mirror of
https://github.com/certd/certd.git
synced 2026-07-16 02:37:34 +08:00
Compare commits
90 Commits
635f069012
...
v2-dev
| Author | SHA1 | Date | |
|---|---|---|---|
| 743617dbda | |||
| 89806b828a | |||
| 2e530bfdb0 | |||
| 83495b3213 | |||
| 5108416904 | |||
| 5589da1822 | |||
| 21e5aed3f3 | |||
| 4a88f795e1 | |||
| 604fa5be63 | |||
| 7ed1be994f | |||
| 6cc74a1c0a | |||
| 167b303fae | |||
| b91c9e4ea6 | |||
| 584b7b6f45 | |||
| 2312c444ef | |||
| 0373d019f8 | |||
| fe09e75b80 | |||
| 432c9c6cc1 | |||
| 5fc1d55879 | |||
| 268cd6cc9c | |||
| 20ffe31638 | |||
| 02d30067ea | |||
| 0ce7808e08 | |||
| d609ee2b7a | |||
| 083df61fcc | |||
| a524988be6 | |||
| 8517a0b564 | |||
| ec69b8f11b | |||
| edda1b57f3 | |||
| 5a7766992d | |||
| 02dabe11db | |||
| 58024128d8 | |||
| e44bf9d773 | |||
| 1114223bda | |||
| 55022e5fa6 | |||
| ae732fb298 | |||
| a6ef6996c3 | |||
| 97cf5e127b | |||
| 690df7373c | |||
| 9cc01e5da1 | |||
| 0a068a2746 | |||
| 85a239ff8c | |||
| a545a28dfb | |||
| ac876a980c | |||
| 4b555e8a56 | |||
| 1a8d14dc44 | |||
| 83263a72d2 | |||
| 76f3ba8691 | |||
| 072edd7aff | |||
| c0be4d702c | |||
| c3d6db3f1e | |||
| e05ec53eb5 | |||
| 8d9dad9c82 | |||
| 0071bcb0e4 | |||
| dbdc1ccd1b | |||
| 2a606fdb1d | |||
| 3b86f30bcf | |||
| 7808d028e9 | |||
| 04bcf73b8b | |||
| 1f8179d519 | |||
| 3ffd8946f8 | |||
| c78898e4c1 | |||
| d3e4677ea4 | |||
| d176f9cc0e | |||
| a65366bbe1 | |||
| 20cfe74b17 | |||
| b74db81304 | |||
| a8adbda04a | |||
| 3e80d30ca6 | |||
| 2eb54d50a5 | |||
| 6995308c17 | |||
| 0738d120ae | |||
| bad6879589 | |||
| b46948c0ba | |||
| 3024720fc2 | |||
| cf854c9278 | |||
| 608cc2a81f | |||
| 396670dc8f | |||
| 79f65868ca | |||
| 56e5524a0f | |||
| 1ae185d0bc | |||
| 82276b53a8 | |||
| d5882f16be | |||
| b35e7b0702 | |||
| bce7d95838 | |||
| 4d490d0add | |||
| 7cff1a9842 | |||
| cfba7b4daa | |||
| 4dff48e807 | |||
| 8abe0daf20 |
@@ -94,6 +94,22 @@ jobs:
|
||||
greper/certd:${{steps.get_certd_version.outputs.result}}
|
||||
ghcr.io/${{ github.repository }}:latest
|
||||
ghcr.io/${{ github.repository }}:${{steps.get_certd_version.outputs.result}}
|
||||
- name: Build slim
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
platforms: linux/amd64,linux/arm64
|
||||
push: true
|
||||
context: ./packages/ui/
|
||||
build-args: |
|
||||
base_type=slim
|
||||
tags: |
|
||||
registry.cn-shenzhen.aliyuncs.com/handsfree/certd:slim
|
||||
registry.cn-shenzhen.aliyuncs.com/handsfree/certd:${{steps.get_certd_version.outputs.result}}-slim
|
||||
greper/certd:slim
|
||||
greper/certd:${{steps.get_certd_version.outputs.result}}-slim
|
||||
ghcr.io/${{ github.repository }}:slim
|
||||
ghcr.io/${{ github.repository }}:${{steps.get_certd_version.outputs.result}}-slim
|
||||
|
||||
- name: Build armv7
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
|
||||
@@ -400,6 +400,7 @@ export class OAuthDemoAccess extends BaseAccess {
|
||||
4. **错误处理**:API 调用失败时应抛出明确的错误信息。
|
||||
5. **测试方法**:实现 `onTestRequest` 方法,以便用户可以测试授权是否正常。
|
||||
6. **统一接口调用**:封装统一的 API 请求方法,避免重复编写错误处理逻辑。
|
||||
7. **旧版数据兼容**: 新增注解的插件参数,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default`和`custom`,需要在使用时判空,走旧版逻辑。
|
||||
|
||||
## 开发技巧
|
||||
|
||||
|
||||
@@ -454,3 +454,4 @@ new TencentDnsProvider();
|
||||
3. **记录结构**:定义适合对应云平台的记录数据结构,至少包含 id 字段用于删除记录。
|
||||
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`。
|
||||
5. **错误处理**:API 调用失败时应抛出明确的错误信息。
|
||||
6. **旧版数据兼容**: 新增插件参数,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default`和`custom`,需要在使用时判空,走旧版逻辑。
|
||||
|
||||
@@ -281,12 +281,12 @@ export class DemoTest extends AbstractTaskPlugin {
|
||||
return {
|
||||
value: item.siteName,
|
||||
label: item.siteName,
|
||||
domain: item.siteName,
|
||||
domain: item.siteName, //这里必须要包含domain 否则后面分组时候全部分配到未匹配中
|
||||
};
|
||||
});
|
||||
//将站点域名名称根据证书域名进行匹配分组,分成匹配的和不匹配的两组选项,返回给前端,供用户选择
|
||||
return {
|
||||
list: optionsUtils.buildGroupOptions(options, this.certDomains),
|
||||
list: optionsUtils.buildGroupOptions(options, this.certDomains), //分组后的列表
|
||||
total: siteRes.length,
|
||||
};
|
||||
}
|
||||
@@ -641,6 +641,7 @@ new AliyunOSSDeploy();
|
||||
4. **日志输出**:使用 `this.logger` 输出日志,而不是 `console`,参数文本化,不要传对象,否则会输出`[object Object]}`。
|
||||
5. **错误处理**:执行过程中的错误应被捕获并记录。
|
||||
6. **授权获取**:使用 `this.getAccess(accessId)` 获取授权信息。
|
||||
7. **旧版数据兼容**: 新增@TaskInput注解的插件参数,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default`和`custom`,需要在使用时判空,走旧版逻辑。
|
||||
|
||||
## 部署逻辑注意事项
|
||||
|
||||
|
||||
@@ -59,12 +59,11 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
|
||||
|
||||
## 常用验证
|
||||
|
||||
- 后端聚焦单测:`corepack pnpm --dir packages\ui\certd-server test:unit`。
|
||||
- 后端完整测试:`corepack pnpm --dir packages\ui\certd-server test`。
|
||||
- 前端改动文件格式化:`packages\ui\certd-client\node_modules\.bin\prettier.cmd --write <files>`。
|
||||
- 前端改动文件 ESLint 修复:`packages\ui\certd-client\node_modules\.bin\eslint.cmd --fix <files>`。
|
||||
- 后端改动文件 lint fix:`corepack pnpm --dir packages\ui\certd-server run lint`。
|
||||
- 其他package lint fix:`corepack pnpm --dir packages\xxx\xxxx run lint`。
|
||||
- 后端单元测试:`cd packages\ui\certd-server && npm run unit`。
|
||||
- 后端改动文件 lint fix:`cd packages\ui\certd-server && npm run lint`。
|
||||
- 其他package lint fix:`cd packages\xxx\xxxx && npm run lint`。
|
||||
|
||||
## 通用工作规则
|
||||
|
||||
@@ -78,6 +77,20 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
|
||||
- 注释优先使用中文,尤其是业务规则、兼容逻辑、协议细节和隐藏风险;文件已有英文风格或引用外部术语时可保持一致。
|
||||
- 遵守 DRY 和单一职责;第三次出现的业务规则、字段转换、权限判断、Repository 选择、事务传播、金额计算等逻辑,应优先抽成合适 helper 或 service 方法。
|
||||
|
||||
|
||||
## 测试与验证
|
||||
|
||||
- 务必写单元测试,覆盖主要业务逻辑。
|
||||
- 实现新功能或修复行为缺陷前,优先补单元测试并先确认红灯,再实现并跑聚焦验证。
|
||||
- 确实不适合先写测试时,在回复中说明原因和替代验证方式。
|
||||
- 后补单元测试时,按正确行为写预期;若红灯需要修改既有实现,先向用户确认这是 bug 还是既有需求,避免未经确认改变行为。
|
||||
- 后端纯单测放在 `src/**/*.test.ts`,尽量与被测文件相邻;`test:unit` 只跑这些文件,构建/打包应排除 `*.test.ts`。
|
||||
- 单测需要 mock ESM 静态 import 时,优先使用 `esmock`,不要为了测试改业务代码结构。
|
||||
- 各包 `test:unit` 脚本应显式设置 `NODE_ENV=unittest`。
|
||||
- 单包单测优先用 `cd <包目录> && npm run test:unit`,例如 `cd packages\ui\certd-server && npm run test:unit`。
|
||||
- 优先对改动包运行聚焦测试或格式化/ESLint;只有跨包影响明显时再考虑更大范围构建。
|
||||
|
||||
|
||||
## 后端规则
|
||||
|
||||
- 后端主包是 `packages/ui/certd-server`,使用 Node.js、ESM、TypeScript、MidwayJS 3、Koa、TypeORM 和 SQL 迁移。
|
||||
@@ -89,7 +102,7 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
|
||||
- 只有需要事务传播时才定义 `ctx`;普通查询、纯函数和简单私有方法继续使用明确参数。
|
||||
- 需要按事务上下文取 Repository 时,用 `BaseService.getRepo(ctx, EntityClass)`。
|
||||
- 需要“有事务则复用、无事务则开启”时,用 `BaseService.transactionWithCtx(ctx, callback)`。
|
||||
