v1.39.0

build: prepare to build
fix: 修复京东云域名申请证书报错的bug
2026-04-24 04:17:25 +08:00 · 2026-03-08 01:17:39 +08:00 · 2026-03-08 01:15:23 +08:00 · 2026-03-08 01:14:33 +08:00 · 2026-03-08 00:48:29 +08:00 · 2026-03-05 00:11:08 +08:00
134 changed files with 1997 additions and 395 deletions
@@ -3,6 +3,34 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+* AI开发插件 skills 定义初步 ([1f68fad](https://github.com/certd/certd/commit/1f68faddb97a978c5a5e731a8895b4bb0587ad83))
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 ### Bug Fixes
@@ -9,5 +9,5 @@
    }
  },
  "npmClient": "pnpm",
-  "version": "1.38.12"
+  "version": "1.39.0"
 }
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/publishlab/node-acme-client/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/acme-client
+
 ## [1.38.12](https://github.com/publishlab/node-acme-client/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/acme-client
@@ -3,7 +3,7 @@
    "description": "Simple and unopinionated ACME client",
    "private": false,
    "author": "nmorsman",
-    "version": "1.38.12",
+    "version": "1.39.0",
    "type": "module",
    "module": "scr/index.js",
    "main": "src/index.js",
@@ -18,7 +18,7 @@
        "types"
    ],
    "dependencies": {
-        "@certd/basic": "^1.38.12",
+        "@certd/basic": "^1.39.0",
        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
        "axios": "^1.9.0",
@@ -3,6 +3,16 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Performance Improvements
+
+* http请求增加建立连接超时配置 ([3c85602](https://github.com/certd/certd/commit/3c85602ab1fc1953cdc06a6cd75a971d14119179))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/basic
@@ -1 +1 @@
-23:18
+01:15
@@ -1,7 +1,7 @@
 {
  "name": "@certd/basic",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/pipeline
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/pipeline
@@ -1,7 +1,7 @@
 {
  "name": "@certd/pipeline",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -18,8 +18,8 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/basic": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "dayjs": "^1.11.7",
    "lodash-es": "^4.17.21",
    "reflect-metadata": "^0.1.13"
@@ -170,9 +170,7 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
    }

    if (this.ctx?.define?.onlyAdmin) {
-      if (!this.isAdmin()) {
-        throw new Error("只有管理员才能运行此任务");
-      }
+      this.checkAdmin();
    }
  }

@@ -284,6 +282,12 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
    return this.ctx.user.role === "admin";
  }

+  checkAdmin() {
+    if (!this.isAdmin()) {
+      throw new Error("只有“管理员”或“系统级项目”才有权限运行此插件任务");
+    }
+  }
+
  getStepFromPipeline(stepId: string) {
    let found: any = null;
    RunnableCollection.each(this.ctx.pipeline.stages, step => {
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-huawei
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-huawei
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-huawei",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
  "types": "./dist/d/index.d.ts",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-iframe
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-iframe
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-iframe",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/jdcloud
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/jdcloud
@@ -1,6 +1,6 @@
 {
  "name": "@certd/jdcloud",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "jdcloud openApi sdk",
  "main": "./dist/bundle.js",
  "module": "./dist/bundle.js",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/lib-k8s
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-k8s
@@ -1,7 +1,7 @@
 {
  "name": "@certd/lib-k8s",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "module": "./dist/index.js",
@@ -17,7 +17,7 @@
    "pub": "npm publish"
  },
  "dependencies": {
-    "@certd/basic": "^1.38.12",
+    "@certd/basic": "^1.39.0",
    "@kubernetes/client-node": "0.21.0"
  },
  "devDependencies": {
@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Performance Improvements
+
+* 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致 ([51ab6d6](https://github.com/certd/certd/commit/51ab6d6da1bb551b55b3a6a4a9a945c8d6ace806))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/lib-server
@@ -1,6 +1,6 @@
 {
  "name": "@certd/lib-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -28,11 +28,11 @@
  ],
  "license": "AGPL",
  "dependencies": {
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@midwayjs/cache": "3.14.0",
    "@midwayjs/core": "3.20.11",
    "@midwayjs/i18n": "3.20.13",
@@ -34,7 +34,7 @@ export abstract class BaseController {
  fail(msg: string, code?: any) {
    return {
      code: code ? code : Constants.res.error.code,
-      msg: msg ? msg : Constants.res.error.code,
+      message: msg ? msg : Constants.res.error.code,
    };
  }

@@ -69,10 +69,8 @@ export abstract class BaseController {
    if (!projectIdStr){
      projectIdStr = this.ctx.request.query["projectId"] as string;
    }
-    if (!projectIdStr){
-      return null
-    }
    if (!projectIdStr) {
+      //这里必须抛异常，否则可能会有权限问题
      throw new Error("projectId 不能为空")
    }
    const userId = this.getUserId()
@@ -85,7 +83,7 @@ export abstract class BaseController {
    let userId = this.getUserId()
    const projectId = await this.getProjectId(permission)
    if(projectId){
-      userId = 0
+      userId = -1 // 企业管理模式下，用户id固定-1
    }
    return {
      projectId,userId
@@ -120,7 +118,7 @@ export abstract class BaseController {
      if(allowAdmin){
        await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
      }else{
-        await authService.checkUserId(this.ctx, service, id);
+        await authService.checkUserId( service, id, userId);
      }
    }
    return {projectId,userId}
@@ -258,12 +258,12 @@ export abstract class BaseService<T> {

 export function checkUserProjectParam(userId: number, projectId: number) {
  if (projectId != null ){
-    if( userId !==0) {
+    if( userId !==-1) {
      throw new ValidateException('userId projectId 错误');
    }
    return true
  }else{
-    if( userId > 0) {
+    if( userId != null) {
      return true
    }
     throw new ValidateException('userId不能为空');
@@ -4,7 +4,7 @@
 export class BaseException extends Error {
  code: number;
  data?:any
-  constructor(name, code, message,data?:any) {
+  constructor(name: string, code: number, message: string ,data?:any) {
    super(message);
    this.name = name;
    this.code = code;
@@ -1,19 +1,19 @@
 export class Result<T> {
  code: number;
-  msg: string;
+  message: string;
  data: T;

-  constructor(code, msg, data?) {
+  constructor(code, message, data?) {
    this.code = code;
-    this.msg = msg;
+    this.message = message;
    this.data = data;
  }

-  static error(code = 1, msg, data?: any) {
-    return new Result(code, msg, data);
+  static error(code = 1, message, data?: any) {
+    return new Result(code, message, data);
  }

-  static success(msg, data?) {
-    return new Result(0, msg, data);
+  static success(message, data?) {
+    return new Result(0, message, data);
  }
 }
@@ -8,7 +8,7 @@ export class AccessEntity {
  @PrimaryGeneratedColumn()
  id: number;
  @Column({ name: 'user_id', comment: '用户id' })
-  userId: number;
+  userId: number; // 0为系统级别, -1为企业，大于1为用户
  @Column({ comment: '名称', length: 100 })
  name: string;

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/midway-flyway-js
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/midway-flyway-js
@@ -1,6 +1,6 @@
 {
  "name": "@certd/midway-flyway-js",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "midway with flyway, sql upgrade way ",
  "private": false,
  "type": "module",
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-cert
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/plugin-cert
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-cert",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
    "compile": "tsc --skipLibCheck --watch"
  },
  "dependencies": {
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
    "psl": "^1.9.0",
    "punycode.js": "^2.3.1"
  },
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+**Note:** Version bump only for package @certd/plugin-lib
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/plugin-lib
@@ -1,7 +1,7 @@
 {
  "name": "@certd/plugin-lib",
  "private": false,
-  "version": "1.38.12",
+  "version": "1.39.0",
  "type": "module",
  "main": "./dist/index.js",
  "types": "./dist/index.d.ts",
@@ -22,10 +22,10 @@
    "@alicloud/pop-core": "^1.7.10",
    "@alicloud/tea-util": "^1.4.11",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@kubernetes/client-node": "0.21.0",
    "ali-oss": "^6.22.0",
    "basic-ftp": "^5.0.5",
@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复发件邮箱无法输入的bug ([27b0348](https://github.com/certd/certd/commit/27b0348e1d3d752f418f851965d6afbc26c0160c))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复获取群辉deviceid报错的bug ([79be392](https://github.com/certd/certd/commit/79be392775a2c91848dd5a66a2618adc4e4b48f6))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 当域名管理中没有域名时，创建流水线时不展开域名选择框 ([bb0afe1](https://github.com/certd/certd/commit/bb0afe1fa7b0fc52fde051d24fbe6be69d52f4cc))
+* 任务步骤页面增加串行执行提示说明 ([787f6ef](https://github.com/certd/certd/commit/787f6ef52893d8dc912ee2a7a5b8ce2b73c108c9))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 ### Bug Fixes
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-client",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "private": true,
  "scripts": {
    "dev": "vite --open",
@@ -106,8 +106,8 @@
    "zod-defaults": "^0.1.3"
  },
  "devDependencies": {
-    "@certd/lib-iframe": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
+    "@certd/lib-iframe": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
    "@rollup/plugin-commonjs": "^25.0.7",
    "@rollup/plugin-node-resolve": "^15.2.3",
    "@types/chai": "^4.3.12",
@@ -136,27 +136,29 @@ function createService() {
 */
 function createRequestFunction(service: any) {
  return function (config: any) {
-    const configDefault = {
+    const configDefault: any = {
      headers: {
        "Content-Type": get(config, "headers.Content-Type", "application/json"),
      } as any,
      timeout: 30000,
      baseURL: env.API,
      data: {},
+      params: {},
    };
    const projectStore = useProjectStore();

-    if (projectStore.isEnterprise && !config.url.startsWith("/sys") && !config.url.startsWith("http")) {
-      configDefault.headers["project-id"] = projectStore.currentProjectId;
-    }
-
    const userStore = useUserStore();
    const token = userStore.getToken;
    if (token != null) {
      // @ts-ignore
      configDefault.headers.Authorization = token;
    }
-    return service(Object.assign(configDefault, config));
+    Object.assign(configDefault, config);
+
+    if (!configDefault.params.projectId && projectStore.isEnterprise && !config.url.startsWith("/sys") && !config.url.startsWith("http")) {
+      configDefault.params.projectId = projectStore.currentProject?.id;
+    }
+    return service(configDefault);
  };
 }

@@ -19,30 +19,30 @@ export function parse(jsonString = "{}", defaultValue = {}) {
 /**
 * @description 接口请求返回
 * @param {Any} data 返回值
- * @param {String} msg 状态信息
+ * @param {String} message 状态信息
 * @param {Number} code 状态码
 */
-export function response(data = {}, msg = "", code = 0) {
-  return [200, { code, msg, data }];
+export function response(data = {}, message = "", code = 0) {
+  return [200, { code, message, data }];
 }

 /**
 * @description 接口请求返回 正确返回
 * @param {Any} data 返回值
- * @param {String} msg 状态信息
+ * @param {String} message 状态信息
 */
-export function responseSuccess(data = {}, msg = "成功") {
-  return response(data, msg);
+export function responseSuccess(data = {}, message = "成功") {
+  return response(data, message);
 }

 /**
 * @description 接口请求返回 错误返回
 * @param {Any} data 返回值
- * @param {String} msg 状态信息
+ * @param {String} message 状态信息
 * @param {Number} code 状态码
 */
-export function responseError(data = {}, msg = "请求失败", code = 500) {
-  return response(data, msg, code);
+export function responseError(data = {}, message = "请求失败", code = 500) {
+  return response(data, message, code);
 }

