-03-08 01:17:39 +08:00 · 2026-03-08 01:15:23 +08:00 · 2026-03-08 01:14:33 +08:00 · 2026-03-08 00:48:29 +08:00 · 2026-03-05 00:11:08 +08:00
106 changed files with 1780 additions and 328 deletions
@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+* AI开发插件 skills 定义初步 ([1f68fad](https://github.com/certd/certd/commit/1f68faddb97a978c5a5e731a8895b4bb0587ad83))
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 ### Bug Fixes
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.38.12"
+  "version": "1.39.0"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/publishlab/node-acme-client/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.38.12](https://github.com/publishlab/node-acme-client/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/acme-client
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.38.12",
+    "version": "1.39.0",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.38.12",
+        "@certd/basic": "^1.39.0",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Performance Improvements
+
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/basic
@@ -1 +1 @@
-23:18
+01:15
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/pipeline
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/basic": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -170,9 +170,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
    }

    if (this.ctx?.define?.onlyAdmin) {
-      if (!this.isAdmin()) {
-        throw new Error("只有管理员才能运行此任务");
-      }
+      this.checkAdmin();
    }
  }

@@ -284,6 +282,12 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
    return this.ctx.user.role === "admin";
  }

+  checkAdmin() {
+    if (!this.isAdmin()) {
+      throw new Error("只有“管理员”或“系统级项目”才有权限运行此插件任务");
+    }
+  }
+
  getStepFromPipeline(stepId: string) {
    let found: any = null;
    RunnableCollection.each(this.ctx.pipeline.stages, step => {
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-server
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -69,10 +69,8 @@ export abstract class BaseController {
    if (!projectIdStr){
      projectIdStr = this.ctx.request.query["projectId"] as string;
    }
-    if (!projectIdStr){
-      return null
-    }
    if (!projectIdStr) {
+      //这里必须抛异常，否则可能会有权限问题
      throw new Error("projectId 不能为空")
    }
    const userId = this.getUserId()
@@ -85,7 +83,7 @@ export abstract class BaseController {
    let userId = this.getUserId()
    const projectId = await this.getProjectId(permission)
    if(projectId){
-      userId = 0
+      userId = -1 // 企业管理模式下，用户id固定-1
    }
    return {
      projectId,userId
@@ -120,7 +118,7 @@ export abstract class BaseController {
      if(allowAdmin){
        await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
      }else{
-        await authService.checkUserId(this.ctx, service, id);
+        await authService.checkUserId( service, id, userId);
      }
    }
    return {projectId,userId}
@@ -258,12 +258,12 @@ export abstract class BaseService<T> {

 export function checkUserProjectParam(userId: number, projectId: number) {
  if (projectId != null ){
-    if( userId !==0) {
+    if( userId !==-1) {
      throw new ValidateException('userId projectId 错误');
    }
    return true
  }else{
-    if( userId > 0) {
+    if( userId != null) {
      return true
    }
     throw new ValidateException('userId不能为空');
@@ -8,7 +8,7 @@ export class AccessEntity {
  @PrimaryGeneratedColumn()
  id: number;
  @Column({ name: 'user_id', comment: '用户id' })
-  userId: number;
+  userId: number; // 0为系统级别, -1为企业，大于1为用户
  @Column({ comment: '名称', length: 100 })
  name: string;

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/plugin-cert
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/plugin-lib
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/lib-iframe": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -155,8 +155,8 @@ function createRequestFunction(service: any) {
    }
    Object.assign(configDefault, config);

-    if (projectStore.isEnterprise && !config.url.startsWith("/sys") && !config.url.startsWith("http")) {
-      configDefault.params.projectId = projectStore.currentProjectId;
+    if (!configDefault.params.projectId && projectStore.isEnterprise && !config.url.startsWith("/sys") && !config.url.startsWith("http")) {
+      configDefault.params.projectId = projectStore.currentProject?.id;
    }
    return service(configDefault);
  };
@@ -19,30 +19,30 @@ export function parse(jsonString = "{}", defaultValue = {}) {
 /**
 * @description 接口请求返回
 * @param {Any} data 返回值
- * @param {String} msg 状态信息
+ * @param {String} message 状态信息
 * @param {Number} code 状态码
 */
-export function response(data = {}, msg = "", code = 0) {
-  return [200, { code, msg, data }];
+export function response(data = {}, message = "", code = 0) {
+  return [200, { code, message, data }];
 }

 /**
 * @description 接口请求返回 正确返回
 * @param {Any} data 返回值
- * @param {String} msg 状态信息
+ * @param {String} message 状态信息
 */
-export function responseSuccess(data = {}, msg = "成功") {
-  return response(data, msg);
+export function responseSuccess(data = {}, message = "成功") {
+  return response(data, message);
 }

 /**
 * @description 接口请求返回 错误返回
 * @param {Any} data 返回值
- * @param {String} msg 状态信息
+ * @param {String} message 状态信息
 * @param {Number} code 状态码
 */
-export function responseError(data = {}, msg = "请求失败", code = 500) {
-  return response(data, msg, code);
+export function responseError(data = {}, message = "请求失败", code = 500) {
+  return response(data, message, code);
 }

 /**
@@ -8,6 +8,12 @@
            <fs-values-format :model-value="item.permission" :dict="projectPermissionDict"></fs-values-format>
          </div>
        </a-menu-item>
+        <a-menu-item key="join">
+          <div class="flex items-center w-full">
+            <fs-icon icon="ion:add" class="mr-1"></fs-icon>
+            <span>加入其他项目</span>
+          </div>
+        </a-menu-item>
      </a-menu>
    </template>
    <div class="rounded pl-3 pr-3 px-2 py-1 flex-center flex pointer items-center bg-accent h-10 button-text" title="当前项目">
@@ -22,17 +28,24 @@
 import { computed, onMounted } from "vue";
 import { useProjectStore } from "/@/store/project";
 import { useDicts } from "/@/views/certd/dicts";
+import { useRouter } from "vue-router";
 defineOptions({
  name: "ProjectSelector",
 });

 const projectStore = useProjectStore();
 onMounted(async () => {
-  await projectStore.reload();
+  await projectStore.init();
  console.log(projectStore.myProjects);
 });

+const router = useRouter();
 function handleMenuClick({ key }: any) {
+  if (key === "join") {
+    router.push("/certd/project/join");
+    return;
+  }
+
  projectStore.changeCurrentProject(key);
  window.location.reload();
 }
@@ -218,6 +218,9 @@ export default {
    projectUserManager: "Project User Management",
    myProjectManager: "My Projects",
    myProjectDetail: "Project Detail",
+    projectJoin: "Join Project",
+    currentProject: "Current Project",
+    projectMemberManager: "Project Member",
  },
  certificateRepo: {
    title: "Certificate Repository",
@@ -819,6 +822,28 @@ export default {
      write: "Write",
      admin: "Admin",
    },
+    projectMemberStatus: "Member Status",
+
+    isSystem: "Is System Project",
+    isSystemHelper: "System-level projects allow running admin plugins",
+  },
+  project: {
+    noProjectJoined: "You haven't joined any projects yet",
+    applyToJoin: "Please apply to join a project to start using",
+    systemProjects: "System Project List",
+    createdAt: "Created At",
+    applyJoin: "Apply to Join",
+    noSystemProjects: "No system projects available",
+    fetchFailed: "Failed to fetch project list",
+    applySuccess: "Application successful, waiting for admin approval",
+    applyFailed: "Application failed, please try again later",
+    leave: "Leave Project",
+    leaveSuccess: "Leave project successful",
+    leaveFailed: "Leave project failed, please try again later",
+    applyJoinConfirm: "Are you sure you want to apply to join this project?",
+    leaveConfirm: "Are you sure you want to leave this project?",
+    viewDetail: "View Detail",
+    projectManage: "Project Manage",
  },
  addonSelector: {
    select: "Select",
@@ -220,10 +220,12 @@ export default {
    netTest: "网络测试",
    enterpriseManager: "企业管理设置",
    projectManager: "项目管理",
-    projectDetail: "项目详情",
    enterpriseSetting: "企业设置",
    myProjectManager: "我的项目",
    myProjectDetail: "项目详情",
+    projectJoin: "加入项目",
+    currentProject: "当前项目",
+    projectMemberManager: "项目成员管理",
  },
  certificateRepo: {
    title: "证书仓库",
@@ -831,9 +833,31 @@ export default {
    projectDetailDescription: "管理项目成员",
    projectPermission: "权限",
    permission: {
-      read: "读取",
-      write: "写入",
+      read: "查看",
+      write: "修改",
      admin: "管理员",
    },
+    projectMemberStatus: "成员状态",
+
+    isSystem: "是否系统项目",
+    isSystemHelper: "系统级项目允许运行管理员插件",
+  },
+  project: {
+    noProjectJoined: "您还没有加入任何项目",
+    applyToJoin: "请申请加入项目以开始使用",
+    projectList: "项目列表",
+    createdAt: "创建时间",
+    applyJoin: "申请加入",
+    noProjects: "暂无项目",
+    fetchFailed: "获取项目列表失败",
+    applySuccess: "申请成功，等待管理员审核",
+    applyFailed: "申请失败，请稍后重试",
+    leave: "退出项目",
+    leaveSuccess: "退出项目成功",
+    leaveFailed: "退出项目失败，请稍后重试",
+    applyJoinConfirm: "确认加入项目？",
+    leaveConfirm: "确认退出项目？",
+    viewDetail: "查看详情",
+    projectManage: "项目管理",
  },
 };
@@ -55,7 +55,7 @@ export default {
  email_webhook_notifications: "邮件、webhook通知方式",

  professional_edition: "专业版",
-  open_source_support: "开源需要您的赞助支持",
+  open_source_support: "开源需要您的赞助支持，个人和企业内部使用",
  vip_group_priority: "可加VIP群，您的需求将优先实现",
  unlimited_site_certificate_monitoring: "站点证书监控无限制",
  more_notification_methods: "更多通知方式",
@@ -66,13 +66,13 @@ export default {
  get_after_support: "立即赞助",

  business_edition: "商业版",
-  commercial_license: "商业授权，可对外运营",
+  commercial_license: "商业授权，可对外运营，提供SaaS服务",
  all_pro_privileges: "拥有专业版所有特权",
  allow_commercial_use_modify_logo_title: "允许商用，可修改logo、标题",
  data_statistics: "数据统计",
  plugin_management: "插件管理",
  unlimited_multi_users: "多用户无限制",
-  support_user_payment: "支持用户支付",
+  support_user_payment: "支持用户支付（购买套餐，按流水线条数、域名数量、部署次数计费）",
  activate: "激活",
  get_pro_code_after_support: "前往获取",
  business_contact_author: "",
@@ -123,7 +123,6 @@ function install(app: App, options: any = {}) {
              if (scope.key === "__blank__") {
                return false;
              }
-
              //不能用 !scope.value ， 否则switch组件设置为关之后就消失了
              const { value, key, props } = scope;
              return !value && key != "_index" && value != false && value != 0;
@@ -94,6 +94,7 @@ export function useCrudPermission({ permission }: UseCrudPermissionProps) {
            edit: { show: hasActionPermission(editPermission) },
            remove: { show: hasActionPermission(removePermission) },
            view: { show: hasActionPermission(viewPermission) },
+            copy: { show: hasActionPermission(addPermission) },
          },
        },
      },
@@ -9,6 +9,9 @@ import { useSettingStore } from "/@/store/settings";
 import { usePermissionStore } from "/@/plugin/permission/store.permission";
 import util from "/@/plugin/permission/util.permission";
 import { useUserStore } from "/@/store/user";
+import { useProjectStore } from "../store/project";
+export const PROJECT_PATH_PREFIX = "/certd/project";
+export const SYS_PATH_PREFIX = "/sys";