- 拼接可选 `projectId` 查询条件时,用 `BaseService.buildUserProjectQuery(userId, projectId)`;不要直接写 `{ userId, projectId }`。
|
||||
- 拼接可选 `projectId` 查询条件时,**必须**使用 `BaseService.buildUserProjectQuery(userId, projectId)`,禁止直接写 `{ userId, projectId }`。因为 `projectId` 可能为 `null`/`undefined`,直接放入查询会生成错误的 `WHERE projectId = NULL` 条件。
|
||||
- `ctx` 类型复用 `BaseService` 导出的 `ServiceContext`。
|
||||
- 新增 service 方法避免与 `BaseService` 方法签名冲突,例如不要用 `delete(id)` 覆盖 `delete(ids, where?)`;改用 `deleteById` 等具体名称。
|
||||
|
||||
@@ -164,7 +177,6 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
|
||||
- 插件依赖的第三方 SDK 可能通过 runtime-deps 动态安装到后端运行目录 `./data/.runtime-deps`。分析阿里云、腾讯云等 SDK 行为时,需要进入该目录阅读实际安装版本代码。
|
||||
- 修改证书申请、验证、部署或通知行为时,先判断归属:ACME client、pipeline 核心、后端 module/service/entity/controller、具体插件、前端 view/form/schema。
|
||||
- 单个服务商或部署目标的问题,不要轻易修改共享 pipeline/core;只有可复用公共语义或跨插件一致行为才上移到 `packages/core/pipeline` 或 `packages/plugins/plugin-lib`。
|
||||
- ACME / EAB:公共 EAB 可能只能创建一次账号;跨用户复用公共 EAB 时,应保存并复用同一个 ACME account private key。
|
||||
- `newAccount({ onlyReturnExisting: true })` 可用同一个 account private key 取回已创建账号 URL,且不会再次消费 EAB。
|
||||
- 修改 EAB `kid` 后,应重新生成绑定该 `kid` 的 account private key;否则应阻止继续申请并提示刷新账号私钥。
|
||||
- 插件开发前先读对应技能:`.trae/skills/dns-provider-dev/SKILL.md`、`.trae/skills/task-plugin-dev/SKILL.md`、`.trae/skills/access-plugin-dev/SKILL.md`、`.trae/skills/plugin-converter/SKILL.md`。
|
||||
@@ -198,13 +210,8 @@ Certd 是可私有化部署的 SSL/TLS 证书自动化管理平台,提供 Web
|
||||
- 后端业务数据、接口、实体、权限、迁移:改 `packages/ui/certd-server/src/modules` 与 `src/controller`。
|
||||
- 表单、列表、插件配置 UI:改 `packages/ui/certd-client/src/views/certd` 及对应 `src/api`。
|
||||
|
||||
## 测试与验证
|
||||
## 注意事项
|
||||
|
||||
- 实现新功能或修复行为缺陷前,优先补单元测试并先确认红灯,再实现并跑聚焦验证。
|
||||
- 确实不适合先写测试时,在回复中说明原因和替代验证方式。
|
||||
- 后补单元测试时,按正确行为写预期;若红灯需要修改既有实现,先向用户确认这是 bug 还是既有需求,避免未经确认改变行为。
|
||||
- 后端纯单测放在 `src/**/*.test.ts`,尽量与被测文件相邻;`test:unit` 只跑这些文件,构建/打包应排除 `*.test.ts`。
|
||||
- 单测需要 mock ESM 静态 import 时,优先使用 `esmock`,不要为了测试改业务代码结构。
|
||||
- 各包 `test:unit` 脚本应显式设置 `NODE_ENV=unittest`。
|
||||
- 单包单测优先用 `corepack pnpm --dir <包目录> test:unit`,例如 `corepack pnpm --dir packages\ui\certd-server test:unit`。
|
||||
- 优先对改动包运行聚焦测试或格式化/ESLint;只有跨包影响明显时再考虑更大范围构建。
|
||||
### 旧版数据兼容
|
||||
|
||||
- 新增插件参数时,必须要考虑旧版数据兼容,比如新增一个deployType参数,有两种值:`default`和`custom`,需要在使用时判空,走旧版逻辑。
|
||||
@@ -3,6 +3,82 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复上传到cos报runtimeDepsService未初始化的问题 ([167b303](https://github.com/certd/certd/commit/167b303faeca02cc11cf97e4be2a3df914852167))
|
||||
* 修复dingtalk通知格式没有换行的bug ([7ed1be9](https://github.com/certd/certd/commit/7ed1be994f8b4b74cdeb38743060c912c027248b))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 给SQLITE_IOERR_WRITE增加友好报错提示,将certd:latest镜像改为certd:slim ([b91c9e4](https://github.com/certd/certd/commit/b91c9e4ea671cb359ef164e27864de1d66cba9d3))
|
||||
* 优化vke keubconfig获取方式,改成先查询,如果没有再创建临时config ([604fa5b](https://github.com/certd/certd/commit/604fa5be634d099d797bfee5c2b0f26ce0ac8461))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复火山引擎查不到自定义源站域名的问题 ([02dabe1](https://github.com/certd/certd/commit/02dabe11db3e9b13ca4621ce9ddd2b808bfca390))
|
||||
* 修复火山引擎自定义源站域名查询不到的问题 ([e44bf9d](https://github.com/certd/certd/commit/e44bf9d77375d48ac7fd1582e69fae02dfd248fa))
|
||||
* **pipeline:** 重构运行时依赖加载逻辑,修复火山引擎DNS解析报runtimeDepsService未初始化的bug ([ec69b8f](https://github.com/certd/certd/commit/ec69b8f11bfd4b20991aef74a72a47182ca79a9d))
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **volcengine-alb:** 修复火山引擎ALB 默认证书部署类型会部署到扩展证书的问题 ([0a068a2](https://github.com/certd/certd/commit/0a068a274673e9768954e9f7367c267d44f3b530))
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
|
||||
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
|
||||
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
|
||||
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
|
||||
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
|
||||
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
|
||||
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复jdk证书格式的问题 ([260f5ae](https://github.com/certd/certd/commit/260f5ae777b83493b0c578fe30fd00ec0c873226))
|
||||
* 修复telegram - 符号转义问题 ([d5882f1](https://github.com/certd/certd/commit/d5882f16bedb09baf09ace92049b02872620f5dc))
|
||||
* **aliyun:** 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug ([1ae185d](https://github.com/certd/certd/commit/1ae185d0bc356f4678bc38ca0582ce3396f82ebe))
|
||||
|
||||
### Features
|
||||
|
||||
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 阿里云ESA证书部署支持SaaS模式 ([82276b5](https://github.com/certd/certd/commit/82276b53a8474a18a3d0237050907c994fc748f0))
|
||||
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
|
||||
* 火山引擎点播插件支持部署到自定义源站域名 ([095791c](https://github.com/certd/certd/commit/095791cdc2b7c1f4b913b634643afec5e30fe9b0))
|
||||
* 基础镜像改成node:22-trixie-slim,对网络兼容性更好 ([c66a2bd](https://github.com/certd/certd/commit/c66a2bd77ab6dbb3e3fe2c00562b66287a9429ea))
|
||||
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
|
||||
* 优化阿里云API网关增加翻页查询 ([ed58ae3](https://github.com/certd/certd/commit/ed58ae3c5339e4a0238a92acfe7ea6d2f566ea28))
|
||||
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
|
||||
* 优化ACME账号字段的选择提示 ([bfd3cac](https://github.com/certd/certd/commit/bfd3cacc687fc5cbc3cb2ca3cadbc140de300dc2))
|
||||
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
|
||||
* **cert-plugin:** 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 ([56e5524](https://github.com/certd/certd/commit/56e5524a0f4af3645d70bc3b3ec750b45ba8de10))
|
||||
* dns默认ipv4first ([194463b](https://github.com/certd/certd/commit/194463bea9e797315aa7a724f4b2930701570419))
|
||||
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
|
||||
* **plugin:** 在线插件编辑支持配置第三方依赖和插件依赖 ([635f069](https://github.com/certd/certd/commit/635f069012d4193cfb7cb051c96e28eec1247ca2))
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -105,17 +105,23 @@ https://certd.handfree.work/
|
||||
|
||||
#### Docker镜像说明:
|
||||
|
||||
- 国内镜像地址:
|
||||
- `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
|
||||
- `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7`、`[version]-armv7`
|
||||
- DockerHub地址:
|
||||
- `https://hub.docker.com/r/greper/certd`
|
||||
- `greper/certd:latest`
|
||||
- `greper/certd:armv7`、`greper/certd:[version]-armv7`
|
||||
- GitHub Packages地址:
|
||||
**镜像版本:**
|
||||
|
||||
- `ghcr.io/certd/certd:latest`
|
||||
- `ghcr.io/certd/certd:armv7`、`ghcr.io/certd/certd:[version]-armv7`
|
||||
| 版本标签 | 基础系统 | 说明 |
|
||||
| --- | --- | --- | --- |
|
||||