 /**
@@ -17,6 +17,8 @@ import NotificationSelector from "../views/certd/notification/notification-selec
 import EmailSelector from "./email-selector/index.vue";
 import ValidTimeFormat from "./valid-time-format.vue";
 import ProjectSelector from "./project-selector/index.vue";
+import ProjectCurrent from "./project-selector/project-current.vue";
+
 export default {
  install(app: any) {
    app.component(
@@ -47,5 +49,6 @@ export default {
    app.use(vip);
    app.use(Plugins);
    app.component("ProjectSelector", ProjectSelector);
+    app.component("ProjectCurrent", ProjectCurrent);
  },
 };
@@ -3,34 +3,57 @@
    <template #overlay>
      <a-menu @click="handleMenuClick">
        <a-menu-item v-for="item in projectStore.myProjects" :key="item.id">
-          {{ item.name }}
+          <div class="flex items-center justify-between w-full">
+            <span class="mr-1">{{ item.name }}</span>
+            <fs-values-format :model-value="item.permission" :dict="projectPermissionDict"></fs-values-format>
+          </div>
+        </a-menu-item>
+        <a-menu-item key="join">
+          <div class="flex items-center w-full">
+            <fs-icon icon="ion:add" class="mr-1"></fs-icon>
+            <span>加入其他项目</span>
+          </div>
        </a-menu-item>
      </a-menu>
    </template>
    <div class="rounded pl-3 pr-3 px-2 py-1 flex-center flex pointer items-center bg-accent h-10 button-text" title="当前项目">
-      <fs-icon icon="ion:apps" class="mr-1"></fs-icon>
+      <!-- <fs-icon icon="ion:apps" class="mr-1"></fs-icon> -->
      当前项目：{{ projectStore.currentProject?.name || "..." }}
-      <fs-icon icon="ion:chevron-down-outline" class="ml-1"></fs-icon>
+      <fs-icon :icon="currentIcon" class="ml-5"></fs-icon>
    </div>
  </a-dropdown>
 </template>

 <script lang="ts" setup>
-import { onMounted } from "vue";
+import { computed, onMounted } from "vue";
 import { useProjectStore } from "/@/store/project";
+import { useDicts } from "/@/views/certd/dicts";
+import { useRouter } from "vue-router";
 defineOptions({
  name: "ProjectSelector",
 });

 const projectStore = useProjectStore();
 onMounted(async () => {
-  await projectStore.reload();
+  await projectStore.init();
+  console.log(projectStore.myProjects);
 });

+const router = useRouter();
 function handleMenuClick({ key }: any) {
+  if (key === "join") {
+    router.push("/certd/project/join");
+    return;
+  }
+
  projectStore.changeCurrentProject(key);
  window.location.reload();
 }
+const { projectPermissionDict } = useDicts();
+
+const currentIcon = computed(() => {
+  return projectPermissionDict.dataMap[projectStore.currentProject?.permission || ""]?.icon || "";
+});
 </script>
 <style lang="less">
 .project-selector {
@@ -0,0 +1,28 @@
+<template>
+  <a-tag color="green" class="flex-center flex pointer items-center button-text" title="当前项目">
+    <!-- <fs-icon icon="ion:apps" class="mr-1"></fs-icon> -->
+    当前项目：{{ projectStore.currentProject?.name || "..." }}
+    <fs-icon :icon="currentIcon" class="ml-5"></fs-icon>
+  </a-tag>
+</template>
+
+<script lang="ts" setup>
+import { computed, onMounted } from "vue";
+import { useProjectStore } from "/@/store/project";
+import { useDicts } from "/@/views/certd/dicts";
+defineOptions({
+  name: "ProjectCurrent",
+});
+
+const projectStore = useProjectStore();
+// onMounted(async () => {
+//   await projectStore.reload();
+// });
+
+const { projectPermissionDict } = useDicts();
+
+const currentIcon = computed(() => {
+  return projectPermissionDict.dataMap[projectStore.currentProject?.permission || ""]?.icon || "";
+});
+</script>
+<style lang="less"></style>
@@ -218,6 +218,9 @@ export default {
    projectUserManager: "Project User Management",
    myProjectManager: "My Projects",
    myProjectDetail: "Project Detail",
+    projectJoin: "Join Project",
+    currentProject: "Current Project",
+    projectMemberManager: "Project Member",
  },
  certificateRepo: {
    title: "Certificate Repository",
@@ -819,6 +822,28 @@ export default {
      write: "Write",
      admin: "Admin",
    },
+    projectMemberStatus: "Member Status",
+
+    isSystem: "Is System Project",
+    isSystemHelper: "System-level projects allow running admin plugins",
+  },
+  project: {
+    noProjectJoined: "You haven't joined any projects yet",
+    applyToJoin: "Please apply to join a project to start using",
+    systemProjects: "System Project List",
+    createdAt: "Created At",
+    applyJoin: "Apply to Join",
+    noSystemProjects: "No system projects available",
+    fetchFailed: "Failed to fetch project list",
+    applySuccess: "Application successful, waiting for admin approval",
+    applyFailed: "Application failed, please try again later",
+    leave: "Leave Project",
+    leaveSuccess: "Leave project successful",
+    leaveFailed: "Leave project failed, please try again later",
+    applyJoinConfirm: "Are you sure you want to apply to join this project?",
+    leaveConfirm: "Are you sure you want to leave this project?",
+    viewDetail: "View Detail",
+    projectManage: "Project Manage",
  },
  addonSelector: {
    select: "Select",
@@ -220,10 +220,12 @@ export default {
    netTest: "网络测试",
    enterpriseManager: "企业管理设置",
    projectManager: "项目管理",
-    projectDetail: "项目详情",
    enterpriseSetting: "企业设置",
    myProjectManager: "我的项目",
    myProjectDetail: "项目详情",
+    projectJoin: "加入项目",
+    currentProject: "当前项目",
+    projectMemberManager: "项目成员管理",
  },
  certificateRepo: {
    title: "证书仓库",
@@ -831,9 +833,31 @@ export default {
    projectDetailDescription: "管理项目成员",
    projectPermission: "权限",
    permission: {
-      read: "读取",
-      write: "写入",
+      read: "查看",
+      write: "修改",
      admin: "管理员",
    },
+    projectMemberStatus: "成员状态",
+
+    isSystem: "是否系统项目",
+    isSystemHelper: "系统级项目允许运行管理员插件",
+  },
+  project: {
+    noProjectJoined: "您还没有加入任何项目",
+    applyToJoin: "请申请加入项目以开始使用",
+    projectList: "项目列表",
+    createdAt: "创建时间",
+    applyJoin: "申请加入",
+    noProjects: "暂无项目",
+    fetchFailed: "获取项目列表失败",
+    applySuccess: "申请成功，等待管理员审核",
+    applyFailed: "申请失败，请稍后重试",
+    leave: "退出项目",
+    leaveSuccess: "退出项目成功",
+    leaveFailed: "退出项目失败，请稍后重试",
+    applyJoinConfirm: "确认加入项目？",
+    leaveConfirm: "确认退出项目？",
+    viewDetail: "查看详情",
+    projectManage: "项目管理",
  },
 };
@@ -55,7 +55,7 @@ export default {
  email_webhook_notifications: "邮件、webhook通知方式",

  professional_edition: "专业版",
-  open_source_support: "开源需要您的赞助支持",
+  open_source_support: "开源需要您的赞助支持，个人和企业内部使用",
  vip_group_priority: "可加VIP群，您的需求将优先实现",
  unlimited_site_certificate_monitoring: "站点证书监控无限制",
  more_notification_methods: "更多通知方式",
@@ -66,13 +66,13 @@ export default {
  get_after_support: "立即赞助",

  business_edition: "商业版",
-  commercial_license: "商业授权，可对外运营",
+  commercial_license: "商业授权，可对外运营，提供SaaS服务",
  all_pro_privileges: "拥有专业版所有特权",
  allow_commercial_use_modify_logo_title: "允许商用，可修改logo、标题",
  data_statistics: "数据统计",
  plugin_management: "插件管理",
  unlimited_multi_users: "多用户无限制",
-  support_user_payment: "支持用户支付",
+  support_user_payment: "支持用户支付（购买套餐，按流水线条数、域名数量、部署次数计费）",
  activate: "激活",
  get_pro_code_after_support: "前往获取",
  business_contact_author: "",
@@ -123,7 +123,6 @@ function install(app: App, options: any = {}) {
              if (scope.key === "__blank__") {
                return false;
              }
-
              //不能用 !scope.value ， 否则switch组件设置为关之后就消失了
              const { value, key, props } = scope;
              return !value && key != "_index" && value != false && value != 0;
@@ -8,6 +8,7 @@ export type UseCrudPermissionExtraProps = {
 export type UseCrudPermissionExtra = (props: UseCrudPermissionExtraProps) => any;
 export type UseCrudPermissionCompProps = {
  isProjectPermission?: boolean;
+  projectPermission?: string;
  prefix?: string;
  extra?: UseCrudPermissionExtra;
  [key: string]: any;
@@ -69,17 +70,17 @@ export function useCrudPermission({ permission }: UseCrudPermissionProps) {

    let addPermission = "add";
    if (isProjectPermission) {
-      addPermission = "write";
+      addPermission = per.projectPermission || "write";
    }

    let editPermission = "edit";
    if (isProjectPermission) {
-      editPermission = "write";
+      editPermission = per.projectPermission || "write";
    }

    let removePermission = "remove";
    if (isProjectPermission) {
-      removePermission = "write";
+      removePermission = per.projectPermission || "write";
    }
    return LodashMerge(
      {
@@ -93,6 +94,7 @@ export function useCrudPermission({ permission }: UseCrudPermissionProps) {
            edit: { show: hasActionPermission(editPermission) },
            remove: { show: hasActionPermission(removePermission) },
            view: { show: hasActionPermission(viewPermission) },
+            copy: { show: hasActionPermission(addPermission) },
          },
        },
      },
@@ -9,6 +9,9 @@ import { useSettingStore } from "/@/store/settings";
 import { usePermissionStore } from "/@/plugin/permission/store.permission";
 import util from "/@/plugin/permission/util.permission";
 import { useUserStore } from "/@/store/user";
+import { useProjectStore } from "../store/project";
+export const PROJECT_PATH_PREFIX = "/certd/project";
+export const SYS_PATH_PREFIX = "/sys";

 function buildAccessedMenus(menus: any) {
  if (menus == null) {
@@ -124,6 +127,20 @@ function setupAccessGuard(router: Router) {
        };
      }
      return true;
+    } else {
+      // 如果是项目模式
+      const projectStore = useProjectStore();
+      if (projectStore.isEnterprise) {
+        //加载我的项目
+        await projectStore.init();
+        if (!projectStore.currentProject && !to.path.startsWith(PROJECT_PATH_PREFIX) && !to.path.startsWith(SYS_PATH_PREFIX)) {
+          //没有项目
+          return {
+            path: `${PROJECT_PATH_PREFIX}/join`,
+            replace: true,
+          };
+        }
+      }
    }
  });
 }
@@ -1,7 +1,5 @@
-import { useSettingStore } from "/@/store/settings";
-import aboutResource from "/@/router/source/modules/about";
-import i18n from "/@/locales/i18n";
 import { useProjectStore } from "/@/store/project";
+import { useSettingStore } from "/@/store/settings";