 function buildAccessedMenus(menus: any) {
  if (menus == null) {
@@ -124,6 +127,20 @@ function setupAccessGuard(router: Router) {
        };
      }
      return true;
+    } else {
+      // 如果是项目模式
+      const projectStore = useProjectStore();
+      if (projectStore.isEnterprise) {
+        //加载我的项目
+        await projectStore.init();
+        if (!projectStore.currentProject && !to.path.startsWith(PROJECT_PATH_PREFIX) && !to.path.startsWith(SYS_PATH_PREFIX)) {
+          //没有项目
+          return {
+            path: `${PROJECT_PATH_PREFIX}/join`,
+            replace: true,
+          };
+        }
+      }
    }
  });
 }
@@ -1,7 +1,5 @@
-import { useSettingStore } from "/@/store/settings";
-import aboutResource from "/@/router/source/modules/about";
-import i18n from "/@/locales/i18n";
 import { useProjectStore } from "/@/store/project";
+import { useSettingStore } from "/@/store/settings";

 export const certdResources = [
  {
@@ -25,21 +23,22 @@ export const certdResources = [
            const projectStore = useProjectStore();
            return projectStore.isEnterprise;
          },
+          isMenu: false,
          icon: "ion:apps",
-          permission: "sys:settings:edit",
          keepAlive: true,
+          auth: true,
        },
      },
      {
-        title: "certd.sysResources.myProjectDetail",
-        name: "MyProjectDetail",
-        path: "/certd/project/detail",
-        component: "/certd/project/detail/index.vue",
+        title: "certd.sysResources.projectJoin",
+        name: "ProjectJoin",
+        path: "/certd/project/join",
+        component: "/certd/project/join.vue",
        meta: {
          isMenu: false,
          show: true,
          icon: "ion:apps",
-          permission: "sys:settings:edit",
+          auth: true,
        },
      },
      {
@@ -50,6 +49,7 @@ export const certdResources = [
        meta: {
          icon: "ion:analytics-sharp",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -59,6 +59,7 @@ export const certdResources = [
        component: "/certd/pipeline/detail.vue",
        meta: {
          isMenu: false,
+          auth: true,
        },
      },
      {
@@ -69,6 +70,7 @@ export const certdResources = [
        meta: {
          icon: "ion:timer-outline",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -79,6 +81,7 @@ export const certdResources = [
        meta: {
          isMenu: true,
          icon: "ion:duplicate-outline",
+          auth: true,
        },
      },
      {
@@ -88,6 +91,7 @@ export const certdResources = [
        component: "/certd/pipeline/template/edit.vue",
        meta: {
          isMenu: false,
+          auth: true,
        },
      },
      {
@@ -97,6 +101,7 @@ export const certdResources = [
        component: "/certd/pipeline/template/import/index.vue",
        meta: {
          isMenu: false,
+          auth: true,
        },
      },
      {
@@ -258,6 +263,21 @@ export const certdResources = [
              isMenu: false,
            },
          },
+          {
+            title: "certd.sysResources.projectMemberManager",
+            name: "ProjectMemberManager",
+            path: "/certd/project/detail",
+            component: "/certd/project/detail/index.vue",
+            meta: {
+              show: () => {
+                const projectStore = useProjectStore();
+                return projectStore.isEnterprise;
+              },
+              isMenu: true,
+              icon: "ion:apps",
+              auth: true,
+            },
+          },
        ],
      },
      {
@@ -1,7 +1,4 @@
-import LayoutPass from "/@/layout/layout-pass.vue";
 import { useSettingStore } from "/@/store/settings";
-import aboutResource from "/@/router/source/modules/about";
-import i18n from "/@/locales/i18n";

 export const sysResources = [
  {
@@ -13,6 +10,7 @@ export const sysResources = [
      icon: "ion:settings-outline",
      permission: "sys:settings:view",
      order: 10,
+      auth: true,
    },
    children: [
      {
@@ -27,6 +25,7 @@ export const sysResources = [
          },
          icon: "ion:speedometer-outline",
          permission: "sys:auth:user:view",
+          auth: true,
        },
      },

@@ -38,6 +37,7 @@ export const sysResources = [
        meta: {
          icon: "ion:settings-outline",
          permission: "sys:settings:view",
+          auth: true,
        },
      },
      {
@@ -47,6 +47,7 @@ export const sysResources = [
        component: "/sys/enterprise/project/index.vue",
        meta: {
          show: true,
+          auth: true,
          icon: "ion:apps",
          permission: "sys:settings:edit",
          keepAlive: true,
@@ -60,6 +61,7 @@ export const sysResources = [
        meta: {
          isMenu: false,
          show: true,
+          auth: true,
          icon: "ion:apps",
          permission: "sys:settings:edit",
        },
@@ -73,6 +75,7 @@ export const sysResources = [
          icon: "ion:earth-outline",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -96,6 +99,7 @@ export const sysResources = [
            const settingStore = useSettingStore();
            return settingStore.isComm;
          },
+          auth: true,
          icon: "ion:document-text-outline",
          permission: "sys:settings:view",
        },
@@ -110,6 +114,7 @@ export const sysResources = [
            const settingStore = useSettingStore();
            return settingStore.isComm;
          },
+          auth: true,
          icon: "ion:menu",
          permission: "sys:settings:view",
          keepAlive: true,
@@ -125,6 +130,7 @@ export const sysResources = [
            const settingStore = useSettingStore();
            return settingStore.isComm;
          },
+          auth: true,
          icon: "ion:disc-outline",
          permission: "sys:settings:view",
          keepAlive: true,
@@ -139,6 +145,7 @@ export const sysResources = [
          icon: "ion:extension-puzzle-outline",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -151,6 +158,7 @@ export const sysResources = [
          icon: "ion:extension-puzzle",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -165,6 +173,7 @@ export const sysResources = [
          },
          icon: "ion:extension-puzzle",
          permission: "sys:settings:view",
+          auth: true,
        },
      },
      {
@@ -176,6 +185,7 @@ export const sysResources = [
          icon: "ion:golf-outline",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -187,6 +197,7 @@ export const sysResources = [
          icon: "ion:list-outline",
          permission: "sys:auth:per:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -198,6 +209,7 @@ export const sysResources = [
          icon: "ion:people-outline",
          permission: "sys:auth:role:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -209,6 +221,7 @@ export const sysResources = [
          icon: "ion:person-outline",
          permission: "sys:auth:user:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -224,6 +237,7 @@ export const sysResources = [
            return settingStore.isComm;
          },
          keepAlive: true,
+          auth: true,
        },
        children: [
          {
@@ -238,6 +252,7 @@ export const sysResources = [
              },
              icon: "ion:cart",
              permission: "sys:settings:edit",
+              auth: true,
            },
          },
          {
@@ -253,6 +268,7 @@ export const sysResources = [
              icon: "ion:bag-check",
              permission: "sys:settings:edit",
              keepAlive: true,
+              auth: true,
            },
          },
          {
@@ -4,6 +4,7 @@ import { message } from "ant-design-vue";
 import { computed, ref } from "vue";
 import { useSettingStore } from "../settings";
 import { LocalStorage } from "/@/utils/util.storage";
+import { useUserStore } from "../user";

 export type ProjectItem = {
  id: string;
@@ -13,7 +14,11 @@ export type ProjectItem = {

 export const useProjectStore = defineStore("app.project", () => {
  const myProjects = ref([]);
-  const lastProjectId = LocalStorage.get("currentProjectId");
+  const inited = ref(false);
+  const userStore = useUserStore();
+  const userId = userStore.getUserInfo?.id;
+  const lastProjectIdCacheKey = "currentProjectId:" + userId;
+  const lastProjectId = LocalStorage.get(lastProjectIdCacheKey);
  const currentProjectId = ref(lastProjectId); // 直接调用

  const projects = computed(() => {
@@ -59,20 +64,21 @@ export const useProjectStore = defineStore("app.project", () => {

  function changeCurrentProject(id: string, silent?: boolean) {
    currentProjectId.value = id;
-    LocalStorage.set("currentProjectId", id);
+    LocalStorage.set(lastProjectIdCacheKey, id);
    if (!silent) {
      message.success("切换项目成功");
    }
  }

  async function reload() {
-    const projects = await api.MyProjectList();
-    myProjects.value = projects;
+    inited.value = false;
+    await init();
  }

  async function init() {
-    if (!myProjects.value) {
-      await reload();
+    if (!inited.value) {
+      await loadMyProjects();
+      inited.value = true;
    }
    return myProjects.value;
  }
@@ -143,7 +143,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            order: 10,
          },
          valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
          },
        },
        ...commonColumnsDefine,
@@ -121,7 +121,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            order: 10,
          },
          valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
          },
        },
        ...commonColumnsDefine,
@@ -1,17 +1,18 @@
 import { dict } from "@fast-crud/fast-crud";
 import { GetMyProjectList } from "./project/api";
+import { request } from "/@/api/service";

 const projectPermissionDict = dict({
  data: [
    {
      value: "read",
-      label: "只读",
+      label: "查看",
      color: "cyan",
      icon: "material-symbols:folder-eye-outline-sharp",
    },
    {
      value: "write",
-      label: "读写",
+      label: "修改",
      color: "green",
      icon: "material-symbols:edit-square-outline-rounded",
    },
@@ -24,6 +25,29 @@ const projectPermissionDict = dict({
  ],
 });

+const projectMemberStatusDict = dict({
+  data: [
+    {
+      value: "pending",
+      label: "待审核",
+      color: "orange",
+      icon: "material-symbols:hourglass-top",
+    },
+    {
+      value: "approved",
+      label: "已加入",
+      color: "green",
+      icon: "material-symbols:done-all",
+    },
+    {
+      value: "rejected",
+      label: "已拒绝",
+      color: "red",
+      icon: "material-symbols:close",
+    },
+  ],
+});
+
 const myProjectDict = dict({
  url: "/enterprise/project/list",
  getData: async () => {
@@ -42,8 +66,16 @@ const myProjectDict = dict({
 });

 const userDict = dict({
-  url: "/sys/authority/user/getSimpleUsers",
+  url: "/basic/user/getSimpleUsers",
  value: "id",
+  getData: async () => {
+    const res = await request({
+      url: "/basic/user/getSimpleUsers",
+      method: "POST",
+    });
+    return res;
+  },
+  immediate: false,
  onReady: ({ dict }) => {
    for (const item of dict.data) {
      item.label = item.nickName || item.username || item.phoneCode + item.mobile;
@@ -56,5 +88,6 @@ export function useDicts() {
    projectPermissionDict,
    myProjectDict,
    userDict,
+    projectMemberStatusDict,
  };
 }
@@ -734,7 +734,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            }),
          },
          column: {
-            width: 100,
+            width: 140,
            sorter: true,
            align: "center",
          },
@@ -757,7 +757,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            helper: t("monitor.ipSyncModeHelper"),
          },
          column: {
-            width: 100,
+            width: 140,
            sorter: true,
            align: "center",
          },
@@ -779,7 +779,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            helper: t("monitor.ipIgnoreCoherenceHelper"),
          },
          column: {
-            width: 100,
+            width: 180,
            sorter: true,
            align: "center",
          },
@@ -16,13 +16,16 @@ import { useCertViewer } from "/@/views/certd/pipeline/use";
 import { useI18n } from "/src/locales";
 import { useDicts } from "../dicts";
 import { useProjectStore } from "/@/store/project";
+import { useCrudPermission } from "/@/plugin/permission";

-export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, hasActionPermission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
+export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, permission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
  const lastResRef = ref();

  const { t } = useI18n();

+  const { hasActionPermission } = useCrudPermission({ permission });
+
  const { openUploadCreateDialog } = useCertUpload();

  const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
@@ -50,6 +53,7 @@ export default function ({ crudExpose, context: { selectedRowKeys, openCertApply
      delete form.lastVars;
      delete form.createTime;
      delete form.id;
+      delete form.webhook;
      let pipeline = form.content;
      if (typeof pipeline === "string" && pipeline.startsWith("{")) {
        pipeline = JSON.parse(form.content);
@@ -75,8 +79,8 @@ export default function ({ crudExpose, context: { selectedRowKeys, openCertApply
  function onDialogOpen(opt: any) {
    const searchForm = crudExpose.getSearchValidatedFormData();
    opt.initialForm = {
-      ...opt.initialForm,
      groupId: searchForm.groupId,
+      ...opt.initialForm,
    };
  }