| `latest` / `[version]` | Alpine Linux | 默认版本,镜像体积小 |
|
||||
| `slim` / `[version]-slim` | Debian slim | 基于glibc,dns解析兼容性好(可能需要配置security_opt -seccomp=unconfined) |
|
||||
| `armv7` / `[version]-armv7` | Alpine Linux | ARMv7 架构专用版本 |
|
||||
|
||||
**镜像地址:**
|
||||
|
||||
| 镜像仓库 | latest | slim | armv7 |
|
||||
| --- | --- | --- | --- |
|
||||
| 阿里云 | `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest` | `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:slim` | `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7` |
|
||||
| Docker Hub | `greper/certd:latest` | `greper/certd:slim` | `greper/certd:armv7` |
|
||||
| GitHub Packages | `ghcr.io/certd/certd:latest` | `ghcr.io/certd/certd:slim` | `ghcr.io/certd/certd:armv7` |
|
||||
|
||||
> 带版本号的标签请将 `latest` / `slim` / `armv7` 替换为 `[version]` / `[version]-slim` / `[version]-armv7`
|
||||
|
||||
- 镜像构建通过`Actions`自动执行,过程公开透明,请放心使用
|
||||
- [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml)
|
||||
@@ -180,7 +186,8 @@ https://certd.handfree.work/
|
||||
3. 获得专业版功能
|
||||
|
||||
|
||||
> [50元专业版优惠券限时领取](https://app.handfree.work/subject/#/app/certd/product) https://app.handfree.work/subject/#/app/certd/product
|
||||
> [50元专业版优惠券限时领取](https://app.handfree.work/subject/#/app/certd/product)
|
||||
> https://app.handfree.work/subject/#/app/certd/product
|
||||
> app.handfree.work是Certd官方激活码购买平台
|
||||
|
||||
|
||||
|
||||
@@ -5,6 +5,8 @@ services:
|
||||
image: registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest
|
||||
# image: ghcr.io/certd/certd:latest # --------- 如果 报镜像not found,可以尝试其他镜像源
|
||||
# image: greper/certd:latest
|
||||
# security_opt: # --------- 如果slim镜像下启动报错,尝试去掉这两行注释
|
||||
# - seccomp=unconfined # 解决slim镜像下WorkerThreadsTaskRunner::DelayedTaskScheduler::Start() 报错问题
|
||||
container_name: certd # 容器名
|
||||
restart: unless-stopped # 自动重启
|
||||
volumes:
|
||||
|
||||
@@ -3,6 +3,82 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复上传到cos报runtimeDepsService未初始化的问题 ([167b303](https://github.com/certd/certd/commit/167b303faeca02cc11cf97e4be2a3df914852167))
|
||||
* 修复dingtalk通知格式没有换行的bug ([7ed1be9](https://github.com/certd/certd/commit/7ed1be994f8b4b74cdeb38743060c912c027248b))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 给SQLITE_IOERR_WRITE增加友好报错提示,将certd:latest镜像改为certd:slim ([b91c9e4](https://github.com/certd/certd/commit/b91c9e4ea671cb359ef164e27864de1d66cba9d3))
|
||||
* 优化vke keubconfig获取方式,改成先查询,如果没有再创建临时config ([604fa5b](https://github.com/certd/certd/commit/604fa5be634d099d797bfee5c2b0f26ce0ac8461))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复火山引擎查不到自定义源站域名的问题 ([02dabe1](https://github.com/certd/certd/commit/02dabe11db3e9b13ca4621ce9ddd2b808bfca390))
|
||||
* 修复火山引擎自定义源站域名查询不到的问题 ([e44bf9d](https://github.com/certd/certd/commit/e44bf9d77375d48ac7fd1582e69fae02dfd248fa))
|
||||
* **pipeline:** 重构运行时依赖加载逻辑,修复火山引擎DNS解析报runtimeDepsService未初始化的bug ([ec69b8f](https://github.com/certd/certd/commit/ec69b8f11bfd4b20991aef74a72a47182ca79a9d))
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **volcengine-alb:** 修复火山引擎ALB 默认证书部署类型会部署到扩展证书的问题 ([0a068a2](https://github.com/certd/certd/commit/0a068a274673e9768954e9f7367c267d44f3b530))
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
|
||||
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
|
||||
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
|
||||
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
|
||||
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
|
||||
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
|
||||
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复jdk证书格式的问题 ([260f5ae](https://github.com/certd/certd/commit/260f5ae777b83493b0c578fe30fd00ec0c873226))
|
||||
* 修复telegram - 符号转义问题 ([d5882f1](https://github.com/certd/certd/commit/d5882f16bedb09baf09ace92049b02872620f5dc))
|
||||
* **aliyun:** 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug ([1ae185d](https://github.com/certd/certd/commit/1ae185d0bc356f4678bc38ca0582ce3396f82ebe))
|
||||
|
||||
### Features
|
||||
|
||||
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 阿里云ESA证书部署支持SaaS模式 ([82276b5](https://github.com/certd/certd/commit/82276b53a8474a18a3d0237050907c994fc748f0))
|
||||
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
|
||||
* 火山引擎点播插件支持部署到自定义源站域名 ([095791c](https://github.com/certd/certd/commit/095791cdc2b7c1f4b913b634643afec5e30fe9b0))
|
||||
* 基础镜像改成node:22-trixie-slim,对网络兼容性更好 ([c66a2bd](https://github.com/certd/certd/commit/c66a2bd77ab6dbb3e3fe2c00562b66287a9429ea))
|
||||
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
|
||||
* 优化阿里云API网关增加翻页查询 ([ed58ae3](https://github.com/certd/certd/commit/ed58ae3c5339e4a0238a92acfe7ea6d2f566ea28))
|
||||
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
|
||||
* 优化ACME账号字段的选择提示 ([bfd3cac](https://github.com/certd/certd/commit/bfd3cacc687fc5cbc3cb2ca3cadbc140de300dc2))
|
||||
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
|
||||
* **cert-plugin:** 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 ([56e5524](https://github.com/certd/certd/commit/56e5524a0f4af3645d70bc3b3ec750b45ba8de10))
|
||||
* dns默认ipv4first ([194463b](https://github.com/certd/certd/commit/194463bea9e797315aa7a724f4b2930701570419))
|
||||
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
|
||||
* **plugin:** 在线插件编辑支持配置第三方依赖和插件依赖 ([635f069](https://github.com/certd/certd/commit/635f069012d4193cfb7cb051c96e28eec1247ca2))
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
+13
-1
@@ -1,18 +1,30 @@
|
||||
# 镜像说明
|
||||
|
||||
## 镜像版本说明
|
||||
|
||||
| 版本标签 | 基础系统 | OpenJDK | 说明 |
|
||||
| --- | --- | --- | --- |
|
||||
| `latest` / `[version]` | Alpine Linux | 有 | **推荐**,默认版本,镜像体积更小,功能完整,支持所有插件 |
|
||||
| `slim` / `[version]-slim` | Debian slim | 有 | glibc 兼容性更好,适用于依赖 glibc 的特殊场景 |
|
||||
| `armv7` / `[version]-armv7` | Alpine Linux | 有 | ARMv7 架构专用版本 |
|
||||
|
||||
## 国内镜像地址:
|
||||
|
||||
* `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:latest`
|
||||
* `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:slim`、`[version]-slim`
|
||||
* `registry.cn-shenzhen.aliyuncs.com/handsfree/certd:armv7`、`[version]-armv7`
|
||||
|
||||
## DockerHub地址:
|
||||
* `https://hub.docker.com/r/greper/certd`
|
||||
* `greper/certd:latest`
|
||||
* `greper/certd:slim`、`greper/certd:[version]-slim`
|
||||
* `greper/certd:armv7`、`greper/certd:[version]-armv7`
|
||||
|
||||
## GitHub Packages地址:
|
||||
* `ghcr.io/certd/certd:latest`
|
||||
* `ghcr.io/certd/certd:slim`、`ghcr.io/certd/certd:[version]-slim`
|
||||