 export const certdResources = [
  {
@@ -25,21 +23,22 @@ export const certdResources = [
            const projectStore = useProjectStore();
            return projectStore.isEnterprise;
          },
+          isMenu: false,
          icon: "ion:apps",
-          permission: "sys:settings:edit",
          keepAlive: true,
+          auth: true,
        },
      },
      {
-        title: "certd.sysResources.myProjectDetail",
-        name: "MyProjectDetail",
-        path: "/certd/project/detail",
-        component: "/certd/project/detail/index.vue",
+        title: "certd.sysResources.projectJoin",
+        name: "ProjectJoin",
+        path: "/certd/project/join",
+        component: "/certd/project/join.vue",
        meta: {
          isMenu: false,
          show: true,
          icon: "ion:apps",
-          permission: "sys:settings:edit",
+          auth: true,
        },
      },
      {
@@ -50,6 +49,7 @@ export const certdResources = [
        meta: {
          icon: "ion:analytics-sharp",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -59,6 +59,7 @@ export const certdResources = [
        component: "/certd/pipeline/detail.vue",
        meta: {
          isMenu: false,
+          auth: true,
        },
      },
      {
@@ -69,6 +70,7 @@ export const certdResources = [
        meta: {
          icon: "ion:timer-outline",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -79,6 +81,7 @@ export const certdResources = [
        meta: {
          isMenu: true,
          icon: "ion:duplicate-outline",
+          auth: true,
        },
      },
      {
@@ -88,6 +91,7 @@ export const certdResources = [
        component: "/certd/pipeline/template/edit.vue",
        meta: {
          isMenu: false,
+          auth: true,
        },
      },
      {
@@ -97,6 +101,7 @@ export const certdResources = [
        component: "/certd/pipeline/template/import/index.vue",
        meta: {
          isMenu: false,
+          auth: true,
        },
      },
      {
@@ -241,6 +246,10 @@ export const certdResources = [
              icon: "mi:user-check",
              auth: true,
              isMenu: true,
+              show: () => {
+                const projectStore = useProjectStore();
+                return !projectStore.isEnterprise;
+              },
            },
          },
          {
@@ -254,6 +263,21 @@ export const certdResources = [
              isMenu: false,
            },
          },
+          {
+            title: "certd.sysResources.projectMemberManager",
+            name: "ProjectMemberManager",
+            path: "/certd/project/detail",
+            component: "/certd/project/detail/index.vue",
+            meta: {
+              show: () => {
+                const projectStore = useProjectStore();
+                return projectStore.isEnterprise;
+              },
+              isMenu: true,
+              icon: "ion:apps",
+              auth: true,
+            },
+          },
        ],
      },
      {
@@ -1,7 +1,4 @@
-import LayoutPass from "/@/layout/layout-pass.vue";
 import { useSettingStore } from "/@/store/settings";
-import aboutResource from "/@/router/source/modules/about";
-import i18n from "/@/locales/i18n";

 export const sysResources = [
  {
@@ -13,6 +10,7 @@ export const sysResources = [
      icon: "ion:settings-outline",
      permission: "sys:settings:view",
      order: 10,
+      auth: true,
    },
    children: [
      {
@@ -27,6 +25,7 @@ export const sysResources = [
          },
          icon: "ion:speedometer-outline",
          permission: "sys:auth:user:view",
+          auth: true,
        },
      },

@@ -38,6 +37,7 @@ export const sysResources = [
        meta: {
          icon: "ion:settings-outline",
          permission: "sys:settings:view",
+          auth: true,
        },
      },
      {
@@ -47,6 +47,7 @@ export const sysResources = [
        component: "/sys/enterprise/project/index.vue",
        meta: {
          show: true,
+          auth: true,
          icon: "ion:apps",
          permission: "sys:settings:edit",
          keepAlive: true,
@@ -60,6 +61,7 @@ export const sysResources = [
        meta: {
          isMenu: false,
          show: true,
+          auth: true,
          icon: "ion:apps",
          permission: "sys:settings:edit",
        },
@@ -73,6 +75,7 @@ export const sysResources = [
          icon: "ion:earth-outline",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -96,6 +99,7 @@ export const sysResources = [
            const settingStore = useSettingStore();
            return settingStore.isComm;
          },
+          auth: true,
          icon: "ion:document-text-outline",
          permission: "sys:settings:view",
        },
@@ -110,6 +114,7 @@ export const sysResources = [
            const settingStore = useSettingStore();
            return settingStore.isComm;
          },
+          auth: true,
          icon: "ion:menu",
          permission: "sys:settings:view",
          keepAlive: true,
@@ -125,6 +130,7 @@ export const sysResources = [
            const settingStore = useSettingStore();
            return settingStore.isComm;
          },
+          auth: true,
          icon: "ion:disc-outline",
          permission: "sys:settings:view",
          keepAlive: true,
@@ -139,6 +145,7 @@ export const sysResources = [
          icon: "ion:extension-puzzle-outline",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -151,6 +158,7 @@ export const sysResources = [
          icon: "ion:extension-puzzle",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -165,6 +173,7 @@ export const sysResources = [
          },
          icon: "ion:extension-puzzle",
          permission: "sys:settings:view",
+          auth: true,
        },
      },
      {
@@ -176,6 +185,7 @@ export const sysResources = [
          icon: "ion:golf-outline",
          permission: "sys:settings:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -187,6 +197,7 @@ export const sysResources = [
          icon: "ion:list-outline",
          permission: "sys:auth:per:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -198,6 +209,7 @@ export const sysResources = [
          icon: "ion:people-outline",
          permission: "sys:auth:role:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -209,6 +221,7 @@ export const sysResources = [
          icon: "ion:person-outline",
          permission: "sys:auth:user:view",
          keepAlive: true,
+          auth: true,
        },
      },
      {
@@ -224,6 +237,7 @@ export const sysResources = [
            return settingStore.isComm;
          },
          keepAlive: true,
+          auth: true,
        },
        children: [
          {
@@ -238,6 +252,7 @@ export const sysResources = [
              },
              icon: "ion:cart",
              permission: "sys:settings:edit",
+              auth: true,
            },
          },
          {
@@ -253,6 +268,7 @@ export const sysResources = [
              icon: "ion:bag-check",
              permission: "sys:settings:edit",
              keepAlive: true,
+              auth: true,
            },
          },
          {
@@ -4,6 +4,7 @@ import { message } from "ant-design-vue";
 import { computed, ref } from "vue";
 import { useSettingStore } from "../settings";
 import { LocalStorage } from "/@/utils/util.storage";
+import { useUserStore } from "../user";

 export type ProjectItem = {
  id: string;
@@ -13,7 +14,11 @@ export type ProjectItem = {

 export const useProjectStore = defineStore("app.project", () => {
  const myProjects = ref([]);
-  const lastProjectId = LocalStorage.get("currentProjectId");
+  const inited = ref(false);
+  const userStore = useUserStore();
+  const userId = userStore.getUserInfo?.id;
+  const lastProjectIdCacheKey = "currentProjectId:" + userId;
+  const lastProjectId = LocalStorage.get(lastProjectIdCacheKey);
  const currentProjectId = ref(lastProjectId); // 直接调用

  const projects = computed(() => {
@@ -59,20 +64,21 @@ export const useProjectStore = defineStore("app.project", () => {

  function changeCurrentProject(id: string, silent?: boolean) {
    currentProjectId.value = id;
-    LocalStorage.set("currentProjectId", id);
+    LocalStorage.set(lastProjectIdCacheKey, id);
    if (!silent) {
      message.success("切换项目成功");
    }
  }

  async function reload() {
-    const projects = await api.MyProjectList();
-    myProjects.value = projects;
+    inited.value = false;
+    await init();
  }

  async function init() {
-    if (!myProjects.value) {
-      await reload();
+    if (!inited.value) {
+      await loadMyProjects();
+      inited.value = true;
    }
    return myProjects.value;
  }
@@ -143,7 +143,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            order: 10,
          },
          valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
          },
        },
        ...commonColumnsDefine,
@@ -121,7 +121,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            order: 10,
          },
          valueBuilder: ({ row, key, value }) => {
-            row[key] = row.userId > 0 ? "user" : "sys";
+            row[key] = row.userId != 0 ? "user" : "sys";
          },
        },
        ...commonColumnsDefine,
@@ -22,7 +22,10 @@ export default defineComponent({
  setup() {
    const api = createAddonApi({ from: "user", addonType: "" });
    addonProvide(api);
-    const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { api } });
+    const { crudBinding, crudRef, crudExpose } = useFs({
+      createCrudOptions,
+      context: { api, permission: { isProjectPermission: true } },
+    });

    // 页面打开后获取列表数据
    onMounted(() => {
@@ -18,7 +18,12 @@ import createCrudOptions from "./crud";
 export default defineComponent({
  name: "BasicGroupManager",
  setup() {
-    const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: {} });
+    const { crudBinding, crudRef, crudExpose } = useFs({
+      createCrudOptions,
+      context: {
+        permission: { isProjectPermission: true },
+      },
+    });

    // 页面打开后获取列表数据
    onMounted(() => {
@@ -8,6 +8,7 @@ import { useSettingStore } from "/@/store/settings";
 import { message, Modal } from "ant-design-vue";
 import CnameTip from "/@/components/plugins/cert/domains-verify-plan-editor/cname-tip.vue";
 import { useCnameImport } from "./use";
+import { useCrudPermission } from "/@/plugin/permission";
 export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const crudBinding = crudExpose.crudBinding;
  const router = useRouter();
@@ -45,6 +46,8 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
      { label: t("certd.validation_timed_out"), value: "timeout", color: "red" },
    ],
  });
+
+  const { hasActionPermission } = useCrudPermission(context);
  return {
    crudOptions: {
      settings: {
@@ -75,6 +78,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            icon: "ion:add-circle-outline",
          },
          import: {
+            show: hasActionPermission("write"),
            title: "导入CNAME记录",
            type: "primary",
            text: "批量导入",
@@ -12,7 +12,7 @@
    </template>
    <fs-crud ref="crudRef" v-bind="crudBinding">
      <template #pagination-left>
-        <a-tooltip :title="t('certd.batch_delete')">
+        <a-tooltip v-if="hasActionPermission('write')" :title="t('certd.batch_delete')">
          <fs-button icon="DeleteOutlined" @click="handleBatchDelete"></fs-button>
        </a-tooltip>
      </template>
@@ -27,13 +27,20 @@ import createCrudOptions from "./crud";
 import { message, Modal } from "ant-design-vue";
 import { DeleteBatch } from "./api";
 import { useI18n } from "/src/locales";
+import { useCrudPermission } from "/@/plugin/permission";

 const { t } = useI18n();

 defineOptions({
  name: "CnameRecord",
 });
-const { crudBinding, crudRef, crudExpose, context } = useFs({ createCrudOptions });
+
+const context: any = {
+  permission: { isProjectPermission: true },
+};
+
+const { hasActionPermission } = useCrudPermission(context);
+const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });

 const selectedRowKeys = context.selectedRowKeys;
 const handleBatchDelete = () => {
@@ -1,19 +1,49 @@
 import { dict } from "@fast-crud/fast-crud";
 import { GetMyProjectList } from "./project/api";
+import { request } from "/@/api/service";

 const projectPermissionDict = dict({
  data: [
    {
-      label: "read",
-      value: "只读",
+      value: "read",
+      label: "查看",
+      color: "cyan",
+      icon: "material-symbols:folder-eye-outline-sharp",
    },
    {
-      label: "write",
-      value: "读写",
+      value: "write",
+      label: "修改",
+      color: "green",
+      icon: "material-symbols:edit-square-outline-rounded",
    },
    {
-      label: "admin",
-      value: "管理员",
+      value: "admin",
+      label: "管理员",
+      color: "orange",
+      icon: "material-symbols:manage-accounts-rounded",
+    },
+  ],
+});
+
+const projectMemberStatusDict = dict({
+  data: [
+    {
+      value: "pending",
+      label: "待审核",
+      color: "orange",
+      icon: "material-symbols:hourglass-top",
+    },
+    {
+      value: "approved",
+      label: "已加入",
+      color: "green",
+      icon: "material-symbols:done-all",
+    },
+    {
+      value: "rejected",
+      label: "已拒绝",
+      color: "red",
+      icon: "material-symbols:close",
    },
  ],
 });
@@ -36,8 +66,16 @@ const myProjectDict = dict({
 });