@@ -219,7 +223,7 @@ export default function ({ crudExpose, context: { selectedRowKeys, openCertApply
              row = info.pipeline;
              row.content = JSON.parse(row.content);
              row.title = row.title + "_copy";
-              await crudExpose.openCopy({
+              await crudExpose.openAdd({
                row: row,
                index: context.index,
              });
@@ -1,6 +1,6 @@
 import { request } from "/src/api/service";

-const apiPrefix = "/enterprise/myProjectMember";
+const apiPrefix = "/enterprise/projectMember";
 const userApiPrefix = "/sys/authority/user";
 export async function GetList(query: any) {
  return await request({
@@ -65,3 +65,11 @@ export async function GetUserSimpleByIds(query: any) {
    data: query,
  });
 }
+
+export async function ApproveJoin(form: any) {
+  return await request({
+    url: "/enterprise/project/approveJoin",
+    method: "post",
+    data: form,
+  });
+}
@@ -7,6 +7,7 @@ import { useSettingStore } from "/@/store/settings";
 import { useUserStore } from "/@/store/user";
 import { useI18n } from "/src/locales";
 import { useDicts } from "../../dicts";
+import { useApprove } from "./use";

 export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
@@ -34,8 +35,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const settingStore = useSettingStore();
  const selectedRowKeys: Ref<any[]> = ref([]);
  context.selectedRowKeys = selectedRowKeys;
-
-  const { userDict } = useDicts();
+  const { hasActionPermission } = context;
+  const { userDict, projectMemberStatusDict, projectPermissionDict } = useDicts();
+  const { openApproveDialog } = useApprove();

  return {
    crudOptions: {
@@ -107,7 +109,10 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          search: {
            show: true,
          },
-          form: {},
+          form: {
+            show: true,
+            rules: [{ required: true, message: "请选择用户" }],
+          },
          editForm: {
            show: false,
          },
@@ -118,23 +123,64 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
        permission: {
          title: t("certd.ent.projectPermission"),
          type: "dict-select",
-          dict: dict({
-            data: [
-              { label: t("certd.ent.permission.read"), value: "read", color: "cyan" },
-              { label: t("certd.ent.permission.write"), value: "write", color: "blue" },
-              { label: t("certd.ent.permission.admin"), value: "admin", color: "green" },
-            ],
-          }),
+          dict: projectPermissionDict,
          search: {
            show: true,
          },
          form: {
            show: true,
+            rules: [{ required: true, message: "请选择权限" }],
          },
          column: {
            width: 200,
          },
        },
+        status: {
+          title: t("certd.ent.projectMemberStatus"),
+          type: "dict-select",
+          dict: projectMemberStatusDict,
+          search: {
+            show: true,
+          },
+          form: {
+            show: true,
+            rules: [{ required: true, message: "请选择状态" }],
+          },
+          column: {
+            width: 200,
+            cellRender: ({ row }) => {
+              let approveButton: any = "";
+              if (row.status === "pending" && hasActionPermission("admin")) {
+                approveButton = (
+                  <fs-button
+                    class="ml-2"
+                    type="primary"
+                    size="small"
+                    onClick={async () => {
+                      openApproveDialog({
+                        id: row.id,
+                        permission: row.permission,
+                        onSubmit: async (form: any) => {
+                          form.userId = row.userId;
+                          await api.ApproveJoin(form);
+                          crudExpose.doRefresh();
+                        },
+                      });
+                    }}
+                  >
+                    审批
+                  </fs-button>
+                );
+              }
+              return (
+                <div class="flex items-center">
+                  <fs-values-format model-value={row.status} dict={projectMemberStatusDict}></fs-values-format>
+                  {approveButton}
+                </div>
+              );
+            },
+          },
+        },
        createTime: {
          title: t("certd.createTime"),
          type: "datetime",
@@ -2,9 +2,13 @@
  <fs-page class="page-project-detail">
    <template #header>
      <div class="title">
-        {{ t("certd.ent.projectDetailManager") }}
-        <span class="sub">
-          {{ t("certd.ent.projectDetailDescription") }}
+        当前项目 ：{{ project?.name }}
+        <span class="sub flex-inline items-center">
+          管理员：<fs-values-format :model-value="project.adminId" :dict="userDict" color="green"></fs-values-format>
+          <!-- <a-divider type="vertical"></a-divider>
+          <fs-values-format :model-value="project.permission" :dict="projectPermissionDict"></fs-values-format>
+          <a-divider type="vertical"></a-divider>
+          <fs-values-format :model-value="project.status" :dict="projectMemberStatusDict"></fs-values-format> -->
        </span>
      </div>
    </template>
@@ -19,13 +23,17 @@
 </template>

 <script lang="ts" setup>
-import { onActivated, onMounted } from "vue";
+import { onActivated, onMounted, Ref, ref } from "vue";
 import { useFs } from "@fast-crud/fast-crud";
 import createCrudOptions from "./crud";
 import { message, Modal } from "ant-design-vue";
 import { DeleteBatch } from "./api";
 import { useI18n } from "/src/locales";
 import { useRoute } from "vue-router";
+import { useProjectStore } from "/@/store/project";
+import { request } from "/@/api/service";
+import { useDicts } from "../../dicts";
+import { useCrudPermission } from "/@/plugin/permission";

 const { t } = useI18n();

@@ -35,11 +43,38 @@ defineOptions({

 const route = useRoute();
 const projectIdStr = route.query.projectId as string;
-const projectId = Number(projectIdStr);
+let projectId = Number(projectIdStr);
+const projectStore = useProjectStore();
+if (!projectId) {
+  projectId = projectStore.currentProject?.id;
+}
+
+const { projectPermissionDict, projectMemberStatusDict, userDict } = useDicts();
+
+const project: Ref<any> = ref({});
+
+async function loadProjectDetail() {
+  if (projectId) {
+    const res = await request({
+      url: `/enterprise/project/detail`,
+      method: "post",
+      params: {
+        projectId,
+      },
+    });
+    project.value = res;
+  }
+}

 const context: any = {
  projectId,
+  permission: {
+    isProjectPermission: true,
+    projectPermission: "admin",
+  },
 };
+const { hasActionPermission } = useCrudPermission(context);
+context.hasActionPermission = hasActionPermission;
 const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });

 const selectedRowKeys = context.selectedRowKeys;
@@ -61,7 +96,12 @@ const handleBatchDelete = () => {
 };

 // 页面打开后获取列表数据
-onMounted(() => {
+onMounted(async () => {
+  if (!projectId) {
+    message.error("您还未选择项目");
+    return;
+  }
+  await loadProjectDetail();
  crudExpose.doRefresh();
 });
 onActivated(async () => {
@@ -0,0 +1,46 @@
+import { dict } from "@fast-crud/fast-crud";
+import { useDicts } from "../../dicts";
+import { useFormDialog } from "/@/use/use-dialog";
+
+export function useApprove() {
+  const { openFormDialog } = useFormDialog();
+  const { projectPermissionDict, projectMemberStatusDict, userDict } = useDicts();
+  function openApproveDialog({ id, permission, onSubmit }: { id: any; permission: any; onSubmit: any }) {
+    openFormDialog({
+      title: "审批加入申请",
+      columns: {
+        permission: {
+          title: "成员权限",
+          type: "dict-select",
+          dict: projectPermissionDict,
+        },
+        status: {
+          title: "审批结果",
+          type: "dict-radio",
+          dict: dict({
+            data: [
+              {
+                label: "通过",
+                value: "approved",
+              },
+              {
+                label: "拒绝",
+                value: "rejected",
+              },
+            ],
+          }),
+        },
+      },
+      onSubmit: onSubmit,
+      initialForm: {
+        id: id,
+        permission: permission,
+        status: "approved",
+      },
+    });
+  }
+
+  return {
+    openApproveDialog,
+  };
+}
@@ -0,0 +1,171 @@
+<template>
+  <fs-page class="page-project-join">
+    <template #header>
+      <div class="title">
+        {{ t("certd.sysResources.projectJoin") }}
+        <span v-if="projectStore.projects.length === 0" class="sub">{{ t("certd.project.noProjectJoined") }}</span>
+      </div>
+
+      <div class="more">
+        <a-button v-if="userStore.isAdmin" type="primary" @click="goProjectManager">{{ t("certd.project.projectManage") }}</a-button>
+      </div>
+    </template>
+    <div class="project-container">
+      <h3 class="text-lg font-medium mb-4">{{ t("certd.project.projectList") }}</h3>
+      <div class="flex flex-wrap gap-4">
+        <div v-for="project in projects" :key="project.id" class="w-full md:w-1/4">
+          <a-card :bordered="true" class="project-card">
+            <div class="project-card-content">
+              <div class="project-info">
+                <div class="text-md font-bold title">{{ project.name }}</div>
+                <div class="flex items-center justify-start">管理员： <fs-values-format :model-value="project.adminId" :dict="userDict" color="green"></fs-values-format></div>
+                <p class="text-gray-500 text-sm">创建时间：{{ formatDate(project.createTime) }}</p>
+              </div>
+              <div class="flex-col items-start">
+                <div v-if="project.status" class="mt-1 flex items-center justify-start">状态：<fs-values-format :model-value="project.status" :dict="projectMemberStatusDict"></fs-values-format></div>
+                <div v-if="project.permission" class="mt-1 flex items-center justify-start">权限：<fs-values-format :model-value="project.permission" :dict="projectPermissionDict"></fs-values-format></div>
+              </div>
+            </div>
+            <template #actions>
+              <span v-if="project.status === 'approved'" class="flex-inline items-center text-blue-500" :title="t('certd.project.viewDetail')" @click="goProjectDetail(project.id)">
+                <fs-icon class="fs-18 mr-2" icon="mdi:eye-outline"></fs-icon>
+                {{ t("certd.project.viewDetail") }}
+              </span>
+              <span v-if="!project.status || project.status === 'rejected'" class="flex-inline items-center text-blue-500" :title="t('certd.project.applyJoin')" @click="applyToJoin(project.id)">
+                <fs-icon class="fs-18 mr-2" icon="mdi:checkbox-marked-circle-outline"></fs-icon>
+                {{ t("certd.project.applyJoin") }}
+              </span>
+              <span v-if="project.status === 'pending' || project.status === 'approved'" class="flex-inline items-center text-red-500" :title="t('certd.project.leave')" @click="leaveProject(project.id)">
+                <fs-icon class="fs-18 mr-2" icon="mdi:arrow-right-thin-circle-outline"></fs-icon>
+                {{ t("certd.project.leave") }}
+              </span>
+            </template>
+          </a-card>
+        </div>
+      </div>
+    </div>
+  </fs-page>
+</template>
+
+<script lang="ts" setup>
+import { ref, onMounted } from "vue";
+import { useI18n } from "/src/locales";
+import { message, Modal } from "ant-design-vue";
+import { request } from "/src/api/service";
+import { useProjectStore } from "/@/store/project";
+import dayjs from "dayjs";
+import { useDicts } from "../dicts";
+import { useRouter } from "vue-router";
+import { useUserStore } from "/@/store/user";
+
+defineOptions({
+  name: "ProjectJoin",
+});
+const { t } = useI18n();
+
+const { projectMemberStatusDict, projectPermissionDict, userDict } = useDicts();
+
+const projects = ref<any[]>([]);
+
+const projectStore = useProjectStore();
+const userStore = useUserStore();
+function goProjectManager() {
+  // 假设这里调用跳转到项目管理页的API
+  router.push(`/sys/enterprise/project`);
+}
+
+const router = useRouter();
+function goProjectDetail(projectId: number) {
+  // 假设这里调用跳转到项目详情页的API
+  router.push(`/certd/project/detail?projectId=${projectId}`);
+}
+
+const getSystemProjects = async () => {
+  try {
+    // 假设这里调用获取系统项目列表的API
+    const response = await request({
+      url: "/enterprise/project/all",
+      method: "post",
+    });
+    projects.value = response || [];
+  } catch (error) {
+    message.error(t("certd.project.fetchFailed"));
+    console.error("获取项目列表失败:", error);
+  }
+};
+
+const applyToJoin = async (projectId: number) => {
+  // 假设这里调用申请加入项目的API
+  Modal.confirm({
+    title: t("certd.project.applyJoin"),
+    content: t("certd.project.applyJoinConfirm"),
+    onOk: async () => {
+      await request({
+        url: "/enterprise/project/applyJoin",
+        method: "post",
+        data: { projectId },
+      });
+      message.success(t("certd.project.applySuccess"));
+      await getSystemProjects();
+      // 申请成功后可以刷新页面或跳转到项目列表
+    },
+  });
+};
+
+const formatDate = (dateString: string) => {
+  if (!dateString) {
+    return "";
+  }
+  return dayjs(dateString).format("YYYY-MM-DD HH:mm:ss");
+};
+
+onMounted(() => {
+  getSystemProjects();
+});
+
+async function leaveProject(projectId: number) {
+  // 假设这里调用退出项目的API
+  Modal.confirm({
+    title: t("certd.project.leave"),
+    content: t("certd.project.leaveConfirm"),
+    onOk: async () => {
+      await request({
+        url: "/enterprise/project/leave",
+        method: "post",
+        data: { projectId },
+      });
+      message.success(t("certd.project.leaveSuccess"));
+      // 退出成功后可以刷新页面或跳转到项目列表
+      await getSystemProjects();
+    },
+  });
+}
+</script>
+
+<style lang="less">
+.page-project-join {
+  .project-container {
+    padding: 24px;
+    margin: 0 auto;
+    .project-card {
+      margin-bottom: 16px;
+      transition: all 0.3s;
+
+      &:hover {
+        box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
+      }
+
+      .project-card-content {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+      }
+
+      .title {
+        font-size: 16px;
+        font-weight: bold;
+      }
+    }
+  }
+}
+</style>
@@ -90,35 +90,21 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            },
          },
        },
-        disabled: {
-          title: t("certd.disabled"),
+        isSystem: {
+          title: t("certd.ent.isSystem"),
          type: "dict-switch",
          dict: dict({
            data: [
-              { label: t("certd.enabled"), value: false, color: "success" },
-              { label: t("certd.disabledLabel"), value: true, color: "error" },
+              { label: t("common.yes"), value: true, color: "success" },
+              { label: t("common.no"), value: false, color: "error" },
            ],
          }),
          form: {
-            value: false,
+            value: true,
+            helper: t("certd.ent.isSystemHelper"),
          },
          column: {
-            width: 100,
-            component: {
-              title: t("certd.clickToToggle"),
-              on: {
-                async click({ value, row }) {
-                  Modal.confirm({
-                    title: t("certd.prompt"),
-                    content: t("certd.confirmToggleStatus", { action: !value ? t("certd.disable") : t("certd.enable") }),
-                    onOk: async () => {
-                      await api.SetDisabled(row.id, !value);
-                      await crudExpose.doRefresh();
-                    },
-                  });
-                },
-              },
-            },
+            width: 150,
          },
        },
        adminId: {
@@ -7,6 +7,7 @@ import { useSettingStore } from "/@/store/settings";
 import { useUserStore } from "/@/store/user";
 import { useI18n } from "/src/locales";
 import { userDict } from "../../dicts";
+import { useDicts } from "/@/views/certd/dicts";