* `ghcr.io/certd/certd:armv7`、`ghcr.io/certd/certd:[version]-armv7`
|
||||
*
|
||||
|
||||
## 镜像构建公开
|
||||
镜像构建通过`Actions`自动执行,过程公开透明,请放心使用
|
||||
* [点我查看镜像构建日志](https://github.com/certd/certd/actions/workflows/build-image.yml)
|
||||
|
||||
@@ -2,6 +2,18 @@
|
||||
|
||||
## 一、安装
|
||||
|
||||
### 镜像版本选择
|
||||
|
||||
Certd 提供多种 Docker 镜像版本,您可以根据需要选择:
|
||||
|
||||
| 版本标签 | 基础系统 | 说明 |
|
||||
| --- | --- | --- | --- |
|
||||
| `latest` / `[version]` | Alpine Linux | 默认版本,镜像体积小 |
|
||||
| `slim` / `[version]-slim` | Debian slim | glibc版本,dns解析兼容性更好(可能需要配置security_opt -seccomp=unconfined)|
|
||||
| `armv7` / `[version]-armv7` | Alpine Linux | ARMv7 架构专用版本 |
|
||||
|
||||
> 如果您不确定使用哪个版本,请使用默认的 `latest` 版本。
|
||||
|
||||
### 一键脚本安装(推荐)
|
||||
|
||||
如果您的服务器未安装 Docker,该脚本会自动为您安装 Docker 和 Docker Compose,并启动 Certd 容器。
|
||||
|
||||
@@ -18,69 +18,70 @@
|
||||
| 14.| **SFTP授权** | |
|
||||
| 15.| **阿里云OSS授权** | 包含地域和Bucket |
|
||||
| 16.| **APISIX授权** | |
|
||||
| 17.| **亚马逊云aws授权** | |
|
||||
| 18.| **亚马逊云科技(国区)授权** | |
|
||||
| 19.| **微软云Azure授权** | |
|
||||
| 20.| **BIND9 DNS 授权** | 通过 SSH 连接到 BIND9 服务器,使用 nsupdate 命令管理 DNS 记录 |
|
||||
| 21.| **CacheFly** | CacheFly |
|
||||
| 22.| **ACME账号** | 用于复用ACME账号私钥和账号地址,证书申请时不再临时创建账号 |
|
||||
| 23.| **EAB授权** | ZeroSSL证书申请需要EAB授权 |
|
||||
| 24.| **google cloud** | 谷歌云授权 |
|
||||
| 25.| **cloudflare授权** | |
|
||||
| 26.| **中国移动CND授权** | |
|
||||
| 27.| **授权插件示例** | 这是一个示例授权插件,用于演示如何实现一个授权插件 |
|
||||
| 28.| **dns.la授权** | |
|
||||
| 29.| **彩虹DNS** | 彩虹DNS管理系统授权 |
|
||||
| 30.| **多吉云** | |
|
||||
| 31.| **Dokploy授权** | |
|
||||
| 32.| **Dynadot授权** | |
|
||||
| 33.| **farcdn授权** | |
|
||||
| 34.| **FlexCDN授权** | |
|
||||
| 35.| **Gcore** | Gcore |
|
||||
| 36.| **Github授权** | |
|
||||
| 37.| **godaddy授权** | |
|
||||
| 38.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
|
||||
| 39.| **金山云授权** | |
|
||||
| 40.| **FTP授权** | |
|
||||
| 41.| **七牛OSS授权** | |
|
||||
| 42.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
||||
| 43.| **s3/minio授权** | S3/minio oss授权 |
|
||||
| 44.| **namesilo授权** | |
|
||||
| 45.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
||||
| 46.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
|
||||
| 47.| **1panel授权** | 账号和密码 |
|
||||
| 48.| **支付宝** | |
|
||||
| 49.| **白山云授权** | |
|
||||
| 50.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
||||
| 51.| **cdnfly授权** | |
|
||||
| 52.| **k8s授权** | |
|
||||
| 53.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 54.| **LeCDN授权** | |
|
||||
| 55.| **lucky** | |
|
||||
| 56.| **猫云授权** | |
|
||||
| 57.| **plesk授权** | |
|
||||
| 58.| **长亭雷池授权** | |
|
||||
| 59.| **群晖登录授权** | |
|
||||
| 60.| **uniCloud** | unicloud授权 |
|
||||
| 61.| **微信支付** | |
|
||||
| 62.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 63.| **易发云短信** | sms.yfyidc.cn/ |
|
||||
| 64.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
||||
| 65.| **易支付** | |
|
||||
| 66.| **proxmox** | |
|
||||
| 67.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
||||
| 68.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
|
||||
| 69.| **UCloud授权** | 优刻得授权 |
|
||||
| 70.| **又拍云** | |
|
||||
| 71.| **网宿授权** | |
|
||||
| 72.| **西部数码授权** | |
|
||||
| 73.| **我爱云授权** | 我爱云CDN |
|
||||
| 74.| **新网授权(代理方式)** | |
|
||||
| 75.| **新网授权** | |
|
||||
| 76.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
||||
| 77.| **Zenlayer授权** | Zenlayer授权 |
|
||||
| 78.| **GoEdge授权** | |
|
||||
| 79.| **雨云授权** | https://app.rainyun.com/ |
|
||||
| 17.| **橙域网络(asia-isp)授权** | 橙域网络CDN API授权,用于部署证书到橙域CDN |
|
||||
| 18.| **亚马逊云aws授权** | |
|
||||
| 19.| **亚马逊云科技(国区)授权** | |
|
||||
| 20.| **微软云Azure授权** | |
|
||||
| 21.| **BIND9 DNS 授权** | 通过 SSH 连接到 BIND9 服务器,使用 nsupdate 命令管理 DNS 记录 |
|
||||
| 22.| **CacheFly** | CacheFly |
|
||||
| 23.| **ACME账号** | 用于复用ACME账号私钥和账号地址,证书申请时不再临时创建账号 |
|
||||
| 24.| **EAB授权** | ZeroSSL证书申请需要EAB授权 |
|
||||
| 25.| **google cloud** | 谷歌云授权 |
|
||||
| 26.| **cloudflare授权** | |
|
||||
| 27.| **中国移动CND授权** | |
|
||||
| 28.| **授权插件示例** | 这是一个示例授权插件,用于演示如何实现一个授权插件 |
|
||||
| 29.| **dns.la授权** | |
|
||||
| 30.| **彩虹DNS** | 彩虹DNS管理系统授权 |
|
||||
| 31.| **多吉云** | |
|
||||
| 32.| **Dokploy授权** | |
|
||||
| 33.| **Dynadot授权** | |
|
||||
| 34.| **farcdn授权** | |
|
||||
| 35.| **FlexCDN授权** | |
|
||||
| 36.| **Gcore** | Gcore |
|
||||
| 37.| **Github授权** | |
|
||||
| 38.| **godaddy授权** | |
|
||||
| 39.| **HiPM DNSMgr** | HiPM DNSMgr API Token 授权 |
|
||||
| 40.| **金山云授权** | |
|
||||
| 41.| **FTP授权** | |
|
||||
| 42.| **七牛OSS授权** | |
|
||||
| 43.| **腾讯云COS授权** | 腾讯云对象存储授权,包含地域和存储桶 |
|
||||
| 44.| **s3/minio授权** | S3/minio oss授权 |
|
||||
| 45.| **namesilo授权** | |
|
||||
| 46.| **Next Terminal 授权** | 用于访问 Next Terminal API 的授权配置 |
|
||||
| 47.| **Nginx Proxy Manager 授权** | 用于登录 Nginx Proxy Manager,并为代理主机证书部署提供授权。 |
|
||||
| 48.| **1panel授权** | 账号和密码 |
|
||||
| 49.| **支付宝** | |
|
||||
| 50.| **白山云授权** | |
|
||||
| 51.| **宝塔云WAF授权** | 用于连接和管理宝塔云WAF服务的授权配置 |
|
||||
| 52.| **cdnfly授权** | |
|
||||
| 53.| **k8s授权** | |
|
||||
| 54.| **括彩云cdn授权** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 55.| **LeCDN授权** | |
|
||||
| 56.| **lucky** | |
|
||||
| 57.| **猫云授权** | |
|
||||
| 58.| **plesk授权** | |
|
||||
| 59.| **长亭雷池授权** | |
|
||||
| 60.| **群晖登录授权** | |
|
||||
| 61.| **uniCloud** | unicloud授权 |
|
||||
| 62.| **微信支付** | |
|
||||
| 63.| **易盾rcdn授权** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 64.| **易发云短信** | sms.yfyidc.cn/ |
|
||||
| 65.| **易盾DCDN授权** | https://user.yiduncdn.com |
|
||||
| 66.| **易支付** | |
|
||||
| 67.| **proxmox** | |
|
||||
| 68.| **Spaceship.com 授权** | Spaceship.com API 授权插件 |
|
||||
| 69.| **Technitium DNS Server** | Technitium DNS Server 自建DNS服务器授权 |
|
||||
| 70.| **UCloud授权** | 优刻得授权 |
|
||||
| 71.| **又拍云** | |
|
||||
| 72.| **网宿授权** | |
|
||||
| 73.| **西部数码授权** | |
|
||||
| 74.| **我爱云授权** | 我爱云CDN |
|
||||
| 75.| **新网授权(代理方式)** | |
|
||||
| 76.| **新网授权** | |
|
||||
| 77.| **新网互联授权** | 仅支持代理账号,ip需要加入白名单 |
|
||||
| 78.| **Zenlayer授权** | Zenlayer授权 |
|
||||
| 79.| **GoEdge授权** | |
|
||||
| 80.| **雨云授权** | https://app.rainyun.com/ |
|
||||
|
||||
<style module>
|
||||
table th:first-of-type {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
# 任务插件
|
||||
共 `132` 款任务插件
|
||||
共 `134` 款任务插件
|
||||
## 1. 证书申请
|
||||
|
||||
| 序号 | 名称 | 说明 |
|
||||
@@ -25,30 +25,31 @@
|
||||
| 序号 | 名称 | 说明 |
|
||||
|-----|-----|-----|
|
||||
| 1.| **APISIX-更新证书** | 自动更新APISIX证书 |
|
||||
| 2.| **CacheFly-部署证书到CacheFly** | 部署证书到 CacheFly |
|
||||
| 3.| **中国移动-部署证书到CDN** | 中国移动自动部署证书到CDN |
|
||||
| 4.| **多吉云-部署到多吉云CDN** | |
|
||||
| 5.| **farcdn-更新证书** | www.farcdn.net |
|
||||
| 6.| **FlexCDN-更新证书** | |