 const userDict = dict({
-  url: "/sys/authority/user/getSimpleUsers",
+  url: "/basic/user/getSimpleUsers",
  value: "id",
+  getData: async () => {
+    const res = await request({
+      url: "/basic/user/getSimpleUsers",
+      method: "POST",
+    });
+    return res;
+  },
+  immediate: false,
  onReady: ({ dict }) => {
    for (const item of dict.data) {
      item.label = item.nickName || item.username || item.phoneCode + item.mobile;
@@ -50,5 +88,6 @@ export function useDicts() {
    projectPermissionDict,
    myProjectDict,
    userDict,
+    projectMemberStatusDict,
  };
 }
@@ -5,7 +5,7 @@
    </template>
    <fs-crud ref="crudRef" v-bind="crudBinding">
      <template #pagination-left>
-        <a-tooltip :title="t('certd.batchDelete')">
+        <a-tooltip v-if="hasActionPermission('write')" :title="t('certd.batchDelete')">
          <fs-button icon="DeleteOutlined" @click="handleBatchDelete"></fs-button>
        </a-tooltip>
      </template>
@@ -20,13 +20,20 @@ import createCrudOptions from "./crud";
 import { message, Modal } from "ant-design-vue";
 import { DeleteBatch } from "./api";
 import { useI18n } from "/src/locales";
+import { useCrudPermission } from "/@/plugin/permission";

 const { t } = useI18n();

 defineOptions({
  name: "PipelineHistory",
 });
-const { crudBinding, crudRef, crudExpose, context } = useFs({ createCrudOptions });
+
+const context: any = {
+  permission: { isProjectPermission: true },
+};
+
+const { hasActionPermission } = useCrudPermission(context);
+const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });

 const selectedRowKeys = context.selectedRowKeys;
 const handleBatchDelete = () => {
@@ -12,6 +12,7 @@ import { useCertUpload } from "/@/views/certd/pipeline/cert-upload/use";
 import { useSettingStore } from "/@/store/settings";
 import { useProjectStore } from "/@/store/project";
 import { useDicts } from "../../dicts";
+import { useUserStore } from "/@/store/user";

 export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const { t } = useI18n();
@@ -39,6 +40,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const { myProjectDict } = useDicts();
  const settingStore = useSettingStore();
  const projectStore = useProjectStore();
+  const userStore = useUserStore();
  const model = useModal();
  const viewCert = async (row: any) => {
    const cert = await api.GetCert(row.id);
@@ -140,7 +142,12 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
                notification.error({ message: t("certd.certificateNotGenerated") });
                return;
              }
-              window.open("/api/monitor/cert/download?id=" + row.id);
+              let url = "/api/monitor/cert/download?id=" + row.id;
+              if (projectStore.isEnterprise) {
+                url += `&projectId=${projectStore.currentProject?.id}`;
+              }
+              url += `&token=${userStore.getToken}`;
+              window.open(url);
            },
          },
        },
@@ -21,7 +21,7 @@ const { t } = useI18n();
 defineOptions({
  name: "CertStore",
 });
-const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: {} });
+const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { permission: { isProjectPermission: true } } });

 // 页面打开后获取列表数据
 onMounted(() => {
@@ -734,7 +734,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            }),
          },
          column: {
-            width: 100,
+            width: 140,
            sorter: true,
            align: "center",
          },
@@ -757,7 +757,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            helper: t("monitor.ipSyncModeHelper"),
          },
          column: {
-            width: 100,
+            width: 140,
            sorter: true,
            align: "center",
          },
@@ -779,7 +779,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            helper: t("monitor.ipIgnoreCoherenceHelper"),
          },
          column: {
-            width: 100,
+            width: 180,
            sorter: true,
            align: "center",
          },
@@ -37,7 +37,7 @@
          <div class="helper">{{ t("monitor.setting.cronTrigger") }}</div>
        </a-form-item>
        <a-form-item label=" " :colon="false" :wrapper-col="{ span: 16 }">
-          <loading-button type="primary" html-type="button" :click="doSave">{{ t("certd.save") }}</loading-button>
+          <loading-button type="primary" html-type="button" :click="doSave" :disabled="!hasActionPermission('write')">{{ t("certd.save") }}</loading-button>
        </a-form-item>
      </a-form>
    </div>
@@ -55,6 +55,7 @@ import { utils } from "/@/utils";
 import NotificationSelector from "/@/views/certd/notification/notification-selector/index.vue";
 import { useI18n } from "/src/locales";
 import { useSettingStore } from "/src/store/settings";
+import { useCrudPermission } from "/@/plugin/permission";

 const { t } = useI18n();

@@ -73,6 +74,8 @@ async function loadUserSettings() {
  merge(formState, data);
 }

+const { hasActionPermission } = useCrudPermission({ permission: { isProjectPermission: true } });
+
 loadUserSettings();
 const doSave = async (form: any) => {
  await utils.sleep(300);
@@ -22,7 +22,7 @@ export default defineComponent({
  setup() {
    const api = createNotificationApi();
    notificationProvide(api);
-    const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { api } });
+    const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { api, permission: { isProjectPermission: true } } });

    // 页面打开后获取列表数据
    onMounted(() => {
@@ -19,7 +19,7 @@ import { OPEN_API_DOC } from "/@/views/certd/open/openkey/api";
 defineOptions({
  name: "OpenKey",
 });
-const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: {} });
+const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: { permission: { isProjectPermission: true } } });

 // 页面打开后获取列表数据
 onMounted(() => {
@@ -16,13 +16,16 @@ import { useCertViewer } from "/@/views/certd/pipeline/use";
 import { useI18n } from "/src/locales";
 import { useDicts } from "../dicts";
 import { useProjectStore } from "/@/store/project";
+import { useCrudPermission } from "/@/plugin/permission";

-export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, hasActionPermission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
+export default function ({ crudExpose, context: { selectedRowKeys, openCertApplyDialog, permission } }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
  const lastResRef = ref();

  const { t } = useI18n();

+  const { hasActionPermission } = useCrudPermission({ permission });
+
  const { openUploadCreateDialog } = useCertUpload();

  const pageRequest = async (query: UserPageQuery): Promise<UserPageRes> => {
@@ -50,6 +53,7 @@ export default function ({ crudExpose, context: { selectedRowKeys, openCertApply
      delete form.lastVars;
      delete form.createTime;
      delete form.id;
+      delete form.webhook;
      let pipeline = form.content;
      if (typeof pipeline === "string" && pipeline.startsWith("{")) {
        pipeline = JSON.parse(form.content);
@@ -75,8 +79,8 @@ export default function ({ crudExpose, context: { selectedRowKeys, openCertApply
  function onDialogOpen(opt: any) {
    const searchForm = crudExpose.getSearchValidatedFormData();
    opt.initialForm = {
-      ...opt.initialForm,
      groupId: searchForm.groupId,
+      ...opt.initialForm,
    };
  }

@@ -124,11 +128,11 @@ export default function ({ crudExpose, context: { selectedRowKeys, openCertApply
            click() {
              openCertApplyDialog({ key: "CertApply" });
            },
-            show: hasActionPermission("add"),
+            show: hasActionPermission("write"),
          },
          uploadCert: {
            order: 2,
-            show: hasActionPermission("uploadCert"),
+            show: hasActionPermission("write"),
            text: t("certd.commercialCertHosting"),
            type: "primary",
            tooltip: {
@@ -219,7 +223,7 @@ export default function ({ crudExpose, context: { selectedRowKeys, openCertApply
              row = info.pipeline;
              row.content = JSON.parse(row.content);
              row.title = row.title + "_copy";
-              await crudExpose.openCopy({
+              await crudExpose.openAdd({
                row: row,
                index: context.index,
              });
@@ -14,12 +14,16 @@
 import { defineComponent, onActivated, onMounted } from "vue";
 import { useFs } from "@fast-crud/fast-crud";
 import createCrudOptions from "./crud";
-import { createApi } from "./api";

 export default defineComponent({
  name: "PipelineGroupManager",
  setup() {
-    const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context: {} });
+    const { crudBinding, crudRef, crudExpose } = useFs({
+      createCrudOptions,
+      context: {
+        permission: { isProjectPermission: true },
+      },
+    });

    // 页面打开后获取列表数据
    onMounted(() => {
@@ -37,11 +37,11 @@
      <div v-if="selectedRowKeys.length > 0" class="batch-actions">
        <div class="batch-actions-inner">
          <span>{{ t("certd.selectedCount", { count: selectedRowKeys.length }) }}</span>
-          <fs-button icon="ion:trash-outline" class="color-red" type="link" :text="t('certd.batchDelete')" @click="batchDelete"></fs-button>
+          <fs-button v-if="hasActionPermission('write')" icon="ion:trash-outline" class="color-red" type="link" :text="t('certd.batchDelete')" @click="batchDelete"></fs-button>
          <batch-rerun :selected-row-keys="selectedRowKeys" @change="batchFinished"></batch-rerun>
-          <change-group :selected-row-keys="selectedRowKeys" @change="batchFinished"></change-group>
-          <change-notification :selected-row-keys="selectedRowKeys" @change="batchFinished"></change-notification>
-          <change-trigger :selected-row-keys="selectedRowKeys" @change="batchFinished"></change-trigger>
+          <change-group v-if="hasActionPermission('write')" :selected-row-keys="selectedRowKeys" @change="batchFinished"></change-group>
+          <change-notification v-if="hasActionPermission('write')" :selected-row-keys="selectedRowKeys" @change="batchFinished"></change-notification>
+          <change-trigger v-if="hasActionPermission('write')" :selected-row-keys="selectedRowKeys" @change="batchFinished"></change-trigger>
        </div>
      </div>
      <template #form-bottom>
@@ -49,6 +49,7 @@
                  </div>
                </template>
              </v-draggable>
+              <div v-if="currentTask.steps?.length > 0" class="helper mt-6">任务步骤会串行执行，如果前面步骤失败，后面的步骤不会运行</div>
            </a-form-item>
          </div>
        </a-form>
@@ -17,7 +17,7 @@
    </template>
    <fs-crud ref="crudRef" v-bind="crudBinding">
      <template #pagination-left>
-        <a-tooltip :title="t('certd.batchDelete')">
+        <a-tooltip v-if="hasActionPermission('write')" :title="t('certd.batchDelete')">
          <fs-button icon="DeleteOutlined" @click="handleBatchDelete"></fs-button>
        </a-tooltip>
      </template>
@@ -32,13 +32,21 @@ import createCrudOptions from "./crud";
 import { message, Modal } from "ant-design-vue";
 import { DeleteBatch } from "./api";
 import { useI18n } from "/src/locales";
+import { useCrudPermission } from "/@/plugin/permission";

 const { t } = useI18n();

 defineOptions({
  name: "CnameRecord",
 });
-const { crudBinding, crudRef, crudExpose, context } = useFs({ createCrudOptions });
+const context: any = {
+  permission: {
+    isProjectPermission: true,
+  },
+};
+const { hasActionPermission } = useCrudPermission({ permission: context.permission });
+context.hasActionPermission = hasActionPermission;
+const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });

 const selectedRowKeys = context.selectedRowKeys;
 const handleBatchDelete = () => {
@@ -3,8 +3,12 @@ import { notification } from "ant-design-vue";
 import CertView from "/@/views/certd/pipeline/cert-view.vue";
 import { env } from "/@/utils/util.env";
 import { useModal } from "/@/use/use-modal";
+import { useProjectStore } from "/@/store/project";
+import { useUserStore } from "/@/store/user";

 export function useCertViewer() {
+  const projectStore = useProjectStore();
+  const userStore = useUserStore();
  const model = useModal();
  const viewCert = async (id: number) => {
    const cert = await api.GetCert(id);
@@ -33,7 +37,11 @@ export function useCertViewer() {
      content: () => {
        const children = [];
        for (const file of files) {
-          const downloadUrl = `${env.API}/pi/history/download?pipelineId=${id}&fileId=${file.id}`;
+          let downloadUrl = `${env.API}/pi/history/download?pipelineId=${id}&fileId=${file.id}`;
+          if (projectStore.isEnterprise) {
+            downloadUrl += `&projectId=${projectStore.currentProject?.id}`;
+          }
+          downloadUrl += `&token=${userStore.getToken}`;
          children.push(
            <div>
              <div class={"flex-o m-5"}>
@@ -1,6 +1,6 @@
 import { request } from "/src/api/service";