 export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
@@ -35,6 +36,8 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const selectedRowKeys: Ref<any[]> = ref([]);
  context.selectedRowKeys = selectedRowKeys;

+  const { projectMemberStatusDict } = useDicts();
+
  return {
    crudOptions: {
      settings: {
@@ -105,7 +108,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          search: {
            show: true,
          },
-          form: {},
+          form: {
+            rules: [{ required: true, message: "请选择用户" }],
+          },
          editForm: {
            show: false,
          },
@@ -128,11 +133,34 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          },
          form: {
            show: true,
+            rules: [{ required: true, message: "请选择权限" }],
          },
          column: {
            width: 200,
          },
        },
+        status: {
+          title: t("certd.ent.projectMemberStatus"),
+          type: "dict-select",
+          dict: projectMemberStatusDict,
+          search: {
+            show: true,
+          },
+          form: {
+            show: true,
+            rules: [{ required: true, message: "请选择状态" }],
+          },
+          column: {
+            width: 200,
+            cellRender: ({ row }) => {
+              return (
+                <div class="flex items-center">
+                  <fs-values-format model-value={row.status} dict={projectMemberStatusDict}></fs-values-format>
+                </div>
+              );
+            },
+          },
+        },
        createTime: {
          title: t("certd.createTime"),
          type: "datetime",
@@ -12,6 +12,7 @@
        </a-tooltip>
      </template>
    </fs-crud>
+    <AdminModeIntro v-if="!projectStore.isEnterprise" title="当前为SaaS管理模式，项目管理需要切换到企业模式" :open="true"></AdminModeIntro>
  </fs-page>
 </template>

@@ -22,7 +23,8 @@ import createCrudOptions from "./crud";
 import { message, Modal } from "ant-design-vue";
 import { DeleteBatch } from "./api";
 import { useI18n } from "/src/locales";
-
+import { useProjectStore } from "/@/store/project";
+import AdminModeIntro from "./intro.vue";
 const { t } = useI18n();

 defineOptions({
@@ -30,6 +32,7 @@ defineOptions({
 });
 const { crudBinding, crudRef, crudExpose, context } = useFs({ createCrudOptions });

+const projectStore = useProjectStore();
 const selectedRowKeys = context.selectedRowKeys;
 const handleBatchDelete = () => {
  if (selectedRowKeys.value?.length > 0) {
@@ -0,0 +1,86 @@
+<template>
+  <div v-if="open" class="admin-mode-intro" :style="fixed ? 'position: fixed;' : 'position: absolute;'" @click="close()">
+    <div class="mask">
+      <div class="intro-content">
+        <h2 class="intro-title text-xl font-bold">{{ title || "管理模式介绍" }}</h2>
+        <div class="mt-8 image-block">
+          <div class="flex gap-8">
+            <div class="intro-desc flex-1">SaaS模式：每个用户管理自己的流水线和授权资源，每个用户独立使用。</div>
+            <div class="intro-desc flex-1">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
+          </div>
+          <div class="image-intro">
+            <img :src="src" alt="" />
+          </div>
+        </div>
+        <div class="action">
+          <a-button type="primary" html-type="button" @click="goSwitchMode">立即前往切换模式</a-button>
+        </div>
+      </div>
+    </div>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { ref } from "vue";
+import { useRouter } from "vue-router";
+defineOptions({
+  name: "AdminModeIntro",
+});
+
+const props = defineProps<{
+  title?: string;
+  open?: boolean;
+  fixed?: boolean;
+}>();
+
+const emit = defineEmits(["update:open"]);
+
+function close() {
+  emit("update:open", false);
+}
+
+const src = ref("static/images/ent/admin_mode.png");
+
+const router = useRouter();
+function goSwitchMode() {
+  router.push("/sys/settings?tab=mode");
+}
+</script>
+
+<style lang="less">
+.admin-mode-intro {
+  position: absolute;
+  top: 0;
+  left: 0;
+  width: 100%;
+  height: 100%;
+  background-color: rgba(0, 0, 0, 0.5);
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  z-index: 9999;
+
+  .mask {
+    padding: 20px;
+    border-radius: 10px;
+  }
+
+  .intro-content {
+    background-color: #fff;
+    padding: 20px;
+    border-radius: 10px;
+    text-align: center;
+  }
+
+  .image-block {
+    text-align: center;
+    .image-intro {
+      width: 100%;
+      img {
+        margin: 0 auto;
+        max-width: 100%;
+      }
+    }
+  }
+}
+</style>
@@ -2,13 +2,23 @@
  <div class="sys-settings-form sys-settings-mode">
    <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
      <a-form-item :label="t('certd.sys.setting.adminMode')" :name="['public', 'adminMode']">
-        <fs-dict-radio v-model:value="formState.public.adminMode" :dict="adminModeDict" />
+        <div class="w-full flex items-center">
+          <fs-dict-radio v-model:value="formState.public.adminMode" :disabled="!settingsStore.isPlus" :dict="adminModeDict" />
+          <vip-button class="ml-5" mode="button"></vip-button>
+        </div>
+        <div class="helper">SaaS模式：每个用户管理自己的流水线和授权资源，独立使用。</div>
+        <div class="helper">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
+        <div class="helper text-red-500">建议在开始使用时固定一个合适的模式，之后就不要随意切换了。</div>
+        <div v-if="settingsStore.isComm" class="helper text-red-500">商业版不建议设置为企业模式，除非你确定要转成企业内部使用</div>
+        <div><a @click="adminModeIntroOpen = true"> 更多管理模式介绍</a></div>
      </a-form-item>

      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
      </a-form-item>
    </a-form>
+
+    <AdminModeIntro v-model:open="adminModeIntroOpen" fixed></AdminModeIntro>
  </div>
 </template>

@@ -22,22 +32,25 @@ import { notification } from "ant-design-vue";
 import { useI18n } from "/src/locales";
 import { dict } from "@fast-crud/fast-crud";
 import { useProjectStore } from "/@/store/project";
+import AdminModeIntro from "/@/views/sys/enterprise/project/intro.vue";
 const { t } = useI18n();

 defineOptions({
  name: "SettingMode",
 });

+const adminModeIntroOpen = ref(false);
+
 const adminModeDict = dict({
  data: [
-    {
-      label: t("certd.sys.setting.enterpriseMode"),
-      value: "enterprise",
-    },
    {
      label: t("certd.sys.setting.saasMode"),
      value: "saas",
    },
+    {
+      label: t("certd.sys.setting.enterpriseMode"),
+      value: "enterprise",
+    },
  ],
 });