|
||||
| 7.| **Gcore-刷新Gcore证书** | 刷新现有的证书 |
|
||||
| 8.| **Gcore-部署证书到Gcore** | 仅上传 并不会部署到cdn |
|
||||
| 9.| **GoEdge-更新证书** | GoEdge |
|
||||
| 10.| **金山云-更新CDN证书** | 金山云自动更新CDN证书 |
|
||||
| 11.| **白山云-更新证书** | |
|
||||
| 12.| **cdnfly-部署证书到cdnfly** | cdnfly |
|
||||
| 13.| **天翼云-部署证书到CDN** | 部署证书到天翼云CDN和全站加速 |
|
||||
| 14.| **括彩云-部署到括彩云CDN** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 15.| **LeCDN-更新证书V2** | 支持新版本LeCDN |
|
||||
| 16.| **LeCDN-更新证书** | |
|
||||
| 17.| **Maoyun-更新猫云CDN证书** | |
|
||||
| 18.| **易盾-部署到易盾DCDN** | 主要是防御,http://user.yiduncdn.com/ |
|
||||
| 19.| **易盾-部署到易盾RCDN** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 20.| **雨云-更新证书** | app.rainyun.com |
|
||||
| 21.| **又拍云-部署证书到CDN/USS** | 支持又拍云CDN,又拍云云存储USS |
|
||||
| 22.| **网宿-更新证书** | 网宿证书自动更新 |
|
||||
| 23.| **西数-部署到虚拟主机** | 西部数码部署证书到虚拟主机 |
|
||||
| 24.| **我爱云-部署证书到我爱云CDN** | 部署证书到我爱云CDN |
|
||||
| 25.| **Zenlayer-刷新证书** | 刷新Zenlayer CDN证书 |
|
||||
| 2.| **橙域网络-部署证书到CDN** | 部署证书到橙域网络(asia-isp) CDN加速域名 |
|
||||
| 3.| **CacheFly-部署证书到CacheFly** | 部署证书到 CacheFly |
|
||||
| 4.| **中国移动-部署证书到CDN** | 中国移动自动部署证书到CDN |
|
||||
| 5.| **多吉云-部署到多吉云CDN** | |
|
||||
| 6.| **farcdn-更新证书** | www.farcdn.net |
|
||||
| 7.| **FlexCDN-更新证书** | |
|
||||
| 8.| **Gcore-刷新Gcore证书** | 刷新现有的证书 |
|
||||
| 9.| **Gcore-部署证书到Gcore** | 仅上传 并不会部署到cdn |
|
||||
| 10.| **GoEdge-更新证书** | GoEdge |
|
||||
| 11.| **金山云-更新CDN证书** | 金山云自动更新CDN证书 |
|
||||
| 12.| **白山云-更新证书** | |
|
||||
| 13.| **cdnfly-部署证书到cdnfly** | cdnfly |
|
||||
| 14.| **天翼云-部署证书到CDN** | 部署证书到天翼云CDN和全站加速 |
|
||||
| 15.| **括彩云-部署到括彩云CDN** | 括彩云CDN,每月免费30G,[注册即领](https://kuocaicdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 16.| **LeCDN-更新证书V2** | 支持新版本LeCDN |
|
||||
| 17.| **LeCDN-更新证书** | |
|
||||
| 18.| **Maoyun-更新猫云CDN证书** | |
|
||||
| 19.| **易盾-部署到易盾DCDN** | 主要是防御,http://user.yiduncdn.com/ |
|
||||
| 20.| **易盾-部署到易盾RCDN** | 易盾CDN,每月免费30G,[注册即领](https://rhcdn.yiduncdn.com/register?code=8mn536rrzfbf8) |
|
||||
| 21.| **雨云-更新证书** | app.rainyun.com |
|
||||
| 22.| **又拍云-部署证书到CDN/USS** | 支持又拍云CDN,又拍云云存储USS |
|
||||
| 23.| **网宿-更新证书** | 网宿证书自动更新 |
|
||||
| 24.| **西数-部署到虚拟主机** | 西部数码部署证书到虚拟主机 |
|
||||
| 25.| **我爱云-部署证书到我爱云CDN** | 部署证书到我爱云CDN |
|
||||
| 26.| **Zenlayer-刷新证书** | 刷新Zenlayer CDN证书 |
|
||||
## 4. 面板
|
||||
|
||||
| 序号 | 名称 | 说明 |
|
||||
@@ -62,22 +63,23 @@
|
||||
| 7.| **1Panel-部署面板证书** | 更新1Panel的面板证书 |
|
||||
| 8.| **1Panel-更新站点证书** | 更新1Panel的站点证书 |
|
||||
| 9.| **宝塔-删除过期证书** | 删除证书夹中过期证书 |
|
||||
| 10.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
||||
| 11.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
||||
| 12.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
||||
| 13.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
||||
| 14.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
||||
| 15.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
||||
| 16.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
||||
| 17.| **lucky-更新Lucky证书** | |
|
||||
| 18.| **Plesk-部署Plesk网站证书** | |
|
||||
| 19.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
||||
| 20.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
||||
| 21.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
||||
| 22.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
||||
| 23.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
||||
| 24.| **Proxmox-上传证书到Proxmox** | |
|
||||
| 25.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
||||
| 10.| **宝塔-全自动部署** | 根据证书域名自动匹配宝塔站点,全自动部署SSL证书。新增加速域名自动感知,自动新增部署 |
|
||||
| 11.| **宝塔-WAF证书部署** | 部署宝塔云WAF/aaWAF |
|
||||
| 12.| **宝塔-面板证书部署** | 部署宝塔面板本身的ssl证书 |
|
||||
| 13.| **宝塔win-网站证书部署** | 部署到Windows版宝塔管理的站点的ssl证书 |
|
||||
| 14.| **宝塔-网站证书部署** | 部署宝塔管理的站点的ssl证书,目前支持宝塔网站站点、docker站点等。本插件也支持aaPanel。 |
|
||||
| 15.| **K8S-Apply自定义yaml** | apply自定义yaml到k8s |
|
||||
| 16.| **K8S-Ingress 证书部署** | 部署证书到k8s的Ingress |
|
||||
| 17.| **K8S-部署证书到Secret** | 部署证书到k8s的secret |
|
||||
| 18.| **lucky-更新Lucky证书** | |
|
||||
| 19.| **Plesk-部署Plesk网站证书** | |
|
||||
| 20.| **Plesk-更新证书** | 不会创建新证书记录,直接更新旧的证书 |
|
||||
| 21.| **雷池-更新证书(支持控制台和防护应用)** | 更新长亭雷池WAF的证书,支持更新控制台和防护应用的证书。 |
|
||||
| 22.| **群晖-部署证书到群晖面板** | Synology,支持6.x以上版本 |
|
||||
| 23.| **群晖-刷新OTP登录有效期** | 群晖登录状态可能30天失效,需要在失效之前登录一次,刷新有效期,您可以将其放在“部署到群晖面板”任务之后 |
|
||||
| 24.| **uniCloud-部署到服务空间** | 部署到服务空间 |
|
||||
| 25.| **Proxmox-上传证书到Proxmox** | |
|
||||
| 26.| **威联通-部署证书到威联通** | 部署证书到qnap |
|
||||
## 5. 阿里云
|
||||
|
||||
| 序号 | 名称 | 说明 |
|
||||
@@ -90,7 +92,7 @@
|
||||
| 6.| **阿里云-部署证书至API网关** | 自动部署域名证书至阿里云API网关(APIGateway) |
|
||||
| 7.| **阿里云-部署证书至CDN** | 自动部署域名证书至阿里云CDN |
|
||||
| 8.| **阿里云-部署证书至DCDN** | 依赖证书申请前置任务,自动部署域名证书至阿里云DCDN |
|
||||
| 9.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速),自动删除过期证书 |
|
||||
| 9.| **阿里云-部署至ESA** | 部署证书到阿里云ESA(边缘安全加速),支持边缘证书和SaaS证书两种模式 |
|
||||
| 10.| **阿里云-部署至阿里云FC(3.0)** | 部署证书到阿里云函数计算(FC3.0) |
|
||||
| 11.| **阿里云-部署至GA** | 部署证书到阿里云GA(全球加速),支持更新默认证书和扩展证书 |
|
||||
| 12.| **阿里云-部署至直播(Live)** | 部署证书到阿里云视频直播(Live)域名 |
|
||||
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 379 KiB |
@@ -1,15 +1,23 @@
|
||||
# google证书申请教程
|
||||
|
||||
## 1、启用API
|
||||
## 1、 添加流水线
|
||||
|
||||
点击“创建证书流水线”按钮
|
||||
|
||||
## 2、 生成google ACME账号
|
||||
|
||||

|
||||
|
||||
## 3、 获取Google EAB
|
||||
|
||||
### 3.1、启用API
|
||||
打开如下链接,启用 API
|
||||
|
||||
https://console.cloud.google.com/apis/library/publicca.googleapis.com
|
||||
|
||||
打开该链接后点击“启用”,随后等待右侧出现“API已启用”则可以关闭该页。
|
||||
|
||||
## 2、 获取授权
|
||||
以下两种方式任选其一
|
||||
### 2.1 直接获取EAB 【推荐】
|
||||
## 3.2、 创建EAB
|
||||
|
||||
|
||||
1. 打开“Google Cloud Shell”(在右上角点击激活CloudShell图标)。
|
||||
@@ -31,28 +39,10 @@ keyId: xxxxxxxxxxxxx]
|
||||
3. 到Certd中,创建一条EAB授权记录,填写keyId(=kid) 和 b64MacKey 信息
|
||||
注意:keyId没有`]`结尾,不要把`]`也复制了
|
||||
|
||||
## 4、 生成Google ACME账号
|
||||
|
||||
注意:EAB授权使用过一次之后,会绑定邮箱,后续再次使用时,要使用相同的邮箱,所以邮箱切记不要修改
|
||||
否则会报错 `Unknown external account binding (EAB) key. This may be due to the EAB key expiring which occurs 7 days after creation`
|
||||
|
||||
4. 创建证书流水线,选择证书提供商为google,选择EAB授权,运行流水线申请证书
|
||||
|
||||
|
||||
### 2.2 通过google服务账号接口获取授权
|
||||
|
||||
此方式可以自动获取EAB,需要服务端配置代理
|
||||
|
||||
1. 创建服务账号
|
||||
https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts/create?walkthrough_id=iam--create-service-account&hl=zh-cn#step_index=1
|
||||
|
||||
2. 选择一个项目,进入创建服务账号页面
|
||||
3. 给服务账号起一个名字,点击`创建并继续`
|
||||
4. 向此服务账号授予对项目的访问权限: `选择角色`->`基本`->`Owner`
|
||||
5. 点击完成
|
||||
6. 点击服务账号,进入服务账号详情页面
|
||||
7. 点击`添加密钥`->`创建新密钥`->`JSON`,下载密钥文件
|
||||
8. 将json文件内容粘贴到 certd中 Google服务授权输入框中
|
||||
|
||||
9. 创建证书流水线,选择证书提供商为google, 选择服务账号授权,运行流水线申请证书