-const apiPrefix = "/enterprise/myProjectMember";
+const apiPrefix = "/enterprise/projectMember";
 const userApiPrefix = "/sys/authority/user";
 export async function GetList(query: any) {
  return await request({
@@ -65,3 +65,11 @@ export async function GetUserSimpleByIds(query: any) {
    data: query,
  });
 }
+
+export async function ApproveJoin(form: any) {
+  return await request({
+    url: "/enterprise/project/approveJoin",
+    method: "post",
+    data: form,
+  });
+}
@@ -6,7 +6,8 @@ import * as api from "./api";
 import { useSettingStore } from "/@/store/settings";
 import { useUserStore } from "/@/store/user";
 import { useI18n } from "/src/locales";
-import { userDict } from "../../dicts";
+import { useDicts } from "../../dicts";
+import { useApprove } from "./use";

 export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
@@ -34,6 +35,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const settingStore = useSettingStore();
  const selectedRowKeys: Ref<any[]> = ref([]);
  context.selectedRowKeys = selectedRowKeys;
+  const { hasActionPermission } = context;
+  const { userDict, projectMemberStatusDict, projectPermissionDict } = useDicts();
+  const { openApproveDialog } = useApprove();

  return {
    crudOptions: {
@@ -105,7 +109,10 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          search: {
            show: true,
          },
-          form: {},
+          form: {
+            show: true,
+            rules: [{ required: true, message: "请选择用户" }],
+          },
          editForm: {
            show: false,
          },
@@ -116,23 +123,64 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
        permission: {
          title: t("certd.ent.projectPermission"),
          type: "dict-select",
-          dict: dict({
-            data: [
-              { label: t("certd.ent.permission.read"), value: "read", color: "cyan" },
-              { label: t("certd.ent.permission.write"), value: "write", color: "blue" },
-              { label: t("certd.ent.permission.admin"), value: "admin", color: "green" },
-            ],
-          }),
+          dict: projectPermissionDict,
          search: {
            show: true,
          },
          form: {
            show: true,
+            rules: [{ required: true, message: "请选择权限" }],
          },
          column: {
            width: 200,
          },
        },
+        status: {
+          title: t("certd.ent.projectMemberStatus"),
+          type: "dict-select",
+          dict: projectMemberStatusDict,
+          search: {
+            show: true,
+          },
+          form: {
+            show: true,
+            rules: [{ required: true, message: "请选择状态" }],
+          },
+          column: {
+            width: 200,
+            cellRender: ({ row }) => {
+              let approveButton: any = "";
+              if (row.status === "pending" && hasActionPermission("admin")) {
+                approveButton = (
+                  <fs-button
+                    class="ml-2"
+                    type="primary"
+                    size="small"
+                    onClick={async () => {
+                      openApproveDialog({
+                        id: row.id,
+                        permission: row.permission,
+                        onSubmit: async (form: any) => {
+                          form.userId = row.userId;
+                          await api.ApproveJoin(form);
+                          crudExpose.doRefresh();
+                        },
+                      });
+                    }}
+                  >
+                    审批
+                  </fs-button>
+                );
+              }
+              return (
+                <div class="flex items-center">
+                  <fs-values-format model-value={row.status} dict={projectMemberStatusDict}></fs-values-format>
+                  {approveButton}
+                </div>
+              );
+            },
+          },
+        },
        createTime: {
          title: t("certd.createTime"),
          type: "datetime",
@@ -2,9 +2,13 @@
  <fs-page class="page-project-detail">
    <template #header>
      <div class="title">
-        {{ t("certd.ent.projectDetailManager") }}
-        <span class="sub">
-          {{ t("certd.ent.projectDetailDescription") }}
+        当前项目 ：{{ project?.name }}
+        <span class="sub flex-inline items-center">
+          管理员：<fs-values-format :model-value="project.adminId" :dict="userDict" color="green"></fs-values-format>
+          <!-- <a-divider type="vertical"></a-divider>
+          <fs-values-format :model-value="project.permission" :dict="projectPermissionDict"></fs-values-format>
+          <a-divider type="vertical"></a-divider>
+          <fs-values-format :model-value="project.status" :dict="projectMemberStatusDict"></fs-values-format> -->
        </span>
      </div>
    </template>
@@ -19,13 +23,17 @@
 </template>

 <script lang="ts" setup>
-import { onActivated, onMounted } from "vue";
+import { onActivated, onMounted, Ref, ref } from "vue";
 import { useFs } from "@fast-crud/fast-crud";
 import createCrudOptions from "./crud";
 import { message, Modal } from "ant-design-vue";
 import { DeleteBatch } from "./api";
 import { useI18n } from "/src/locales";
 import { useRoute } from "vue-router";
+import { useProjectStore } from "/@/store/project";
+import { request } from "/@/api/service";
+import { useDicts } from "../../dicts";
+import { useCrudPermission } from "/@/plugin/permission";

 const { t } = useI18n();

@@ -35,11 +43,38 @@ defineOptions({

 const route = useRoute();
 const projectIdStr = route.query.projectId as string;
-const projectId = Number(projectIdStr);
+let projectId = Number(projectIdStr);
+const projectStore = useProjectStore();
+if (!projectId) {
+  projectId = projectStore.currentProject?.id;
+}
+
+const { projectPermissionDict, projectMemberStatusDict, userDict } = useDicts();
+
+const project: Ref<any> = ref({});
+
+async function loadProjectDetail() {
+  if (projectId) {
+    const res = await request({
+      url: `/enterprise/project/detail`,
+      method: "post",
+      params: {
+        projectId,
+      },
+    });
+    project.value = res;
+  }
+}

 const context: any = {
  projectId,
+  permission: {
+    isProjectPermission: true,
+    projectPermission: "admin",
+  },
 };
+const { hasActionPermission } = useCrudPermission(context);
+context.hasActionPermission = hasActionPermission;
 const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });

 const selectedRowKeys = context.selectedRowKeys;
@@ -61,7 +96,12 @@ const handleBatchDelete = () => {
 };

 // 页面打开后获取列表数据
-onMounted(() => {
+onMounted(async () => {
+  if (!projectId) {
+    message.error("您还未选择项目");
+    return;
+  }
+  await loadProjectDetail();
  crudExpose.doRefresh();
 });
 onActivated(async () => {
@@ -0,0 +1,46 @@
+import { dict } from "@fast-crud/fast-crud";
+import { useDicts } from "../../dicts";
+import { useFormDialog } from "/@/use/use-dialog";
+
+export function useApprove() {
+  const { openFormDialog } = useFormDialog();
+  const { projectPermissionDict, projectMemberStatusDict, userDict } = useDicts();
+  function openApproveDialog({ id, permission, onSubmit }: { id: any; permission: any; onSubmit: any }) {
+    openFormDialog({
+      title: "审批加入申请",
+      columns: {
+        permission: {
+          title: "成员权限",
+          type: "dict-select",
+          dict: projectPermissionDict,
+        },
+        status: {
+          title: "审批结果",
+          type: "dict-radio",
+          dict: dict({
+            data: [
+              {
+                label: "通过",
+                value: "approved",
+              },
+              {
+                label: "拒绝",
+                value: "rejected",
+              },
+            ],
+          }),
+        },
+      },
+      onSubmit: onSubmit,
+      initialForm: {
+        id: id,
+        permission: permission,
+        status: "approved",
+      },
+    });
+  }
+
+  return {
+    openApproveDialog,
+  };
+}
@@ -30,7 +30,8 @@ const { t } = useI18n();
 defineOptions({
  name: "MyProjectManager",
 });
-const { crudBinding, crudRef, crudExpose, context } = useFs({ createCrudOptions });
+const context: any = { permission: { isProjectPermission: true, projectPermission: "admin" } };
+const { crudBinding, crudRef, crudExpose } = useFs({ createCrudOptions, context });