@@ -6,7 +6,7 @@ typeorm:
    default:
      type: mysql # mariadb
      host: localhost
-      port: 3309
+      port: 3308
      username: root
      password: root
      database: certd
@@ -3,6 +3,27 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/ui-server
@@ -0,0 +1,118 @@
+
+CREATE TABLE `cd_project`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `name`        varchar(512) NOT NULL,
+  `admin_id`    bigint      NOT NULL,
+  `disabled`    boolean      NOT NULL DEFAULT false,
+  `is_system`   boolean      NOT NULL DEFAULT false,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_project_user_id` ON `cd_project` (`user_id`);
+CREATE INDEX `index_project_admin_id` ON `cd_project` (`admin_id`);
+INSERT INTO cd_project (id, user_id, `admin_id`, `name`, `disabled`, `is_system`) VALUES (1, -1, 1,'default', false,false);
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cert_project_id` ON `cd_cert_info` (`project_id`);
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_project_id` ON `cd_site_info` (`project_id`);
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_ip_project_id` ON `cd_site_ip` (`project_id`);
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX `index_open_key_project_id` ON `cd_open_key` (`project_id`);
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX `index_access_project_id` ON `cd_access` (`project_id`);
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX `index_addon_project_id` ON `cd_addon` (`project_id`);
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_project_id` ON `pi_pipeline` (`project_id`);
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_group_project_id` ON `pi_pipeline_group` (`project_id`);
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX `index_storage_project_id` ON `pi_storage` (`project_id`);
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX `index_notification_project_id` ON `pi_notification` (`project_id`);
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_project_id` ON `pi_history` (`project_id`);
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_log_project_id` ON `pi_history_log` (`project_id`);
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX `index_template_project_id` ON `pi_template` (`project_id`);
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_sub_domain_project_id` ON `pi_sub_domain` (`project_id`);
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cname_record_project_id` ON `cd_cname_record` (`project_id`);
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_domain_project_id` ON `cd_domain` (`project_id`);
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX `index_user_settings_project_id` ON `user_settings` (`project_id`);
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_group_project_id` ON `cd_group` (`project_id`);
+
+
+
+
+CREATE TABLE `cd_project_member`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `permission`  varchar(128) NOT NULL DEFAULT 'read',
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX `index_project_member_user_id` ON `cd_project_member` (`user_id`);
+CREATE INDEX `index_project_member_project_id` ON `cd_project_member` (`project_id`);
+
+
+CREATE TABLE `cd_audit_log`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `username`    varchar(128) NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `project_name` varchar(512) NOT NULL,
+  `type`        varchar(128) NOT NULL,
+  `action`      varchar(128) NOT NULL DEFAULT 'read',
+  `content`     longtext         NOT NULL,
+  `ip_address`  varchar(128) NOT NULL,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_audit_log_user_id` ON `cd_audit_log` (`user_id`);
+CREATE INDEX `index_audit_log_project_id` ON `cd_audit_log` (`project_id`);
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+
+
+ALTER TABLE `cd_project` ENGINE = InnoDB;
+ALTER TABLE `cd_project_member` ENGINE = InnoDB;
+ALTER TABLE `cd_audit_log` ENGINE = InnoDB;
@@ -0,0 +1,116 @@
+
+CREATE TABLE "cd_project"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "name"        varchar(512) NOT NULL,
+  "admin_id"    bigint      NOT NULL,
+  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
+CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);
+select setval('cd_project_id_seq', 1);
+
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_project_id" ON "cd_site_info" ("project_id");
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_ip_project_id" ON "cd_site_ip" ("project_id");
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX "index_open_key_project_id" ON "cd_open_key" ("project_id");
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX "index_access_project_id" ON "cd_access" ("project_id");
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX "index_addon_project_id" ON "cd_addon" ("project_id");
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_project_id" ON "pi_pipeline" ("project_id");
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_group_project_id" ON "pi_pipeline_group" ("project_id");
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX "index_storage_project_id" ON "pi_storage" ("project_id");
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX "index_notification_project_id" ON "pi_notification" ("project_id");
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_project_id" ON "pi_history" ("project_id");
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_log_project_id" ON "pi_history_log" ("project_id");
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX "index_template_project_id" ON "pi_template" ("project_id");
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_sub_domain_project_id" ON "pi_sub_domain" ("project_id");
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cname_record_project_id" ON "cd_cname_record" ("project_id");
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_domain_project_id" ON "cd_domain" ("project_id");
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX "index_user_settings_project_id" ON "user_settings" ("project_id");
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_group_project_id" ON "cd_group" ("project_id");
+
+
+
+
+CREATE TABLE "cd_project_member"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "permission"  varchar(128) NOT NULL DEFAULT ('read'),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX "index_project_member_user_id" ON "cd_project_member" ("user_id");
+CREATE INDEX "index_project_member_project_id" ON "cd_project_member" ("project_id");
+
+
+CREATE TABLE "cd_audit_log"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "username"    varchar(128) NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "project_name" varchar(512) NOT NULL,
+  "type"        varchar(128) NOT NULL,
+  "action"      varchar(128) NOT NULL DEFAULT ('read'),
+  "content"     text         NOT NULL,
+  "ip_address"  varchar(128) NOT NULL,
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_audit_log_user_id" ON "cd_audit_log" ("user_id");
+CREATE INDEX "index_audit_log_project_id" ON "cd_audit_log" ("project_id");
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+
@@ -6,6 +6,7 @@ CREATE TABLE "cd_project"
  "name"        varchar(512) NOT NULL,
  "admin_id"    integer      NOT NULL,
  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
  "create_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
 );
@@ -13,7 +14,7 @@ CREATE TABLE "cd_project"

 CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
 CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
-INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled") VALUES (1, 0, 1,'default', false);
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);

 ALTER TABLE cd_cert_info ADD COLUMN  project_id integer;
 CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
@@ -82,6 +83,7 @@ CREATE TABLE "cd_project_member"
  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
 );

+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);

 CREATE INDEX "index_project_member_user_id" ON "cd_project_member" ("user_id");
 CREATE INDEX "index_project_member_project_id" ON "cd_project_member" ("project_id");
@@ -7,18 +7,23 @@ showTest: false
 input:
  clientId:
    title: ClientId
-    helper: '[Azure Portal](https://portal.azure.com/)创建应用后获取'
+    helper: >-
+      [Microsoft Entra
+      ID](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)创建应用后获取
    required: true
  clientSecretKey:
    title: ClientSecretKey
    component:
      placeholder: ClientSecretKey / appSecretKey
+    helper: 客户端凭据->证书与机密->客户端密码->新客户端密码
    required: true
  tenantId:
    title: TenantId
-    helper: 租户ID，留空使用/common端点（需要应用配置为多租户）
    component:
      placeholder: common 或 租户ID
+    helper: |-
+      根据受支持的账户类型填写 common 或 租户ID，默认为common(Microsoft个人账户)。 
+      租户ID获取: 概述 -> 目录(租户) ID 
    value: common
    required: false
 pluginType: addon
@@ -37,7 +37,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
@@ -34,7 +34,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
@@ -3,7 +3,7 @@ default:
  strategy:
    runStrategy: 0
  input:
-    renewDays: 35
+    renewDays: 15
    forceUpdate: false
 name: CertApplyLego
 icon: ph:certificate
@@ -37,7 +37,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
@@ -99,7 +99,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  pfxPassword:
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -50,20 +50,20 @@
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
    "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/commercial-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/commercial-core": "^1.39.0",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.12",
-    "@certd/lib-huawei": "^1.38.12",
-    "@certd/lib-k8s": "^1.38.12",
-    "@certd/lib-server": "^1.38.12",
-    "@certd/midway-flyway-js": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-cert": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
-    "@certd/plugin-plus": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/jdcloud": "^1.39.0",
+    "@certd/lib-huawei": "^1.39.0",
+    "@certd/lib-k8s": "^1.39.0",
+    "@certd/lib-server": "^1.39.0",
+    "@certd/midway-flyway-js": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-cert": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
+    "@certd/plugin-plus": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -80,7 +80,7 @@ const development = {
        type: 'better-sqlite3',
        database: './data/db.sqlite',
        synchronize: false, // 如果第一次使用，不存在表，有同步的需求可以写 true
-        logging: false,
+        logging: true,
        highlightSql: false,

        // 配置实体模型 或者 entities: '/entity',
@@ -1,5 +1,5 @@
+import { AccessService } from "@certd/lib-server";
 import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
-import { AccessService, Constants } from "@certd/lib-server";
 import { AccessController } from "../../user/pipeline/access-controller.js";

 /**
@@ -15,6 +15,12 @@ export class SysAccessController extends AccessController {
    return this.service2;
  }

+  async getProjectUserId(permission:string){
+    return {
+      projectId:null,userId:0
+    }
+  }
+
  getUserId() {
    // checkComm();
    return 0;
@@ -54,7 +60,7 @@ export class SysAccessController extends AccessController {
    return await super.define(type);
  }

-  @Post('/getSecretPlain', { summary: Constants.per.authOnly })
+  @Post('/getSecretPlain', { summary: 'sys:settings:view' })
  async getSecretPlain(@Body(ALL) body: { id: number; key: string }) {
    const value = await this.service.getById(body.id, 0);
    return this.ok(value[body.key]);
@@ -69,4 +75,9 @@ export class SysAccessController extends AccessController {
  async simpleInfo(@Query('id') id: number) {
    return await super.simpleInfo(id);
  }
+
+    @Post('/getDictByIds', { summary: 'sys:settings:view' })
+    async getDictByIds(@Body('ids') ids: number[]) {
+      return await super.getDictByIds(ids);
+    }
 }
@@ -21,12 +21,18 @@ export class BasicController extends BaseController {
  @Post('/preBindUser', { summary: 'sys:settings:edit' })
  public async preBindUser(@Body(ALL) body: PreBindUserReq) {
    // 设置缓存内容
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
    await this.plusService.userPreBind(body.userId);
    return this.ok({});
  }

  @Post('/bindUser', { summary: 'sys:settings:edit' })
  public async bindUser(@Body(ALL) body: BindUserReq) {
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
    const installInfo: SysInstallInfo = await this.sysSettingsService.getSetting(SysInstallInfo);
    installInfo.bindUserId = body.userId;
    await this.sysSettingsService.saveSetting(installInfo);
@@ -12,6 +12,11 @@ export class SysAddonController extends AddonController {
    return this.service2;
  }

+  async getProjectUserId(permission:string){
+    return {
+      projectId:null,userId:0 //0为系统级别
+    }
+  }
  getUserId() {
    // checkComm();
    return 0;
@@ -40,7 +40,7 @@ export class SysProjectController extends CrudController<ProjectEntity> {
    bean.userId = this.getUserId();
    return super.add({
      ...bean,
-      userId:0,
+      userId:-1, //企业用户id固定为-1
      adminId: bean.userId,
    });
  }
@@ -60,10 +60,12 @@ export class SysProjectMemberController extends CrudController<ProjectMemberEnti
      userId: this.getUserId(),
      projectId: projectId,
    });
-    return super.update({
+    const res =await this.service.update({
      id: bean.id,
      permission: bean.permission,
+      status: bean.status,
    });
+    return this.ok(res);
  }

  @Post("/info", { summary: "sys:settings:view" })
@@ -0,0 +1,60 @@
+import { Constants, isEnterprise } from '@certd/lib-server';
+import { Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
+import { In } from 'typeorm';
+import { AuthService } from '../../../modules/sys/authority/service/auth-service.js';
+import { UserService } from '../../../modules/sys/authority/service/user-service.js';
+import { BasicController } from '../../basic/code-controller.js';
+
+/**
+ * 通知
+ */
+@Provide()
+@Controller('/api/basic/user')
+export class BasicUserController extends BasicController {
+  @Inject()
+  service: UserService;
+  @Inject()
+  authService: AuthService;
+
+  getService(): UserService {
+    return this.service;
+  }
+
+  @Post('/getSimpleUserByIds', { summary: Constants.per.authOnly })
+  async getSimpleUserByIds(@Body('ids') ids: number[]) {
+    if(!isEnterprise()){
+       throw new Error('非企业模式不能获取用户信息');
+    }
+    const users = await this.service.find({
+      select: {
+        id: true,
+        username: true,
+        nickName: true,
+        mobile: true,
+        phoneCode: true,
+      },
+      where: {
+        id: In(ids),
+      },
+    });
+    return this.ok(users);
+  }
+
+  @Post('/getSimpleUsers', {summary: Constants.per.authOnly})
+  async getSimpleUsers() {
+    if(!isEnterprise()){
+       throw new Error('非企业模式不能获取所有用户信息');
+    }
+    const users = await this.service.find({
+      select: {
+        id: true,
+        username: true,
+        nickName: true,
+        mobile: true,
+        phoneCode: true,
+      },
+    });
+    return this.ok(users);
+  }
+
+}
@@ -20,8 +20,6 @@ export class CnameProviderController extends BaseController {

  @Post('/list', { summary: Constants.per.authOnly })
  async list(@Body(ALL) body: any) {
-    body.query = body.query ?? {};
-    body.query.userId = this.getUserId();
    const res = await this.providerService.list({});
    return this.ok(res);
  }
@@ -67,50 +67,51 @@ export class CnameRecordController extends CrudController<CnameRecordService> {

  @Post('/info', { summary: Constants.per.authOnly })
  async info(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.getService(), id, "read");
    return super.info(id);
  }