|
||||
|
||||
|
||||
## 5、创建证书流水线,运行流水线申请证书
|
||||
|
||||
|
||||
+1
-1
@@ -9,5 +9,5 @@
|
||||
}
|
||||
},
|
||||
"npmClient": "pnpm",
|
||||
"version": "1.41.4"
|
||||
"version": "1.42.5"
|
||||
}
|
||||
|
||||
@@ -39,6 +39,7 @@
|
||||
"test:unit": "cross-env NODE_ENV=unittest pnpm -r --workspace-concurrency=1 run test:unit",
|
||||
"pub": "echo 1",
|
||||
"dev": "pnpm run -r --parallel compile ",
|
||||
"lint_all": "pnpm run -r --parallel lint ",
|
||||
"pub_all": "node ./scripts/pub-all.js",
|
||||
"release": "time /t >trigger/release.trigger && git add trigger/release.trigger && git commit -m \"build: release\" && git push",
|
||||
"publish_to_atomgit": "node --experimental-json-modules ./scripts/publish-atomgit.js",
|
||||
|
||||
@@ -3,6 +3,32 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/publishlab/node-acme-client/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
**Note:** Version bump only for package @certd/acme-client
|
||||
|
||||
## [1.42.4](https://github.com/publishlab/node-acme-client/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/acme-client
|
||||
|
||||
## [1.42.3](https://github.com/publishlab/node-acme-client/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/acme-client
|
||||
|
||||
## [1.42.2](https://github.com/publishlab/node-acme-client/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/acme-client
|
||||
|
||||
## [1.42.1](https://github.com/publishlab/node-acme-client/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/acme-client
|
||||
|
||||
# [1.42.0](https://github.com/publishlab/node-acme-client/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/publishlab/node-acme-client/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
|
||||
|
||||
## [1.41.4](https://github.com/publishlab/node-acme-client/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
**Note:** Version bump only for package @certd/acme-client
|
||||
|
||||
@@ -1,518 +0,0 @@
|
||||
## Classes
|
||||
|
||||
<dl>
|
||||
<dt><a href="#AcmeClient">AcmeClient</a></dt>
|
||||
<dd><p>AcmeClient</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
## Objects
|
||||
|
||||
<dl>
|
||||
<dt><a href="#Client">Client</a> : <code>object</code></dt>
|
||||
<dd><p>ACME client</p>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
<a name="AcmeClient"></a>
|
||||
|
||||
## AcmeClient
|
||||
AcmeClient
|
||||
|
||||
**Kind**: global class
|
||||
|
||||
* [AcmeClient](#AcmeClient)
|
||||
* [new AcmeClient(opts)](#new_AcmeClient_new)
|
||||
* [.getTermsOfServiceUrl()](#AcmeClient+getTermsOfServiceUrl) ⇒ <code>Promise.<(string\|null)></code>
|
||||
* [.getAccountUrl()](#AcmeClient+getAccountUrl) ⇒ <code>string</code>
|
||||
* [.createAccount([data])](#AcmeClient+createAccount) ⇒ <code>Promise.<object></code>
|
||||
* [.updateAccount([data])](#AcmeClient+updateAccount) ⇒ <code>Promise.<object></code>
|
||||
* [.updateAccountKey(newAccountKey, [data])](#AcmeClient+updateAccountKey) ⇒ <code>Promise.<object></code>
|
||||
* [.createOrder(data)](#AcmeClient+createOrder) ⇒ <code>Promise.<object></code>
|
||||
* [.getOrder(order)](#AcmeClient+getOrder) ⇒ <code>Promise.<object></code>
|
||||
* [.finalizeOrder(order, csr)](#AcmeClient+finalizeOrder) ⇒ <code>Promise.<object></code>
|
||||
* [.getAuthorizations(order)](#AcmeClient+getAuthorizations) ⇒ <code>Promise.<Array.<object>></code>
|
||||
* [.deactivateAuthorization(authz)](#AcmeClient+deactivateAuthorization) ⇒ <code>Promise.<object></code>
|
||||
* [.getChallengeKeyAuthorization(challenge)](#AcmeClient+getChallengeKeyAuthorization) ⇒ <code>Promise.<string></code>
|
||||
* [.verifyChallenge(authz, challenge)](#AcmeClient+verifyChallenge) ⇒ <code>Promise</code>
|
||||
* [.completeChallenge(challenge)](#AcmeClient+completeChallenge) ⇒ <code>Promise.<object></code>
|
||||
* [.waitForValidStatus(item)](#AcmeClient+waitForValidStatus) ⇒ <code>Promise.<object></code>
|
||||
* [.getCertificate(order, [preferredChain])](#AcmeClient+getCertificate) ⇒ <code>Promise.<string></code>
|
||||
* [.revokeCertificate(cert, [data])](#AcmeClient+revokeCertificate) ⇒ <code>Promise</code>
|
||||
* [.auto(opts)](#AcmeClient+auto) ⇒ <code>Promise.<string></code>
|
||||
|
||||
<a name="new_AcmeClient_new"></a>
|
||||
|
||||
### new AcmeClient(opts)
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| opts | <code>object</code> | |
|
||||
| opts.directoryUrl | <code>string</code> | ACME directory URL |
|
||||
| opts.accountKey | <code>buffer</code> \| <code>string</code> | PEM encoded account private key |
|
||||
| [opts.accountUrl] | <code>string</code> | Account URL, default: `null` |
|
||||
| [opts.externalAccountBinding] | <code>object</code> | |
|
||||
| [opts.externalAccountBinding.kid] | <code>string</code> | External account binding KID |
|
||||
| [opts.externalAccountBinding.hmacKey] | <code>string</code> | External account binding HMAC key |
|
||||
| [opts.backoffAttempts] | <code>number</code> | Maximum number of backoff attempts, default: `10` |
|
||||
| [opts.backoffMin] | <code>number</code> | Minimum backoff attempt delay in milliseconds, default: `5000` |
|
||||
| [opts.backoffMax] | <code>number</code> | Maximum backoff attempt delay in milliseconds, default: `30000` |
|
||||
|
||||
**Example**
|
||||
Create ACME client instance
|
||||
```js
|
||||
const client = new acme.Client({
|
||||
directoryUrl: acme.directory.letsencrypt.staging,
|
||||
accountKey: 'Private key goes here',
|
||||
});
|
||||
```
|
||||
**Example**
|
||||
Create ACME client instance
|
||||
```js
|
||||
const client = new acme.Client({
|
||||
directoryUrl: acme.directory.letsencrypt.staging,
|
||||
accountKey: 'Private key goes here',
|
||||
accountUrl: 'Optional account URL goes here',
|
||||
backoffAttempts: 10,
|
||||
backoffMin: 5000,
|
||||
backoffMax: 30000,
|
||||
});
|
||||
```
|
||||
**Example**
|
||||
Create ACME client with external account binding
|
||||
```js
|
||||
const client = new acme.Client({
|
||||
directoryUrl: 'https://acme-provider.example.com/directory-url',
|
||||
accountKey: 'Private key goes here',
|
||||
externalAccountBinding: {
|
||||
kid: 'YOUR-EAB-KID',
|
||||
hmacKey: 'YOUR-EAB-HMAC-KEY',
|
||||
},
|
||||
});
|
||||
```
|
||||
<a name="AcmeClient+getTermsOfServiceUrl"></a>
|
||||
|
||||
### acmeClient.getTermsOfServiceUrl() ⇒ <code>Promise.<(string\|null)></code>
|
||||
Get Terms of Service URL if available
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<(string\|null)></code> - ToS URL
|
||||
**Example**
|
||||
Get Terms of Service URL
|
||||
```js
|
||||