 const selectedRowKeys = context.selectedRowKeys;
 const handleBatchDelete = () => {
@@ -0,0 +1,171 @@
+<template>
+  <fs-page class="page-project-join">
+    <template #header>
+      <div class="title">
+        {{ t("certd.sysResources.projectJoin") }}
+        <span v-if="projectStore.projects.length === 0" class="sub">{{ t("certd.project.noProjectJoined") }}</span>
+      </div>
+
+      <div class="more">
+        <a-button v-if="userStore.isAdmin" type="primary" @click="goProjectManager">{{ t("certd.project.projectManage") }}</a-button>
+      </div>
+    </template>
+    <div class="project-container">
+      <h3 class="text-lg font-medium mb-4">{{ t("certd.project.projectList") }}</h3>
+      <div class="flex flex-wrap gap-4">
+        <div v-for="project in projects" :key="project.id" class="w-full md:w-1/4">
+          <a-card :bordered="true" class="project-card">
+            <div class="project-card-content">
+              <div class="project-info">
+                <div class="text-md font-bold title">{{ project.name }}</div>
+                <div class="flex items-center justify-start">管理员： <fs-values-format :model-value="project.adminId" :dict="userDict" color="green"></fs-values-format></div>
+                <p class="text-gray-500 text-sm">创建时间：{{ formatDate(project.createTime) }}</p>
+              </div>
+              <div class="flex-col items-start">
+                <div v-if="project.status" class="mt-1 flex items-center justify-start">状态：<fs-values-format :model-value="project.status" :dict="projectMemberStatusDict"></fs-values-format></div>
+                <div v-if="project.permission" class="mt-1 flex items-center justify-start">权限：<fs-values-format :model-value="project.permission" :dict="projectPermissionDict"></fs-values-format></div>
+              </div>
+            </div>
+            <template #actions>
+              <span v-if="project.status === 'approved'" class="flex-inline items-center text-blue-500" :title="t('certd.project.viewDetail')" @click="goProjectDetail(project.id)">
+                <fs-icon class="fs-18 mr-2" icon="mdi:eye-outline"></fs-icon>
+                {{ t("certd.project.viewDetail") }}
+              </span>
+              <span v-if="!project.status || project.status === 'rejected'" class="flex-inline items-center text-blue-500" :title="t('certd.project.applyJoin')" @click="applyToJoin(project.id)">
+                <fs-icon class="fs-18 mr-2" icon="mdi:checkbox-marked-circle-outline"></fs-icon>
+                {{ t("certd.project.applyJoin") }}
+              </span>
+              <span v-if="project.status === 'pending' || project.status === 'approved'" class="flex-inline items-center text-red-500" :title="t('certd.project.leave')" @click="leaveProject(project.id)">
+                <fs-icon class="fs-18 mr-2" icon="mdi:arrow-right-thin-circle-outline"></fs-icon>
+                {{ t("certd.project.leave") }}
+              </span>
+            </template>
+          </a-card>
+        </div>
+      </div>
+    </div>
+  </fs-page>
+</template>
+
+<script lang="ts" setup>
+import { ref, onMounted } from "vue";
+import { useI18n } from "/src/locales";
+import { message, Modal } from "ant-design-vue";
+import { request } from "/src/api/service";
+import { useProjectStore } from "/@/store/project";
+import dayjs from "dayjs";
+import { useDicts } from "../dicts";
+import { useRouter } from "vue-router";
+import { useUserStore } from "/@/store/user";
+
+defineOptions({
+  name: "ProjectJoin",
+});
+const { t } = useI18n();
+
+const { projectMemberStatusDict, projectPermissionDict, userDict } = useDicts();
+
+const projects = ref<any[]>([]);
+
+const projectStore = useProjectStore();
+const userStore = useUserStore();
+function goProjectManager() {
+  // 假设这里调用跳转到项目管理页的API
+  router.push(`/sys/enterprise/project`);
+}
+
+const router = useRouter();
+function goProjectDetail(projectId: number) {
+  // 假设这里调用跳转到项目详情页的API
+  router.push(`/certd/project/detail?projectId=${projectId}`);
+}
+
+const getSystemProjects = async () => {
+  try {
+    // 假设这里调用获取系统项目列表的API
+    const response = await request({
+      url: "/enterprise/project/all",
+      method: "post",
+    });
+    projects.value = response || [];
+  } catch (error) {
+    message.error(t("certd.project.fetchFailed"));
+    console.error("获取项目列表失败:", error);
+  }
+};
+
+const applyToJoin = async (projectId: number) => {
+  // 假设这里调用申请加入项目的API
+  Modal.confirm({
+    title: t("certd.project.applyJoin"),
+    content: t("certd.project.applyJoinConfirm"),
+    onOk: async () => {
+      await request({
+        url: "/enterprise/project/applyJoin",
+        method: "post",
+        data: { projectId },
+      });
+      message.success(t("certd.project.applySuccess"));
+      await getSystemProjects();
+      // 申请成功后可以刷新页面或跳转到项目列表
+    },
+  });
+};
+
+const formatDate = (dateString: string) => {
+  if (!dateString) {
+    return "";
+  }
+  return dayjs(dateString).format("YYYY-MM-DD HH:mm:ss");
+};
+
+onMounted(() => {
+  getSystemProjects();
+});
+
+async function leaveProject(projectId: number) {
+  // 假设这里调用退出项目的API
+  Modal.confirm({
+    title: t("certd.project.leave"),
+    content: t("certd.project.leaveConfirm"),
+    onOk: async () => {
+      await request({
+        url: "/enterprise/project/leave",
+        method: "post",
+        data: { projectId },
+      });
+      message.success(t("certd.project.leaveSuccess"));
+      // 退出成功后可以刷新页面或跳转到项目列表
+      await getSystemProjects();
+    },
+  });
+}
+</script>
+
+<style lang="less">
+.page-project-join {
+  .project-container {
+    padding: 24px;
+    margin: 0 auto;
+    .project-card {
+      margin-bottom: 16px;
+      transition: all 0.3s;
+
+      &:hover {
+        box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1);
+      }
+
+      .project-card-content {
+        display: flex;
+        justify-content: space-between;
+        align-items: center;
+      }
+
+      .title {
+        font-size: 16px;
+        font-weight: bold;
+      }
+    }
+  }
+}
+</style>
@@ -35,6 +35,11 @@
                <a-divider type="vertical" />
                <vip-button mode="nav" style="font-size: 12px"></vip-button>
              </template>
+
+              <template v-if="settingsStore.isEnterprise">
+                <a-divider type="vertical" />
+                <project-current></project-current>
+              </template>
              <template v-if="settingsStore.isComm">
                <a-divider type="vertical" />
                <suite-card class="m-0"></suite-card>
@@ -90,35 +90,21 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
            },
          },
        },
-        disabled: {
-          title: t("certd.disabled"),
+        isSystem: {
+          title: t("certd.ent.isSystem"),
          type: "dict-switch",
          dict: dict({
            data: [
-              { label: t("certd.enabled"), value: false, color: "success" },
-              { label: t("certd.disabledLabel"), value: true, color: "error" },
+              { label: t("common.yes"), value: true, color: "success" },
+              { label: t("common.no"), value: false, color: "error" },
            ],
          }),
          form: {
-            value: false,
+            value: true,
+            helper: t("certd.ent.isSystemHelper"),
          },
          column: {
-            width: 100,
-            component: {
-              title: t("certd.clickToToggle"),
-              on: {
-                async click({ value, row }) {
-                  Modal.confirm({
-                    title: t("certd.prompt"),
-                    content: t("certd.confirmToggleStatus", { action: !value ? t("certd.disable") : t("certd.enable") }),
-                    onOk: async () => {
-                      await api.SetDisabled(row.id, !value);
-                      await crudExpose.doRefresh();
-                    },
-                  });
-                },
-              },
-            },
+            width: 150,
          },
        },
        adminId: {
@@ -7,6 +7,7 @@ import { useSettingStore } from "/@/store/settings";
 import { useUserStore } from "/@/store/user";
 import { useI18n } from "/src/locales";
 import { userDict } from "../../dicts";
+import { useDicts } from "/@/views/certd/dicts";

 export default function ({ crudExpose, context }: CreateCrudOptionsProps): CreateCrudOptionsRet {
  const router = useRouter();
@@ -35,6 +36,8 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
  const selectedRowKeys: Ref<any[]> = ref([]);
  context.selectedRowKeys = selectedRowKeys;

+  const { projectMemberStatusDict } = useDicts();
+
  return {
    crudOptions: {
      settings: {
@@ -105,7 +108,9 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          search: {
            show: true,
          },
-          form: {},
+          form: {
+            rules: [{ required: true, message: "请选择用户" }],
+          },
          editForm: {
            show: false,
          },
@@ -128,11 +133,34 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
          },
          form: {
            show: true,
+            rules: [{ required: true, message: "请选择权限" }],
          },
          column: {
            width: 200,
          },
        },
+        status: {
+          title: t("certd.ent.projectMemberStatus"),
+          type: "dict-select",
+          dict: projectMemberStatusDict,
+          search: {
+            show: true,
+          },
+          form: {
+            show: true,
+            rules: [{ required: true, message: "请选择状态" }],
+          },
+          column: {
+            width: 200,
+            cellRender: ({ row }) => {
+              return (
+                <div class="flex items-center">
+                  <fs-values-format model-value={row.status} dict={projectMemberStatusDict}></fs-values-format>
+                </div>
+              );
+            },
+          },
+        },
        createTime: {
          title: t("certd.createTime"),
          type: "datetime",
@@ -12,6 +12,7 @@
        </a-tooltip>
      </template>
    </fs-crud>
+    <AdminModeIntro v-if="!projectStore.isEnterprise" title="当前为SaaS管理模式，项目管理需要切换到企业模式" :open="true"></AdminModeIntro>
  </fs-page>
 </template>

@@ -22,7 +23,8 @@ import createCrudOptions from "./crud";
 import { message, Modal } from "ant-design-vue";
 import { DeleteBatch } from "./api";
 import { useI18n } from "/src/locales";
-
+import { useProjectStore } from "/@/store/project";
+import AdminModeIntro from "./intro.vue";
 const { t } = useI18n();

 defineOptions({
@@ -30,6 +32,7 @@ defineOptions({
 });
 const { crudBinding, crudRef, crudExpose, context } = useFs({ createCrudOptions });

+const projectStore = useProjectStore();
 const selectedRowKeys = context.selectedRowKeys;
 const handleBatchDelete = () => {
  if (selectedRowKeys.value?.length > 0) {
@@ -0,0 +1,86 @@
+<template>
+  <div v-if="open" class="admin-mode-intro" :style="fixed ? 'position: fixed;' : 'position: absolute;'" @click="close()">
+    <div class="mask">
+      <div class="intro-content">
+        <h2 class="intro-title text-xl font-bold">{{ title || "管理模式介绍" }}</h2>
+        <div class="mt-8 image-block">
+          <div class="flex gap-8">
+            <div class="intro-desc flex-1">SaaS模式：每个用户管理自己的流水线和授权资源，每个用户独立使用。</div>
+            <div class="intro-desc flex-1">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
+          </div>
+          <div class="image-intro">
+            <img :src="src" alt="" />
+          </div>
+        </div>
+        <div class="action">
+          <a-button type="primary" html-type="button" @click="goSwitchMode">立即前往切换模式</a-button>
+        </div>
+      </div>
+    </div>
+  </div>
+</template>
+
+<script setup lang="tsx">
+import { ref } from "vue";
+import { useRouter } from "vue-router";
+defineOptions({
+  name: "AdminModeIntro",
+});
+
+const props = defineProps<{
+  title?: string;
+  open?: boolean;
+  fixed?: boolean;
+}>();
+
+const emit = defineEmits(["update:open"]);
+
+function close() {
+  emit("update:open", false);
+}
+
+const src = ref("static/images/ent/admin_mode.png");
+
+const router = useRouter();
+function goSwitchMode() {
+  router.push("/sys/settings?tab=mode");
+}
+</script>
+
+<style lang="less">
+.admin-mode-intro {
+  position: absolute;
+  top: 0;
+  left: 0;
+  width: 100%;
+  height: 100%;
+  background-color: rgba(0, 0, 0, 0.5);
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  z-index: 9999;
+
+  .mask {
+    padding: 20px;
+    border-radius: 10px;
+  }
+
+  .intro-content {
+    background-color: #fff;
+    padding: 20px;
+    border-radius: 10px;
+    text-align: center;
+  }
+
+  .image-block {
+    text-align: center;
+    .image-intro {
+      width: 100%;
+      img {
+        margin: 0 auto;
+        max-width: 100%;
+      }
+    }
+  }
+}
+</style>
@@ -2,13 +2,23 @@
  <div class="sys-settings-form sys-settings-mode">
    <a-form :model="formState" name="basic" :label-col="{ span: 8 }" :wrapper-col="{ span: 16 }" autocomplete="off" @finish="onFinish">
      <a-form-item :label="t('certd.sys.setting.adminMode')" :name="['public', 'adminMode']">
-        <fs-dict-radio v-model:value="formState.public.adminMode" :dict="adminModeDict" />
+        <div class="w-full flex items-center">
+          <fs-dict-radio v-model:value="formState.public.adminMode" :disabled="!settingsStore.isPlus" :dict="adminModeDict" />
+          <vip-button class="ml-5" mode="button"></vip-button>
+        </div>
+        <div class="helper">SaaS模式：每个用户管理自己的流水线和授权资源，独立使用。</div>
+        <div class="helper">企业模式：通过项目合作管理流水线证书和授权资源，所有用户视为企业内部员工。</div>
+        <div class="helper text-red-500">建议在开始使用时固定一个合适的模式，之后就不要随意切换了。</div>
+        <div v-if="settingsStore.isComm" class="helper text-red-500">商业版不建议设置为企业模式，除非你确定要转成企业内部使用</div>
+        <div><a @click="adminModeIntroOpen = true"> 更多管理模式介绍</a></div>
      </a-form-item>

      <a-form-item label=" " :colon="false" :wrapper-col="{ span: 8 }">
        <a-button :loading="saveLoading" type="primary" html-type="submit">{{ t("certd.saveButton") }}</a-button>
      </a-form-item>
    </a-form>
+
+    <AdminModeIntro v-model:open="adminModeIntroOpen" fixed></AdminModeIntro>
  </div>
 </template>

@@ -22,22 +32,25 @@ import { notification } from "ant-design-vue";
 import { useI18n } from "/src/locales";
 import { dict } from "@fast-crud/fast-crud";
 import { useProjectStore } from "/@/store/project";
+import AdminModeIntro from "/@/views/sys/enterprise/project/intro.vue";
 const { t } = useI18n();

 defineOptions({
  name: "SettingMode",
 });

+const adminModeIntroOpen = ref(false);
+
 const adminModeDict = dict({
  data: [
-    {
-      label: t("certd.sys.setting.enterpriseMode"),
-      value: "enterprise",
-    },
    {
      label: t("certd.sys.setting.saasMode"),
      value: "saas",
    },
+    {
+      label: t("certd.sys.setting.enterpriseMode"),
+      value: "enterprise",
+    },
  ],
 });