  @Post('/delete', { summary: Constants.per.authOnly })
  async delete(@Query('id') id: number) {
-    await this.service.checkUserId(id, this.getUserId());
+    await this.checkOwner(this.getService(), id, "write");
    return super.delete(id);
  }

  @Post('/deleteByIds', { summary: Constants.per.authOnly })
  async deleteByIds(@Body(ALL) body: any) {
+    const {userId,projectId} = await this.getProjectUserIdWrite();
    await this.service.delete(body.ids, {
-      userId: this.getUserId(),
+      userId,
+      projectId,
    });
    return this.ok();
  }
  @Post('/getByDomain', { summary: Constants.per.authOnly })
  async getByDomain(@Body(ALL) body: { domain: string; createOnNotFound: boolean }) {
-    const userId = this.getUserId();
-    const res = await this.service.getByDomain(body.domain, userId, body.createOnNotFound);
+    const {userId,projectId} = await this.getProjectUserIdRead();
+    const res = await this.service.getByDomain(body.domain, userId,projectId, body.createOnNotFound);
    return this.ok(res);
  }

  @Post('/verify', { summary: Constants.per.authOnly })
  async verify(@Body(ALL) body: { id: number }) {
-    const userId = this.getUserId();
-    await this.service.checkUserId(body.id, userId);
+    await this.checkOwner(this.getService(), body.id, "read");
    const res = await this.service.verify(body.id);
    return this.ok(res);
  }

  @Post('/resetStatus', { summary: Constants.per.authOnly })
  async resetStatus(@Body(ALL) body: { id: number }) {
-    const userId = this.getUserId();
-    await this.service.checkUserId(body.id, userId);
+    await this.checkOwner(this.getService(), body.id, "read");
    const res = await this.service.resetStatus(body.id);
    return this.ok(res);
  }
 @Post('/import', { summary: Constants.per.authOnly })
  async import(@Body(ALL) body: { domainList: string; cnameProviderId: any }) {
-    const userId = this.getUserId();
+    const {userId,projectId} = await this.getProjectUserIdWrite();
    const res = await this.service.doImport({
      userId,
+      projectId,
      domainList: body.domainList,
      cnameProviderId: body.cnameProviderId,
    });
@@ -2,6 +2,7 @@ import { BaseController, Constants } from '@certd/lib-server';
 import { ALL, Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
 import { AuthService } from '../../../modules/sys/authority/service/auth-service.js';
 import { ProjectService } from '../../../modules/sys/enterprise/service/project-service.js';
+import { ProjectMemberService } from '../../../modules/sys/enterprise/service/project-member-service.js';

 /**
 */
@@ -10,6 +11,10 @@ import { ProjectService } from '../../../modules/sys/enterprise/service/project-
 export class UserProjectController extends BaseController {
  @Inject()
  service: ProjectService;
+
+  @Inject()
+  projectMemberService: ProjectMemberService;
+  
  @Inject()
  authService: AuthService;

@@ -17,6 +22,23 @@ export class UserProjectController extends BaseController {
    return this.service;
  }

+   /**
+   * @param body 
+   * @returns 
+   */
+  @Post('/detail', { summary: Constants.per.authOnly })
+  async detail(@Body(ALL) body: any) {
+    const {projectId} = await this.getProjectUserIdRead();
+    const res = await this.service.getDetail(projectId,this.getUserId());
+    return this.ok(res);
+  }
+
+
+  /**
+   * 我的项目
+   * @param body 
+   * @returns 
+   */
  @Post('/list', { summary: Constants.per.authOnly })
  async list(@Body(ALL) body: any) {
    const userId= this.getUserId();
@@ -24,4 +46,74 @@ export class UserProjectController extends BaseController {
    return this.ok(res);
  }

+
+  /**
+   * 
+   * @param body 所有项目
+   * @returns 
+   */
+  @Post('/all', { summary: Constants.per.authOnly })
+  async all(@Body(ALL) body: any) {
+    const userId= this.getUserId();
+    const res = await this.service.getAllWithStatus(userId);
+    return this.ok(res);
+  }
+
+  @Post('/applyJoin', { summary: Constants.per.authOnly })
+  async applyJoin(@Body(ALL) body: any) {
+    const userId= this.getUserId();
+    const res = await this.service.applyJoin({ userId, projectId: body.projectId });
+    return this.ok(res);
+  }
+
+  @Post('/updateMember', { summary: Constants.per.authOnly })
+  async updateMember(@Body(ALL) body: any) {
+    const {projectId} = await this.getProjectUserIdAdmin();
+    const {status,permission,userId} = body;
+    const member = await this.projectMemberService.findOne({
+      where: {
+        projectId,
+        userId,
+      },
+    });
+    if (!member) {
+      throw new Error('成员不存在');
+    }
+    const res = await this.projectMemberService.update({
+      id: member.id,
+      status,
+      permission,
+    });
+    return this.ok(res);
+  }
+
+  @Post('/approveJoin', { summary: Constants.per.authOnly })
+  async approveJoin(@Body(ALL) body: any) {
+    const {projectId} = await this.getProjectUserIdAdmin();
+    const {status,permission,userId} = body;
+    const res = await this.service.approveJoin({ userId, projectId: projectId,status,permission });
+    return this.ok(res);
+  }
+
+  @Post('/delete', { summary: Constants.per.authOnly })
+  async delete(@Body(ALL) body: any) {
+     const {projectId} = await this.getProjectUserIdAdmin();
+    await this.projectMemberService.deleteWhere({
+      projectId,
+      userId: this.getUserId(),
+    });
+    return this.ok();
+  }
+
+  @Post('/leave', { summary: Constants.per.authOnly })
+  async leave(@Body(ALL) body: any) {
+    const {projectId}  = body
+     const userId = this.getUserId();
+    await this.projectMemberService.deleteWhere({
+      projectId,
+      userId,
+    });
+    return this.ok();
+  }
+
 }
@@ -0,0 +1,118 @@
+import { CrudController, SysSettingsService,Constants } from "@certd/lib-server";
+import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
+import { ProjectMemberEntity } from "../../../modules/sys/enterprise/entity/project-member.js";
+import { ProjectMemberService } from "../../../modules/sys/enterprise/service/project-member-service.js";
+import { merge } from "lodash-es";
+import { ProjectService } from "../../../modules/sys/enterprise/service/project-service.js";
+/**
+ */
+@Provide()
+@Controller("/api/enterprise/projectMember")
+export class ProjectMemberController extends CrudController<ProjectMemberEntity> {
+  @Inject()
+  service: ProjectMemberService;
+
+  @Inject()
+  sysSettingsService: SysSettingsService;
+
+  @Inject()
+  projectService: ProjectService;
+
+  getService<T>() {
+    return this.service;
+  }
+
+  @Post("/page", { summary: Constants.per.authOnly })
+  async page(@Body(ALL) body: any) {
+    const {projectId} = await this.getProjectUserIdRead();
+    body.query = body.query ?? {};
+    body.query.projectId = projectId;
+    return await super.page(body);
+  }
+
+  @Post("/list", { summary: Constants.per.authOnly })
+  async list(@Body(ALL) body: any) {
+    const {projectId} = await this.getProjectUserIdRead();
+    body.query = body.query ?? {};
+    body.query.projectId = projectId;
+    return super.list(body);
+  }
+
+  @Post("/add", { summary: Constants.per.authOnly })
+  async add(@Body(ALL) bean: any) {
+    const def: any = {
+      isDefault: false,
+      disabled: false,
+    };
+    merge(bean, def);
+
+    await this.projectService.checkAdminPermission({
+      userId: this.getUserId(),
+      projectId: bean.projectId,
+    });
+
+    return super.add(bean);
+  }
+
+  @Post("/update", { summary: Constants.per.authOnly }) 
+  async update(@Body(ALL) bean: any) {
+    if (!bean.id) {
+      throw new Error("id is required");
+    }
+    const projectId = await this.service.getProjectId(bean.id)
+    await this.projectService.checkAdminPermission({
+      userId: this.getUserId(),
+      projectId: projectId,
+    });
+    const res = await this.service.update({
+      id: bean.id,
+      permission: bean.permission,
+      status: bean.status,
+    });
+
+    return this.ok(res);
+  }
+
+  @Post("/info", { summary: Constants.per.authOnly })
+  async info(@Query("id") id: number) {
+     if (!id) {
+      throw new Error("id is required");
+    }
+    const projectId = await this.service.getProjectId(id)
+    await this.projectService.checkReadPermission({
+      userId: this.getUserId(),
+      projectId:projectId,
+    });
+    return super.info(id);
+  }
+
+  @Post("/delete", { summary: Constants.per.authOnly })
+  async delete(@Query("id") id: number) {
+    if (!id) {
+      throw new Error("id is required");
+    }
+    const projectId = await this.service.getProjectId(id)
+    await this.projectService.checkAdminPermission({
+      userId: this.getUserId(),
+      projectId:projectId,
+    });
+    return super.delete(id);
+  }
+
+  @Post("/deleteByIds", { summary: Constants.per.authOnly })
+  async deleteByIds(@Body("ids") ids: number[]) {
+    for (const id of ids) {
+      if (!id) {
+        throw new Error("id is required");
+      }
+      const projectId = await this.service.getProjectId(id)
+      await this.projectService.checkAdminPermission({
+        userId: this.getUserId(),
+        projectId:projectId,
+      });
+      await this.service.delete(id as any);
+    }
+   
+    return this.ok({});
+  }
+}
@@ -111,7 +111,7 @@ export class AccessController extends CrudController<AccessService> {
  @Post('/simpleInfo', { summary: Constants.per.authOnly })
  async simpleInfo(@Query('id') id: number) {
    // await this.authService.checkUserIdButAllowAdmin(this.ctx, this.service, id);
-    await this.checkOwner(this.getService(), id, "read",true);
+    // await this.checkOwner(this.getService(), id, "read",true);
    const res = await this.service.getSimpleInfo(id);
    return this.ok(res);
  }
@@ -164,8 +164,8 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
  //   // 3.  检查原域名是否有cname记录
  // }

-  async getWithAccessByDomain(domain: string, userId: number) {
-    const record: CnameRecord = await this.getByDomain(domain, userId);
+  async getWithAccessByDomain(domain: string, userId: number,projectId?:number) {
+    const record: CnameRecord = await this.getByDomain(domain, userId,projectId);
    if (record.cnameProvider.id > 0) {
      //自定义cname服务
      record.cnameProvider.access = await this.accessService.getAccessById(record.cnameProvider.accessId, false);
@@ -179,17 +179,17 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
    return record;
  }

-  async getByDomain(domain: string, userId: number, createOnNotFound = true) {
+  async getByDomain(domain: string, userId: number,projectId?:number, createOnNotFound = true) {
    if (!domain) {
      throw new ValidateException("domain不能为空");
    }
    if (userId == null) {
      throw new ValidateException("userId不能为空");
    }
-    let record = await this.getRepository().findOne({ where: { domain, userId } });
+    let record = await this.getRepository().findOne({ where: { domain, userId,projectId } });
    if (record == null) {
      if (createOnNotFound) {
-        record = await this.add({ domain, userId });
+        record = await this.add({ domain, userId,projectId });
      } else {
        throw new ValidateException(`找不到${domain}的CNAME记录`);
      }
@@ -489,8 +489,8 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
    await this.getRepository().update(id, { status: "cname", mainDomain: "" });
  }

-  async doImport(req:{ userId: number; domainList: string; cnameProviderId: any }) {
-    const {userId,cnameProviderId,domainList} = req;
+  async doImport(req:{ userId: number; projectId: number; domainList: string; cnameProviderId: any }) {
+    const {userId,projectId,cnameProviderId,domainList} = req;
    const domains = domainList.split("\n").map(item => item.trim()).filter(item => item.length > 0);
    if (domains.length === 0) {
      throw new ValidateException("域名列表不能为空");
@@ -504,18 +504,19 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
      key: "user_"+userId,
      title: "导入CNAME记录",
      run: async (task) => {
-        await this._import({ userId, domains, cnameProviderId },task);
+        await this._import({ userId,projectId, domains, cnameProviderId },task);
      }
    }));
  }