const termsOfService = client.getTermsOfServiceUrl();
|
||||
|
||||
if (!termsOfService) {
|
||||
// CA did not provide Terms of Service
|
||||
}
|
||||
```
|
||||
<a name="AcmeClient+getAccountUrl"></a>
|
||||
|
||||
### acmeClient.getAccountUrl() ⇒ <code>string</code>
|
||||
Get current account URL
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>string</code> - Account URL
|
||||
**Throws**:
|
||||
|
||||
- <code>Error</code> No account URL found
|
||||
|
||||
**Example**
|
||||
Get current account URL
|
||||
```js
|
||||
try {
|
||||
const accountUrl = client.getAccountUrl();
|
||||
}
|
||||
catch (e) {
|
||||
// No account URL exists, need to create account first
|
||||
}
|
||||
```
|
||||
<a name="AcmeClient+createAccount"></a>
|
||||
|
||||
### acmeClient.createAccount([data]) ⇒ <code>Promise.<object></code>
|
||||
Create a new account
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Account
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| [data] | <code>object</code> | Request data |
|
||||
|
||||
**Example**
|
||||
Create a new account
|
||||
```js
|
||||
const account = await client.createAccount({
|
||||
termsOfServiceAgreed: true,
|
||||
});
|
||||
```
|
||||
**Example**
|
||||
Create a new account with contact info
|
||||
```js
|
||||
const account = await client.createAccount({
|
||||
termsOfServiceAgreed: true,
|
||||
contact: ['mailto:test@example.com'],
|
||||
});
|
||||
```
|
||||
<a name="AcmeClient+updateAccount"></a>
|
||||
|
||||
### acmeClient.updateAccount([data]) ⇒ <code>Promise.<object></code>
|
||||
Update existing account
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Account
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| [data] | <code>object</code> | Request data |
|
||||
|
||||
**Example**
|
||||
Update existing account
|
||||
```js
|
||||
const account = await client.updateAccount({
|
||||
contact: ['mailto:foo@example.com'],
|
||||
});
|
||||
```
|
||||
<a name="AcmeClient+updateAccountKey"></a>
|
||||
|
||||
### acmeClient.updateAccountKey(newAccountKey, [data]) ⇒ <code>Promise.<object></code>
|
||||
Update account private key
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Account
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| newAccountKey | <code>buffer</code> \| <code>string</code> | New PEM encoded private key |
|
||||
| [data] | <code>object</code> | Additional request data |
|
||||
|
||||
**Example**
|
||||
Update account private key
|
||||
```js
|
||||
const newAccountKey = 'New private key goes here';
|
||||
const result = await client.updateAccountKey(newAccountKey);
|
||||
```
|
||||
<a name="AcmeClient+createOrder"></a>
|
||||
|
||||
### acmeClient.createOrder(data) ⇒ <code>Promise.<object></code>
|
||||
Create a new order
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Order
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| data | <code>object</code> | Request data |
|
||||
|
||||
**Example**
|
||||
Create a new order
|
||||
```js
|
||||
const order = await client.createOrder({
|
||||
identifiers: [
|
||||
{ type: 'dns', value: 'example.com' },
|
||||
{ type: 'dns', value: 'test.example.com' },
|
||||
],
|
||||
});
|
||||
```
|
||||
<a name="AcmeClient+getOrder"></a>
|
||||
|
||||
### acmeClient.getOrder(order) ⇒ <code>Promise.<object></code>
|
||||
Refresh order object from CA
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Order
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| order | <code>object</code> | Order object |
|
||||
|
||||
**Example**
|
||||
```js
|
||||
const order = { ... }; // Previously created order object
|
||||
const result = await client.getOrder(order);
|
||||
```
|
||||
<a name="AcmeClient+finalizeOrder"></a>
|
||||
|
||||
### acmeClient.finalizeOrder(order, csr) ⇒ <code>Promise.<object></code>
|
||||
Finalize order
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Order
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| order | <code>object</code> | Order object |
|
||||
| csr | <code>buffer</code> \| <code>string</code> | PEM encoded Certificate Signing Request |
|
||||
|
||||
**Example**
|
||||
Finalize order
|
||||
```js
|
||||
const order = { ... }; // Previously created order object
|
||||
const csr = { ... }; // Previously created Certificate Signing Request
|
||||
const result = await client.finalizeOrder(order, csr);
|
||||
```
|
||||
<a name="AcmeClient+getAuthorizations"></a>
|
||||
|
||||
### acmeClient.getAuthorizations(order) ⇒ <code>Promise.<Array.<object>></code>
|
||||
Get identifier authorizations from order
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<Array.<object>></code> - Authorizations
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| order | <code>object</code> | Order |
|
||||
|
||||
**Example**
|
||||
Get identifier authorizations
|
||||
```js
|
||||
const order = { ... }; // Previously created order object
|
||||
const authorizations = await client.getAuthorizations(order);
|
||||
|
||||
authorizations.forEach((authz) => {
|
||||
const { challenges } = authz;
|
||||
});
|
||||
```
|
||||
<a name="AcmeClient+deactivateAuthorization"></a>
|
||||
|
||||
### acmeClient.deactivateAuthorization(authz) ⇒ <code>Promise.<object></code>
|
||||
Deactivate identifier authorization
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Authorization
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| authz | <code>object</code> | Identifier authorization |
|
||||
|
||||
**Example**
|
||||
Deactivate identifier authorization
|
||||
```js
|
||||
const authz = { ... }; // Identifier authorization resolved from previously created order
|
||||
const result = await client.deactivateAuthorization(authz);
|
||||
```
|
||||
<a name="AcmeClient+getChallengeKeyAuthorization"></a>
|
||||
|
||||
### acmeClient.getChallengeKeyAuthorization(challenge) ⇒ <code>Promise.<string></code>
|
||||
Get key authorization for ACME challenge
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-8.1
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<string></code> - Key authorization
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| challenge | <code>object</code> | Challenge object returned by API |
|
||||
|
||||
**Example**
|
||||
Get challenge key authorization
|
||||
```js
|
||||
const challenge = { ... }; // Challenge from previously resolved identifier authorization
|
||||
const key = await client.getChallengeKeyAuthorization(challenge);
|
||||
|
||||
// Write key somewhere to satisfy challenge
|
||||
```
|
||||
<a name="AcmeClient+verifyChallenge"></a>
|
||||
|
||||