@@ -6,7 +6,7 @@ typeorm:
    default:
      type: mysql # mariadb
      host: localhost
-      port: 3309
+      port: 3308
      username: root
      password: root
      database: certd
@@ -3,6 +3,27 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+# [1.39.0](https://github.com/certd/certd/compare/v1.38.12...v1.39.0) (2026-03-07)
+
+### Bug Fixes
+
+* 修复部署到openwrt错误的bug ([2e3d0cc](https://github.com/certd/certd/commit/2e3d0cc57c16c48ad435bc8fde729bacaedde9f5))
+* 修复复制流水线保存后丢失分组和排序号的问题 ([bc32648](https://github.com/certd/certd/commit/bc326489abc1d50a0930b4f47aa2d62d3a486798))
+* 修复京东云域名申请证书报错的bug ([d9c0130](https://github.com/certd/certd/commit/d9c0130b59997144a3c274d456635b800135e43f))
+* 修复偶尔下载证书报未授权的错误 ([316537e](https://github.com/certd/certd/commit/316537eb4dcbe5ec57784e8bf95ee3cdfd21dce7))
+* 修复dcdn多个域名同时部署时 可能会出现证书名称重复的bug ([78c2ced](https://github.com/certd/certd/commit/78c2ced43b1a73d142b0ed783b162b97f545ab06))
+* 优化dcdn部署上传多次证书 偶尔报 The CertName already exists的问题 ([72f850f](https://github.com/certd/certd/commit/72f850f675b500d12ebff2338d1b99d6fab476e1))
+* **cert-plugin:** 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。 ([92c9ac3](https://github.com/certd/certd/commit/92c9ac382692e6c84140ff787759ab6d39ccbe96))
+* esxi部署失败的bug ([1e44115](https://github.com/certd/certd/commit/1e441154617e6516a9a3610412bf597128c62696))
+
+### Features
+
+* 支持企业级管理模式，项目管理，细分权限 ([3734083](https://github.com/certd/certd/commit/37340838b6a61a94b86bfa13cf5da88b26f1315a))
+
+### Performance Improvements
+
+* 站点监控支持指定ip地址检查 ([83d81b6](https://github.com/certd/certd/commit/83d81b64b3adb375366039e07c87d1ad79121c13))
+
 ## [1.38.12](https://github.com/certd/certd/compare/v1.38.11...v1.38.12) (2026-02-18)

 **Note:** Version bump only for package @certd/ui-server
@@ -0,0 +1,118 @@
+
+CREATE TABLE `cd_project`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `name`        varchar(512) NOT NULL,
+  `admin_id`    bigint      NOT NULL,
+  `disabled`    boolean      NOT NULL DEFAULT false,
+  `is_system`   boolean      NOT NULL DEFAULT false,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_project_user_id` ON `cd_project` (`user_id`);
+CREATE INDEX `index_project_admin_id` ON `cd_project` (`admin_id`);
+INSERT INTO cd_project (id, user_id, `admin_id`, `name`, `disabled`, `is_system`) VALUES (1, -1, 1,'default', false,false);
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cert_project_id` ON `cd_cert_info` (`project_id`);
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_project_id` ON `cd_site_info` (`project_id`);
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX `index_site_ip_project_id` ON `cd_site_ip` (`project_id`);
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX `index_open_key_project_id` ON `cd_open_key` (`project_id`);
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX `index_access_project_id` ON `cd_access` (`project_id`);
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX `index_addon_project_id` ON `cd_addon` (`project_id`);
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_project_id` ON `pi_pipeline` (`project_id`);
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_pipeline_group_project_id` ON `pi_pipeline_group` (`project_id`);
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX `index_storage_project_id` ON `pi_storage` (`project_id`);
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX `index_notification_project_id` ON `pi_notification` (`project_id`);
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_project_id` ON `pi_history` (`project_id`);
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX `index_history_log_project_id` ON `pi_history_log` (`project_id`);
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX `index_template_project_id` ON `pi_template` (`project_id`);
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_sub_domain_project_id` ON `pi_sub_domain` (`project_id`);
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX `index_cname_record_project_id` ON `cd_cname_record` (`project_id`);
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX `index_domain_project_id` ON `cd_domain` (`project_id`);
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX `index_user_settings_project_id` ON `user_settings` (`project_id`);
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX `index_group_project_id` ON `cd_group` (`project_id`);
+
+
+
+
+CREATE TABLE `cd_project_member`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `permission`  varchar(128) NOT NULL DEFAULT 'read',
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX `index_project_member_user_id` ON `cd_project_member` (`user_id`);
+CREATE INDEX `index_project_member_project_id` ON `cd_project_member` (`project_id`);
+
+
+CREATE TABLE `cd_audit_log`
+(
+  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
+  `user_id`     bigint      NOT NULL,
+  `username`    varchar(128) NOT NULL,
+  `project_id`  bigint      NOT NULL,
+  `project_name` varchar(512) NOT NULL,
+  `type`        varchar(128) NOT NULL,
+  `action`      varchar(128) NOT NULL DEFAULT 'read',
+  `content`     longtext         NOT NULL,
+  `ip_address`  varchar(128) NOT NULL,
+  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
+);
+
+
+CREATE INDEX `index_audit_log_user_id` ON `cd_audit_log` (`user_id`);
+CREATE INDEX `index_audit_log_project_id` ON `cd_audit_log` (`project_id`);
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+
+
+ALTER TABLE `cd_project` ENGINE = InnoDB;
+ALTER TABLE `cd_project_member` ENGINE = InnoDB;
+ALTER TABLE `cd_audit_log` ENGINE = InnoDB;
@@ -0,0 +1,116 @@
+
+CREATE TABLE "cd_project"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "name"        varchar(512) NOT NULL,
+  "admin_id"    bigint      NOT NULL,
+  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
+CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);
+select setval('cd_project_id_seq', 1);
+
+
+ALTER TABLE cd_cert_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
+
+ALTER TABLE cd_site_info ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_project_id" ON "cd_site_info" ("project_id");
+
+ALTER TABLE cd_site_ip ADD COLUMN  project_id bigint;
+CREATE INDEX "index_site_ip_project_id" ON "cd_site_ip" ("project_id");
+
+ALTER TABLE cd_open_key ADD COLUMN  project_id bigint;
+CREATE INDEX "index_open_key_project_id" ON "cd_open_key" ("project_id");
+
+ALTER TABLE cd_access ADD COLUMN  project_id bigint;
+CREATE INDEX "index_access_project_id" ON "cd_access" ("project_id");
+
+ALTER TABLE cd_addon ADD COLUMN  project_id bigint;
+CREATE INDEX "index_addon_project_id" ON "cd_addon" ("project_id");
+
+ALTER TABLE pi_pipeline ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_project_id" ON "pi_pipeline" ("project_id");
+
+ALTER TABLE pi_pipeline_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_pipeline_group_project_id" ON "pi_pipeline_group" ("project_id");
+
+ALTER TABLE pi_storage ADD COLUMN  project_id bigint;
+CREATE INDEX "index_storage_project_id" ON "pi_storage" ("project_id");
+
+ALTER TABLE pi_notification ADD COLUMN  project_id bigint;
+CREATE INDEX "index_notification_project_id" ON "pi_notification" ("project_id");
+
+ALTER TABLE pi_history ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_project_id" ON "pi_history" ("project_id");
+
+ALTER TABLE pi_history_log ADD COLUMN  project_id bigint;
+CREATE INDEX "index_history_log_project_id" ON "pi_history_log" ("project_id");
+
+ALTER TABLE pi_template ADD COLUMN  project_id bigint;
+CREATE INDEX "index_template_project_id" ON "pi_template" ("project_id");
+
+ALTER TABLE pi_sub_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_sub_domain_project_id" ON "pi_sub_domain" ("project_id");
+
+ALTER TABLE cd_cname_record ADD COLUMN  project_id bigint;
+CREATE INDEX "index_cname_record_project_id" ON "cd_cname_record" ("project_id");
+
+ALTER TABLE cd_domain ADD COLUMN  project_id bigint;
+CREATE INDEX "index_domain_project_id" ON "cd_domain" ("project_id");
+
+ALTER TABLE user_settings ADD COLUMN  project_id bigint;
+CREATE INDEX "index_user_settings_project_id" ON "user_settings" ("project_id");
+
+ALTER TABLE cd_group ADD COLUMN  project_id bigint;
+CREATE INDEX "index_group_project_id" ON "cd_group" ("project_id");
+
+
+
+
+CREATE TABLE "cd_project_member"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "permission"  varchar(128) NOT NULL DEFAULT ('read'),
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);
+
+CREATE INDEX "index_project_member_user_id" ON "cd_project_member" ("user_id");
+CREATE INDEX "index_project_member_project_id" ON "cd_project_member" ("project_id");
+
+
+CREATE TABLE "cd_audit_log"
+(
+  "id"          bigint PRIMARY KEY GENERATED BY DEFAULT AS IDENTITY NOT NULL,
+  "user_id"     bigint      NOT NULL,
+  "username"    varchar(128) NOT NULL,
+  "project_id"  bigint      NOT NULL,
+  "project_name" varchar(512) NOT NULL,
+  "type"        varchar(128) NOT NULL,
+  "action"      varchar(128) NOT NULL DEFAULT ('read'),
+  "content"     text         NOT NULL,
+  "ip_address"  varchar(128) NOT NULL,
+  "create_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
+  "update_time" timestamp     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
+);
+
+
+CREATE INDEX "index_audit_log_user_id" ON "cd_audit_log" ("user_id");
+CREATE INDEX "index_audit_log_project_id" ON "cd_audit_log" ("project_id");
+
+
+
+ALTER TABLE cd_site_info ADD COLUMN ip_address varchar(128);
+
@@ -6,6 +6,7 @@ CREATE TABLE "cd_project"
  "name"        varchar(512) NOT NULL,
  "admin_id"    integer      NOT NULL,
  "disabled"    boolean      NOT NULL DEFAULT (false),
+  "is_system"   boolean      NOT NULL DEFAULT (false),
  "create_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP),
  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
 );
@@ -13,7 +14,7 @@ CREATE TABLE "cd_project"

 CREATE INDEX "index_project_user_id" ON "cd_project" ("user_id");
 CREATE INDEX "index_project_admin_id" ON "cd_project" ("admin_id");
-INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled") VALUES (1, 0, 1,'default', false);
+INSERT INTO cd_project (id, user_id, "admin_id", "name", "disabled", "is_system") VALUES (1, -1, 1,'default', false,false);

 ALTER TABLE cd_cert_info ADD COLUMN  project_id integer;
 CREATE INDEX "index_cert_project_id" ON "cd_cert_info" ("project_id");
@@ -82,6 +83,7 @@ CREATE TABLE "cd_project_member"
  "update_time" datetime     NOT NULL DEFAULT (CURRENT_TIMESTAMP)
 );

+ALTER TABLE cd_project_member ADD COLUMN  status varchar(128);