-  async _import(req :{ userId: number; domains: string[]; cnameProviderId: any },task:BackTask) {
+  async _import(req :{ userId: number; projectId: number; domains: string[]; cnameProviderId: any },task:BackTask) {
    const userId = req.userId;
    for (const domain of req.domains) {
      const old = await this.getRepository().findOne({
        where: {
          userId: req.userId,
          domain,
+          projectId: req.projectId,
        },
      });
      if (old) {
@@ -526,6 +527,7 @@ export class CnameRecordService extends BaseService<CnameRecordEntity> {
          await this.add({
            userId,
            domain: domain,
+            projectId: req.projectId,
            cnameProviderId: req.cnameProviderId,
          });
      }catch(e){
@@ -63,7 +63,7 @@ export class TwoFactorService {
  }

  async offAuthenticator(userId:number) {
-    if (!userId) {
+    if (!userId || userId <= 0) {
      throw new Error("userId is required");
    }

@@ -358,7 +358,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  async checkList(sites: SiteInfoEntity[],isCommon: boolean) {
    const cache = {}
    const getFromCache = async (userId: number,projectId?: number) =>{
-      const key = `${userId}-${projectId??""}`
+      const key = `${userId}_${projectId??""}`
      if (cache[key]) {
        return cache[key];
      }
@@ -424,7 +424,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
    if (!req.text) {
      throw new Error("text is required");
    }
-    if (!req.userId) {
+    if (req.userId == null) {
      throw new Error("userId is required");
    }

@@ -479,7 +479,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  }

  clearSiteMonitorJob(userId: number,projectId?: number) {
-    this.cron.remove(`siteMonitor-${userId}-${projectId||""}`);
+    this.cron.remove(`siteMonitor_${userId}_${projectId||""}`);
  }

  async registerSiteMonitorJob(userId?: number,projectId?: number) {
@@ -502,7 +502,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
      }
      //注册个人的 或项目的
      this.cron.register({
-        name: `siteMonitor-${userId}-${projectId||""}`,
+        name: `siteMonitor_${userId}_${projectId||""}`,
        cron: setting.cron,
        job: () => this.triggerJobOnce(userId,projectId),
      });
@@ -511,9 +511,9 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
  }

  async triggerJobOnce(userId?:number,projectId?:number) {
-    logger.info(`站点证书检查开始执行[${userId??'所有用户'}-${projectId??'所有项目'}]`);
+    logger.info(`站点证书检查开始执行[${userId??'所有用户'}_${projectId??'所有项目'}]`);
    const query:any = { disabled: false };
-    if(userId){
+    if(userId!=null){
      query.userId = userId;
      if(projectId){
        query.projectId = projectId;
@@ -541,7 +541,7 @@ export class SiteInfoService extends BaseService<SiteInfoEntity> {
      await this.checkList(records,isCommon);
    }

-    logger.info(`站点证书检查完成[${userId??'所有用户'}-${projectId??'所有项目'}]`);
+    logger.info(`站点证书检查完成[${userId??'所有用户'}_${projectId??'所有项目'}]`);
  }

  async batchDelete(ids: number[], userId: number,projectId?:number): Promise<void> {
@@ -43,7 +43,7 @@ export class SiteIpService extends BaseService<SiteIpEntity> {
  }

  async add(data: SiteIpEntity) {
-    if (!data.userId) {
+    if (data.userId == null) {
      throw new Error("userId is required");
    }
    data.disabled = false;
@@ -2,13 +2,15 @@ import { CnameRecord, ICnameProxyService } from '@certd/pipeline';

 export class CnameProxyService implements ICnameProxyService {
  userId: number;
-  getter: <T>(domain: string, userId?: number) => Promise<T>;
-  constructor(userId: number, getter: (domain: string, userId: number) => Promise<any>) {
+  projectId: number;
+  getter: <T>(domain: string, userId?: number, projectId?: number) => Promise<T>;
+  constructor(userId: number, projectId: number, getter: (domain: string, userId: number, projectId: number) => Promise<any>) {
    this.userId = userId;
+    this.projectId = projectId;
    this.getter = getter;
  }

  async getByDomain(domain: string): Promise<CnameRecord> {
-    return await this.getter<CnameRecord>(domain, this.userId);
+    return await this.getter<CnameRecord>(domain, this.userId, this.projectId);
  }
 }
@@ -59,7 +59,7 @@ export class TaskServiceGetter implements IServiceGetter{

  async getCnameProxyService(): Promise<CnameProxyService> {
    const cnameRecordService:CnameRecordService = await  this.appCtx.getAsync("cnameRecordService")
-    return new CnameProxyService(this.userId, cnameRecordService.getWithAccessByDomain.bind(cnameRecordService));
+    return new CnameProxyService(this.userId, this.projectId, cnameRecordService.getWithAccessByDomain.bind(cnameRecordService));
  }

  async getNotificationService(): Promise<NotificationGetter> {
@@ -188,11 +188,11 @@ export class HistoryService extends BaseService<HistoryEntity> {
    const where: any = {
      createTime: MoreThan(todayEnd.add(-param.days, 'day').toDate()),
    };
-    if (param.userId > 0) {
-      where.userId = param.userId;
-    }
+    
    if (param.projectId > 0) {
      where.projectId = param.projectId;
+    }else if (param.userId > 0) {
+      where.userId = param.userId;
    }
    const result = await this.getRepository()
      .createQueryBuilder('main')
@@ -138,21 +138,21 @@ export class NotificationService extends BaseService<NotificationEntity> {
    if (userId==null) {
      throw new ValidateException('userId不能为空');
    }
+    const query:any = {
+       userId,
+    }
+    if (projectId){
+      query.projectId = projectId
+    }
    await this.repository.update(
-      {
-        userId,
-        projectId,
-      },
+      query,
      {
        isDefault: false,
      }
    );
+    query.id = id
    await this.repository.update(
-      {
-        id,
-        userId,
-        projectId,
-      },
+     query,
      {
        isDefault: true,
      }
@@ -50,6 +50,7 @@ import { nanoid } from "nanoid";
 import { set } from "lodash-es";
 import { executorQueue } from "@certd/lib-server";
 import parser from "cron-parser";
+import { ProjectService } from "../../sys/enterprise/service/project-service.js";
 const runningTasks: Map<string | number, Executor> = new Map();


@@ -107,6 +108,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
  @Inject()
  certInfoService: CertInfoService;

+  @Inject()
+  projectService: ProjectService;
+
  //@ts-ignore
  getRepository() {
    return this.repository;
@@ -251,6 +255,9 @@ export class PipelineService extends BaseService<PipelineEntity> {
    if (bean.id > 0) {
      //修改
      old = await this.info(bean.id);
+      bean.order = old.order;
+      bean.userId = old.userId;
+      bean.projectId = old.projectId;
    }
    if (!old || !old.webhookKey) {
      bean.webhookKey = await this.genWebhookKey();
@@ -261,6 +268,8 @@ export class PipelineService extends BaseService<PipelineEntity> {

    const pipeline = JSON.parse(bean.content || "{}");
    RunnableCollection.initPipelineRunnableType(pipeline);
+    pipeline.userId = bean.userId;
+    pipeline.projectId = bean.projectId;
    let domains = [];
    if (pipeline.stages) {
      RunnableCollection.each(pipeline.stages, (runnable: any) => {
@@ -294,8 +303,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
    } else if (bean.type === "cert_auto") {
      fromType = "auto";
    }
-    const userId = pipeline.userId || bean.userId;
-    const projectId = pipeline.projectId ?? bean.projectId ??null;
+    const userId = bean.userId;
+    const projectId = bean.projectId ??null;
    await this.certInfoService.updateDomains(pipeline.id, userId, projectId ,  domains, fromType);
    return {
      ...bean,
@@ -671,9 +680,12 @@ export class PipelineService extends BaseService<PipelineEntity> {
    };

    const userId = entity.userId;
-    const historyId = await this.historyService.start(entity, triggerType);
+    const projectId = entity.projectId;
    let userIsAdmin = false
-    if(userId){
+
+    if (projectId && projectId>0) {
+      userIsAdmin = await this.projectService.isAdmin(projectId);
+    }else if(userId>0){
      userIsAdmin = await this.userService.isAdmin(userId);
    }
    const user: UserInfo = {
@@ -681,7 +693,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
      role: userIsAdmin ? "admin" : "user"
    };

-
+     const historyId = await this.historyService.start(entity, triggerType);
    const sysInfo: SysInfo = {};
    if (isComm()) {
      const siteInfo = await this.sysSettingsService.getSetting<SysSiteInfo>(SysSiteInfo);
@@ -689,7 +701,8 @@ export class PipelineService extends BaseService<PipelineEntity> {
    }

    const taskServiceGetter = this.taskServiceBuilder.create({
-      userId
+      userId,
+      projectId
    });
    const accessGetter = await taskServiceGetter.get<IAccessService>("accessService");
    const notificationGetter = await taskServiceGetter.get<INotificationService>("notificationService");
@@ -919,7 +932,7 @@ export class PipelineService extends BaseService<PipelineEntity> {
      throw new NeedVIPException("此功能需要升级专业版");
    }
    for (const id of ids) {
-      if (userId) {
+      if (userId && userId > 0) {
        await this.checkUserId(id, userId);
      }
      if(projectId){
@@ -1103,6 +1116,10 @@ export class PipelineService extends BaseService<PipelineEntity> {


  private async checkUserStatus(userId: number) {
+    if(isEnterprise()){
+      //企业模式不检查用户状态，都允许运行流水线
+      return 
+    }
    const userEntity = await this.userService.info(userId);
    if (userEntity == null) {
      throw new Error("用户不存在");
@@ -16,6 +16,9 @@ export class ProjectMemberEntity {
  @Column({ name: 'permission', comment: '权限' })
  permission: string; // read / write / admin

+  @Column({ name: 'status', comment: '申请状态' })
+  status: string; // pending / approved / rejected
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -19,6 +19,10 @@ export class ProjectEntity {
  @Column({ name: 'disabled', comment: '禁用' })
  disabled: boolean;

+  @Column({ name: 'is_system', comment: '是否系统项目' })
+  isSystem: boolean; //系统项目内的流水线允许运行管理员级别的插件
+
+
  @Column({
    name: 'create_time',
    comment: '创建时间',
@@ -34,4 +38,10 @@ export class ProjectEntity {

  // user permission read write admin
  permission:string
+
 }
+
+export type ProjectMemberItem = {
+  memberId: number;
+  status: string;
+} & ProjectEntity
@@ -18,12 +18,12 @@ export class ProjectMemberService extends BaseService<ProjectMemberEntity> {
    return this.repository;
  }

-  async add(bean: ProjectMemberEntity) {
+  async add(bean: Partial<ProjectMemberEntity>) {
    const {projectId, userId} = bean;
    if (!projectId) {
      throw new Error('项目ID不能为空');
    }
-    if (!userId) {
+    if (!userId || userId <= 0) {
      throw new Error('用户ID不能为空');
    }
    const exist = await this.repository.findOne({
@@ -38,19 +38,21 @@ export class ProjectMemberService extends BaseService<ProjectMemberEntity> {
   return await super.add(bean)
  }

-  async getByUserId(userId: number) {
+  async getByUserId(userId: number,status?:string) {
    return await this.repository.find({
      where: {
        userId,
+        status,
      },
    });
  }

-  async getMember(projectId: number,userId: number) {
+  async getMember(projectId: number,userId: number,status?:string) {
    return await this.repository.findOne({
      where: {
        userId,
        projectId,
+        status,
      },
    });
  }
@@ -3,7 +3,7 @@ import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
 import { InjectEntityModel } from '@midwayjs/typeorm';
 import { LRUCache } from 'lru-cache';
 import { Repository } from 'typeorm';
-import { ProjectEntity } from '../entity/project.js';
+import { ProjectEntity, ProjectMemberItem } from '../entity/project.js';
 import { ProjectMemberService } from './project-member-service.js';

 const projectCache = new LRUCache<string, any>({
@@ -11,9 +11,12 @@ const projectCache = new LRUCache<string, any>({
  ttl: 1000 * 60 * 10,
 });