 CREATE INDEX "index_project_member_user_id" ON "cd_project_member" ("user_id");
 CREATE INDEX "index_project_member_project_id" ON "cd_project_member" ("project_id");
@@ -7,18 +7,23 @@ showTest: false
 input:
  clientId:
    title: ClientId
-    helper: '[Azure Portal](https://portal.azure.com/)创建应用后获取'
+    helper: >-
+      [Microsoft Entra
+      ID](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)创建应用后获取
    required: true
  clientSecretKey:
    title: ClientSecretKey
    component:
      placeholder: ClientSecretKey / appSecretKey
+    helper: 客户端凭据->证书与机密->客户端密码->新客户端密码
    required: true
  tenantId:
    title: TenantId
-    helper: 租户ID，留空使用/common端点（需要应用配置为多租户）
    component:
      placeholder: common 或 租户ID
+    helper: |-
+      根据受支持的账户类型填写 common 或 租户ID，默认为common(Microsoft个人账户)。 
+      租户ID获取: 概述 -> 目录(租户) ID 
    value: common
    required: false
 pluginType: addon
@@ -37,7 +37,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
@@ -34,7 +34,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
@@ -3,7 +3,7 @@ default:
  strategy:
    runStrategy: 0
  input:
-    renewDays: 35
+    renewDays: 15
    forceUpdate: false
 name: CertApplyLego
 icon: ph:certificate
@@ -37,7 +37,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  email:
@@ -99,7 +99,7 @@ input:
    helper: |-
      1、支持多个域名打到一个证书上，例如： foo.com，*.foo.com，*.bar.com
      2、子域名被通配符包含的不要填写，例如：www.foo.com已经被*.foo.com包含，不要填写www.foo.com
-      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于xxx.yyy.foo.com、不能用于foo.com）
+      3、泛域名只能通配*号那一级（*.foo.com的证书不能用于foo.com且不能用于xxx.yyy.foo.com）
      4、输入一个，空格之后，再输入下一个 
      5、如果设置了子域托管解析（比如免费的二级域名托管在CF或者阿里云），请先[设置托管子域名](#/certd/pipeline/subDomain)
  pfxPassword:
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.38.12",
+  "version": "1.39.0",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -50,20 +50,20 @@
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
    "@aws-sdk/client-sts": "^3.990.0",
-    "@certd/acme-client": "^1.38.12",
-    "@certd/basic": "^1.38.12",
-    "@certd/commercial-core": "^1.38.12",
+    "@certd/acme-client": "^1.39.0",
+    "@certd/basic": "^1.39.0",
+    "@certd/commercial-core": "^1.39.0",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.12",
-    "@certd/lib-huawei": "^1.38.12",
-    "@certd/lib-k8s": "^1.38.12",
-    "@certd/lib-server": "^1.38.12",
-    "@certd/midway-flyway-js": "^1.38.12",
-    "@certd/pipeline": "^1.38.12",
-    "@certd/plugin-cert": "^1.38.12",
-    "@certd/plugin-lib": "^1.38.12",
-    "@certd/plugin-plus": "^1.38.12",
-    "@certd/plus-core": "^1.38.12",
+    "@certd/jdcloud": "^1.39.0",
+    "@certd/lib-huawei": "^1.39.0",
+    "@certd/lib-k8s": "^1.39.0",
+    "@certd/lib-server": "^1.39.0",
+    "@certd/midway-flyway-js": "^1.39.0",
+    "@certd/pipeline": "^1.39.0",
+    "@certd/plugin-cert": "^1.39.0",
+    "@certd/plugin-lib": "^1.39.0",
+    "@certd/plugin-plus": "^1.39.0",
+    "@certd/plus-core": "^1.39.0",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -80,7 +80,7 @@ const development = {
        type: 'better-sqlite3',
        database: './data/db.sqlite',
        synchronize: false, // 如果第一次使用，不存在表，有同步的需求可以写 true
-        logging: false,
+        logging: true,
        highlightSql: false,

        // 配置实体模型 或者 entities: '/entity',
@@ -40,9 +40,7 @@ export class LoginController extends BaseController {
  }

  private writeTokenCookie(token: { expire: any; token: any }) {
-    this.ctx.cookies.set("certd_token", token.token, {
-      maxAge: 1000 * token.expire
-    });
+    // this.loginService.writeTokenCookie(this.ctx,token);
  }

  @Post('/loginBySms', { summary: Constants.per.guest })
@@ -70,6 +70,8 @@ export class ConnectController extends BaseController {
    })
    return this.ok({ loginUrl, ticket });
  }
+
+
  @Get('/callback/:type', { summary: Constants.per.guest })
  public async callback(@Param('type') type: string, @Query() query: Record<string, string>) {

@@ -154,10 +156,15 @@ export class ConnectController extends BaseController {
      });
    }

+    this.writeTokenCookie(loginRes);
    //返回登录成功token
    return this.ok(loginRes);
  }

+  private writeTokenCookie(token: { expire: any; token: any }) {
+    // this.loginService.writeTokenCookie(this.ctx,token);
+  }
+

  @Post('/autoRegister', { summary: Constants.per.guest })
  public async autoRegister(@Body(ALL) body: { validationCode: string, type: string }) {
@@ -183,6 +190,7 @@ export class ConnectController extends BaseController {
    });

    const loginRes = await this.loginService.generateToken(newUser);
+    this.writeTokenCookie(loginRes);
    return this.ok(loginRes);
  }

@@ -1,5 +1,5 @@
+import { AccessService } from "@certd/lib-server";
 import { ALL, Body, Controller, Inject, Post, Provide, Query } from "@midwayjs/core";
-import { AccessService, Constants } from "@certd/lib-server";
 import { AccessController } from "../../user/pipeline/access-controller.js";

 /**
@@ -15,6 +15,12 @@ export class SysAccessController extends AccessController {
    return this.service2;
  }

+  async getProjectUserId(permission:string){
+    return {
+      projectId:null,userId:0
+    }
+  }
+
  getUserId() {
    // checkComm();
    return 0;
@@ -54,7 +60,7 @@ export class SysAccessController extends AccessController {
    return await super.define(type);
  }

-  @Post('/getSecretPlain', { summary: Constants.per.authOnly })
+  @Post('/getSecretPlain', { summary: 'sys:settings:view' })
  async getSecretPlain(@Body(ALL) body: { id: number; key: string }) {
    const value = await this.service.getById(body.id, 0);
    return this.ok(value[body.key]);
@@ -69,4 +75,9 @@ export class SysAccessController extends AccessController {
  async simpleInfo(@Query('id') id: number) {
    return await super.simpleInfo(id);
  }
+
+    @Post('/getDictByIds', { summary: 'sys:settings:view' })
+    async getDictByIds(@Body('ids') ids: number[]) {
+      return await super.getDictByIds(ids);
+    }
 }
@@ -21,12 +21,18 @@ export class BasicController extends BaseController {
  @Post('/preBindUser', { summary: 'sys:settings:edit' })
  public async preBindUser(@Body(ALL) body: PreBindUserReq) {
    // 设置缓存内容
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
    await this.plusService.userPreBind(body.userId);
    return this.ok({});
  }

  @Post('/bindUser', { summary: 'sys:settings:edit' })
  public async bindUser(@Body(ALL) body: BindUserReq) {
+    if (body.userId == null || body.userId <= 0) {
+      throw new Error("用户ID不能为空");
+    }
    const installInfo: SysInstallInfo = await this.sysSettingsService.getSetting(SysInstallInfo);
    installInfo.bindUserId = body.userId;
    await this.sysSettingsService.saveSetting(installInfo);
@@ -12,6 +12,11 @@ export class SysAddonController extends AddonController {
    return this.service2;
  }

+  async getProjectUserId(permission:string){
+    return {
+      projectId:null,userId:0 //0为系统级别
+    }
+  }
  getUserId() {
    // checkComm();
    return 0;
@@ -40,7 +40,7 @@ export class SysProjectController extends CrudController<ProjectEntity> {
    bean.userId = this.getUserId();
    return super.add({
      ...bean,
-      userId:0,
+      userId:-1, //企业用户id固定为-1
      adminId: bean.userId,
    });
  }
@@ -60,10 +60,12 @@ export class SysProjectMemberController extends CrudController<ProjectMemberEnti
      userId: this.getUserId(),
      projectId: projectId,
    });
-    return super.update({
+    const res =await this.service.update({
      id: bean.id,
      permission: bean.permission,
+      status: bean.status,
    });
+    return this.ok(res);
  }

  @Post("/info", { summary: "sys:settings:view" })
@@ -0,0 +1,60 @@
+import { Constants, isEnterprise } from '@certd/lib-server';
+import { Body, Controller, Inject, Post, Provide } from '@midwayjs/core';
+import { In } from 'typeorm';
+import { AuthService } from '../../../modules/sys/authority/service/auth-service.js';
+import { UserService } from '../../../modules/sys/authority/service/user-service.js';
+import { BasicController } from '../../basic/code-controller.js';
+
+/**
+ * 通知
+ */
+@Provide()
+@Controller('/api/basic/user')
+export class BasicUserController extends BasicController {
+  @Inject()
+  service: UserService;
+  @Inject()
+  authService: AuthService;
+
+  getService(): UserService {
+    return this.service;
+  }
+
+  @Post('/getSimpleUserByIds', { summary: Constants.per.authOnly })
+  async getSimpleUserByIds(@Body('ids') ids: number[]) {
+    if(!isEnterprise()){
+       throw new Error('非企业模式不能获取用户信息');
+    }
+    const users = await this.service.find({
+      select: {
+        id: true,
+        username: true,
+        nickName: true,
+        mobile: true,
+        phoneCode: true,
+      },
+      where: {
+        id: In(ids),
+      },
+    });
+    return this.ok(users);
+  }
+
+  @Post('/getSimpleUsers', {summary: Constants.per.authOnly})
+  async getSimpleUsers() {
+    if(!isEnterprise()){
+       throw new Error('非企业模式不能获取所有用户信息');
+    }
+    const users = await this.service.find({
+      select: {
+        id: true,
+        username: true,
+        nickName: true,
+        mobile: true,
+        phoneCode: true,
+      },
+    });
+    return this.ok(users);
+  }
+
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
xiaojunnuo	3bb29abe32	v1.39.0	2026-03-08 01:17:39 +08:00
xiaojunnuo	ac42d38b7a	build: prepare to build	2026-03-08 01:15:23 +08:00
xiaojunnuo	d9c0130b59	fix: 修复京东云域名申请证书报错的bug	2026-03-08 01:14:33 +08:00
xiaojunnuo	4925d5a5e7	chore: project prerelease	2026-03-08 00:48:29 +08:00
xiaojunnuo	dd9a7cf5d7	chore: project fix	2026-03-05 00:11:08 +08:00
xiaojunnuo	5ee3874b7e	chore: project fix	2026-03-04 23:53:19 +08:00
xiaojunnuo	17dd77cc96	chore: project userid fixed -1	2026-03-04 23:15:48 +08:00
xiaojunnuo	6c546b5290	chore: project finished	2026-03-03 23:31:42 +08:00
xiaojunnuo	a853fc2026	chore: vip tip	2026-03-03 18:25:55 +08:00
xiaojunnuo	92c9ac3826	fix(cert-plugin): 优化又拍云客户端错误处理逻辑，当域名已绑定证书时不再抛出异常。	2026-03-03 14:35:50 +08:00
xiaojunnuo	78c2ced43b	fix: 修复dcdn多个域名同时部署时可能会出现证书名称重复的bug	2026-03-03 11:31:52 +08:00
xiaojunnuo	72f850f675	fix: 优化dcdn部署上传多次证书偶尔报 The CertName already exists的问题	2026-03-03 11:29:50 +08:00
xiaojunnuo	bc326489ab	fix: 修复复制流水线保存后丢失分组和排序号的问题	2026-02-28 19:29:13 +08:00
xiaojunnuo	ea5e7d9563	chore: project setting	2026-02-28 18:49:46 +08:00
xiaojunnuo	5b5b48fc06	chore: admin mode setting	2026-02-28 18:30:04 +08:00
xiaojunnuo	1548ba0b8d	chore: project manager	2026-02-28 18:17:53 +08:00
xiaojunnuo	26b1c4244f	chore: project approve	2026-02-28 12:14:38 +08:00
xiaojunnuo	8a4e981931	chore: project detail join approve	2026-02-28 12:13:31 +08:00
xiaojunnuo	6163c3f08e	chore: join project	2026-02-28 00:49:02 +08:00
xiaojunnuo	e17f381b1f	chore: project blank	2026-02-27 23:09:50 +08:00
xiaojunnuo	316537eb4d	fix: 修复偶尔下载证书报未授权的错误	2026-02-27 00:37:24 +08:00
xiaojunnuo	b2c421600c	chore: 首页数据统计项目显示	2026-02-27 00:14:53 +08:00
xiaojunnuo	787f6ef528	perf: 任务步骤页面增加串行执行提示说明	2026-02-27 00:06:44 +08:00
xiaojunnuo	8578547467	chore: project permission	2026-02-26 23:50:15 +08:00
xiaojunnuo	51ab6d6da1	perf: 【破坏性更新】错误返回信息msg字段名统一改成message，与成功的返回结构一致	2026-02-26 23:50:01 +08:00
@@ -1 +1 @@
 :18
 :15