+const ENTERPRISE_USER_ID = -1 //企业模式下 企业userId 固定为-1
+
@Provide()
@Scope(ScopeEnum.Request, { allowDowngrade: true })
 export class ProjectService extends BaseService<ProjectEntity> {
+ 
  @InjectEntityModel(ProjectEntity)
  repository: Repository<ProjectEntity>;

@@ -36,20 +39,20 @@ export class ProjectService extends BaseService<ProjectEntity> {
    const exist = await this.repository.findOne({
      where: {
        name,
-        userId: 0,
+        userId: ENTERPRISE_USER_ID,
      },
    });
    if (exist) {
      throw new Error('项目名称已存在');
    }
    bean.disabled = false
-    const res= await super.add(bean)
+    const res = await super.add(bean)
    projectCache.clear();
    return res;
  }

-  async update( bean: ProjectEntity) {
-    const res= await super.update(bean)
+  async update(bean: ProjectEntity) {
+    const res = await super.update(bean)
    projectCache.clear();
    return res;
  }
@@ -57,7 +60,7 @@ export class ProjectService extends BaseService<ProjectEntity> {
  async setDisabled(id: number, disabled: boolean) {
    await this.repository.update({
      id,
-      userId: 0,
+      userId: ENTERPRISE_USER_ID,
    }, {
      disabled,
    });
@@ -65,11 +68,14 @@ export class ProjectService extends BaseService<ProjectEntity> {

  async getUserProjects(userId: number) {

-    const memberList = await this.projectMemberService.getByUserId(userId);
-    const projectIds = memberList.map(item => item.projectId);
+    const memberList = await this.projectMemberService.getByUserId(userId, 'approved');
+    let projectIds = memberList.map(item => item.projectId); 
+    if (!projectIds || projectIds.length === 0) {
+      projectIds = [0]
+    }
    const projectList = await this.repository.createQueryBuilder('project')
      .where(' project.disabled = false')
-      .where(' project.userId = :userId', { userId: 0 })
+      .where(' project.userId = :userId', { userId: ENTERPRISE_USER_ID })
      .where(' project.id IN (:...projectIds) or project.adminId = :userId', { projectIds, userId })
      .getMany();

@@ -89,6 +95,60 @@ export class ProjectService extends BaseService<ProjectEntity> {
    return projectList
  }

+  async getAllWithStatus(userId: number): Promise<ProjectMemberItem[]> {
+    let projectList: any = await this.find({
+      where: {
+        disabled: false,
+        userId: ENTERPRISE_USER_ID,
+      },
+    })
+    const projectMemberItemList: ProjectMemberItem[] = projectList
+
+    const memberList = await this.projectMemberService.getByUserId(userId);
+
+    const memberMap = memberList.reduce((prev, cur) => {
+      prev[cur.projectId] = cur as any;
+      return prev;
+    }, {} as Record<number, ProjectMemberItem>);
+
+    projectMemberItemList.forEach(item => {
+      if (item.adminId === userId) {
+        item.permission = 'admin';
+        item.status = 'approved';
+        item.memberId = userId
+      } else {
+        const memberItem: any = memberMap[item.id]
+        if (memberItem) {
+          item.permission = memberItem.permission;
+          item.status = memberItem.status;
+          item.memberId = memberItem.userId
+        }
+      }
+    })
+    return projectMemberItemList
+  }
+
+
+  async getDetail(projectId: number, userId?: number): Promise<ProjectMemberItem[]> {
+    const project: any = await this.info(projectId);
+    if (!project) {
+      throw new Error('项目不存在');
+    }
+    if (project.adminId === userId) {
+      project.permission = 'admin';
+      project.status = 'approved';
+      project.memberId = userId
+    } else {
+      const member = await this.projectMemberService.getMember(projectId, userId);
+      if (member) {
+        project.permission = member.permission;
+        project.status = member.status;
+        project.memberId = member.userId
+      }
+    }
+    return project
+  }
+
  async checkAdminPermission({ userId, projectId }: { userId: number, projectId: number }) {
    return await this.checkPermission({
      userId,
@@ -124,36 +184,36 @@ export class ProjectService extends BaseService<ProjectEntity> {

    const cacheKey = `projectPermission:${projectId}:${userId}`
    let savedPermission = projectCache.get(cacheKey);
-    
-    if (!savedPermission){
-        const project = await this.findOne({
-          select: ['id', 'userId', 'adminId', 'disabled'],
-          where: {
-            id: projectId,
-          },
-        });
-        if (!project) {
-          throw new Error('项目不存在');
+
+    if (!savedPermission) {
+      const project = await this.findOne({
+        select: ['id', 'userId', 'adminId', 'disabled'],
+        where: {
+          id: projectId,
+        },
+      });
+      if (!project) {
+        throw new Error('项目不存在');
+      }
+      if (project.adminId === userId) {
+        //创建者拥有管理权限
+        savedPermission = 'admin';
+      } else {
+        if (project.disabled) {
+          throw new Error('项目已禁用');
        }
-        if (project.adminId === userId) {
-          //创建者拥有管理权限
-          savedPermission = 'admin';
-        }else{
-          if (project.disabled) {
-            throw new Error('项目已禁用');
-          } 
-          const member = await this.projectMemberService.getMember(projectId, userId);
-          if (!member) {
-            throw new Error(`用户${userId}不是该项目${projectId}成员`);
-          }
-          savedPermission = member.permission;
+        const member = await this.projectMemberService.getMember(projectId, userId);
+        if (!member || member.status !== 'approved') {
+          throw new Error(`用户${userId}还不是项目${projectId}的成员`);
        }
+        savedPermission = member.permission;
+      }
    }
-    projectCache.set(cacheKey, savedPermission,{ttl:  3 * 60 * 1000});
+    projectCache.set(cacheKey, savedPermission, { ttl: 3 * 60 * 1000 });
    if (!savedPermission) {
      throw new Error(`权限不足，需要${permission}权限`);
    }
-    
+
    if (permission === 'read') {
      return true
    }
@@ -169,4 +229,55 @@ export class ProjectService extends BaseService<ProjectEntity> {
    }
    return true
  }
+
+
+  async applyJoin({ userId, projectId }: { userId: number, projectId: number }) {
+    const project = await this.info(projectId);
+    if (!project) {
+      throw new Error('项目不存在');
+    }
+    if (project.disabled) {
+      throw new Error('项目已禁用');
+    }
+    if (project.adminId === userId) {
+      throw new Error('申请用户已经是该项目的管理员');
+    }
+    const member = await this.projectMemberService.getMember(projectId, userId);
+    if (member && member.status === 'approved') {
+      throw new Error('用户已加入项目');
+    }
+    if (member) {
+      this.projectMemberService.update({
+        id: member.id,
+        status: 'pending',
+      })
+    } else {
+      // 加入项目
+      await this.projectMemberService.add({
+        userId,
+        projectId,
+        permission: 'read',
+        status: 'pending',
+      })
+    }
+  }
+
+  async approveJoin({ userId, projectId, status, permission }: { userId: number, projectId: number, status: string, permission: string }) {
+    const member = await this.projectMemberService.getMember(projectId, userId);
+    if (!member) {
+      throw new Error('找不到用户的申请记录');
+    }
+
+    await this.projectMemberService.update({
+      id: member.id,
+      status: status,
+      permission,
+    })
+  }
+
+   async isAdmin(projectId: number): Promise<boolean> {
+    const project = await this.info(projectId);
+    return project?.isSystem ?? false;
+  }
+
 }
@@ -157,9 +157,7 @@ export class DBBackupPlugin extends AbstractPlusTaskPlugin {
  async onInstance() {}

  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error("只有管理员才能运行此任务");
-    }
+    this.checkAdmin();

    this.logger.info("开始备份数据库");

@@ -32,9 +32,7 @@ export class DeployToCertdPlugin extends AbstractTaskPlugin {
  cert!: CertInfo;
  async onInstance() { }
  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error('只有管理员才能运行此任务');
-    }
+    this.checkAdmin();

    //部署证书
    let crtPath = "ssl/cert.crt";
@@ -17,9 +17,7 @@ import { httpsServer } from '../../modules/auto/https/server.js';
 export class RestartCertdPlugin extends AbstractTaskPlugin {
  async onInstance() {}
  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error('只有管理员才能运行此任务');
-    }
+    this.checkAdmin();
    this.logger.info('Certd https server 将在 3 秒后重启');
    await this.ctx.utils.sleep(3000);
    await httpsServer.restart();
@@ -47,9 +47,7 @@ export class CustomScriptPlugin extends AbstractTaskPlugin {

  async onInstance() {}
  async execute(): Promise<void> {
-    if (!this.isAdmin()) {
-      throw new Error('只有管理员才能运行此任务');
-    }
+    this.checkAdmin();
    this.logger.info('执行自定义脚本:\n', this.script);
    const ctx: CustomScriptContext = {
      CertReader,
@@ -83,6 +83,7 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
      this.logger.info(`[${domainName}]开始部署`)
      const params = await this.buildParams(domainName);
      await this.doRequest(client, params);
+      await this.ctx.utils.sleep(1000);
      this.logger.info(`[${domainName}]部署成功`)
    }

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
xiaojunnuo	3bb29abe32	v1.39.0	2026-03-08 01:17:39 +08:00
xiaojunnuo	ac42d38b7a	build: prepare to build	2026-03-08 01:15:23 +08:00
xiaojunnuo	d9c0130b59	fix: 修复京东云域名申请证书报错的bug	2026-03-08 01:14:33 +08:00
xiaojunnuo	4925d5a5e7	chore: project prerelease	2026-03-08 00:48:29 +08:00
xiaojunnuo	dd9a7cf5d7	chore: project fix	2026-03-05 00:11:08 +08:00
xiaojunnuo	5ee3874b7e	chore: project fix	2026-03-04 23:53:19 +08:00
xiaojunnuo	17dd77cc96	chore: project userid fixed -1	2026-03-04 23:15:48 +08:00
xiaojunnuo	6c546b5290	chore: project finished	2026-03-03 23:31:42 +08:00
xiaojunnuo	a853fc2026	chore: vip tip	2026-03-03 18:25:55 +08:00
xiaojunnuo	92c9ac3826	fix(cert-plugin): 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。	2026-03-03 14:35:50 +08:00
xiaojunnuo	78c2ced43b	fix: 修复dcdn多个域名同时部署时可能会出现证书名称重复的bug	2026-03-03 11:31:52 +08:00
xiaojunnuo	72f850f675	fix: 优化dcdn部署上传多次证书偶尔报 The CertName already exists的问题	2026-03-03 11:29:50 +08:00
xiaojunnuo	bc326489ab	fix: 修复复制流水线保存后丢失分组和排序号的问题	2026-02-28 19:29:13 +08:00
xiaojunnuo	ea5e7d9563	chore: project setting	2026-02-28 18:49:46 +08:00
xiaojunnuo	5b5b48fc06	chore: admin mode setting	2026-02-28 18:30:04 +08:00
xiaojunnuo	1548ba0b8d	chore: project manager	2026-02-28 18:17:53 +08:00
xiaojunnuo	26b1c4244f	chore: project approve	2026-02-28 12:14:38 +08:00
xiaojunnuo	8a4e981931	chore: project detail join approve	2026-02-28 12:13:31 +08:00
xiaojunnuo	6163c3f08e	chore: join project	2026-02-28 00:49:02 +08:00
xiaojunnuo	e17f381b1f	chore: project blank	2026-02-27 23:09:50 +08:00
@@ -1 +1 @@
 :18
 :15