### acmeClient.verifyChallenge(authz, challenge) ⇒ <code>Promise</code>
|
||||
Verify that ACME challenge is satisfied
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| authz | <code>object</code> | Identifier authorization |
|
||||
| challenge | <code>object</code> | Authorization challenge |
|
||||
|
||||
**Example**
|
||||
Verify satisfied ACME challenge
|
||||
```js
|
||||
const authz = { ... }; // Identifier authorization
|
||||
const challenge = { ... }; // Satisfied challenge
|
||||
await client.verifyChallenge(authz, challenge);
|
||||
```
|
||||
<a name="AcmeClient+completeChallenge"></a>
|
||||
|
||||
### acmeClient.completeChallenge(challenge) ⇒ <code>Promise.<object></code>
|
||||
Notify CA that challenge has been completed
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Challenge
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| challenge | <code>object</code> | Challenge object returned by API |
|
||||
|
||||
**Example**
|
||||
Notify CA that challenge has been completed
|
||||
```js
|
||||
const challenge = { ... }; // Satisfied challenge
|
||||
const result = await client.completeChallenge(challenge);
|
||||
```
|
||||
<a name="AcmeClient+waitForValidStatus"></a>
|
||||
|
||||
### acmeClient.waitForValidStatus(item) ⇒ <code>Promise.<object></code>
|
||||
Wait for ACME provider to verify status on a order, authorization or challenge
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<object></code> - Valid order, authorization or challenge
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| item | <code>object</code> | An order, authorization or challenge object |
|
||||
|
||||
**Example**
|
||||
Wait for valid challenge status
|
||||
```js
|
||||
const challenge = { ... };
|
||||
await client.waitForValidStatus(challenge);
|
||||
```
|
||||
**Example**
|
||||
Wait for valid authorization status
|
||||
```js
|
||||
const authz = { ... };
|
||||
await client.waitForValidStatus(authz);
|
||||
```
|
||||
**Example**
|
||||
Wait for valid order status
|
||||
```js
|
||||
const order = { ... };
|
||||
await client.waitForValidStatus(order);
|
||||
```
|
||||
<a name="AcmeClient+getCertificate"></a>
|
||||
|
||||
### acmeClient.getCertificate(order, [preferredChain]) ⇒ <code>Promise.<string></code>
|
||||
Get certificate from ACME order
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.2
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<string></code> - Certificate
|
||||
|
||||
| Param | Type | Default | Description |
|
||||
| --- | --- | --- | --- |
|
||||
| order | <code>object</code> | | Order object |
|
||||
| [preferredChain] | <code>string</code> | <code>null</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
|
||||
|
||||
**Example**
|
||||
Get certificate
|
||||
```js
|
||||
const order = { ... }; // Previously created order
|
||||
const certificate = await client.getCertificate(order);
|
||||
```
|
||||
**Example**
|
||||
Get certificate with preferred chain
|
||||
```js
|
||||
const order = { ... }; // Previously created order
|
||||
const certificate = await client.getCertificate(order, 'DST Root CA X3');
|
||||
```
|
||||
<a name="AcmeClient+revokeCertificate"></a>
|
||||
|
||||
### acmeClient.revokeCertificate(cert, [data]) ⇒ <code>Promise</code>
|
||||
Revoke certificate
|
||||
|
||||
https://datatracker.ietf.org/doc/html/rfc8555#section-7.6
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| cert | <code>buffer</code> \| <code>string</code> | PEM encoded certificate |
|
||||
| [data] | <code>object</code> | Additional request data |
|
||||
|
||||
**Example**
|
||||
Revoke certificate
|
||||
```js
|
||||
const certificate = { ... }; // Previously created certificate
|
||||
const result = await client.revokeCertificate(certificate);
|
||||
```
|
||||
**Example**
|
||||
Revoke certificate with reason
|
||||
```js
|
||||
const certificate = { ... }; // Previously created certificate
|
||||
const result = await client.revokeCertificate(certificate, {
|
||||
reason: 4,
|
||||
});
|
||||
```
|
||||
<a name="AcmeClient+auto"></a>
|
||||
|
||||
### acmeClient.auto(opts) ⇒ <code>Promise.<string></code>
|
||||
Auto mode
|
||||
|
||||
**Kind**: instance method of [<code>AcmeClient</code>](#AcmeClient)
|
||||
**Returns**: <code>Promise.<string></code> - Certificate
|
||||
|
||||
| Param | Type | Description |
|
||||
| --- | --- | --- |
|
||||
| opts | <code>object</code> | |
|
||||
| opts.csr | <code>buffer</code> \| <code>string</code> | Certificate Signing Request |
|
||||
| opts.challengeCreateFn | <code>function</code> | Function returning Promise triggered before completing ACME challenge |
|
||||
| opts.challengeRemoveFn | <code>function</code> | Function returning Promise triggered after completing ACME challenge |
|
||||
| [opts.email] | <code>string</code> | Account email address |
|
||||
| [opts.termsOfServiceAgreed] | <code>boolean</code> | Agree to Terms of Service, default: `false` |
|
||||
| [opts.skipChallengeVerification] | <code>boolean</code> | Skip internal challenge verification before notifying ACME provider, default: `false` |
|
||||
| [opts.challengePriority] | <code>Array.<string></code> | Array defining challenge type priority, default: `['http-01', 'dns-01']` |
|
||||
| [opts.preferredChain] | <code>string</code> | Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null` |
|
||||
|
||||
**Example**
|
||||
Order a certificate using auto mode
|
||||
```js
|
||||
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
|
||||
altNames: ['test.example.com'],
|
||||
});
|
||||
|
||||
const certificate = await client.auto({
|
||||
csr: certificateRequest,
|
||||
email: 'test@example.com',
|
||||
termsOfServiceAgreed: true,
|
||||
challengeCreateFn: async (authz, challenge, keyAuthorization) => {
|
||||
// Satisfy challenge here
|
||||
},
|
||||
challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
|
||||
// Clean up challenge here
|
||||
},
|
||||
});
|
||||
```
|
||||
**Example**
|
||||
Order a certificate using auto mode with preferred chain
|
||||
```js
|
||||
const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
|
||||
altNames: ['test.example.com'],
|
||||
});
|
||||
|
||||
const certificate = await client.auto({
|
||||
csr: certificateRequest,
|
||||
email: 'test@example.com',
|
||||
termsOfServiceAgreed: true,
|
||||
preferredChain: 'DST Root CA X3',
|
||||
challengeCreateFn: async () => {},
|
||||
challengeRemoveFn: async () => {},
|
||||
});
|
||||
```
|
||||
<a name="Client"></a>
|
||||
|
||||
## Client : <code>object</code>
|
||||
ACME client
|
||||
|
||||
**Kind**: global namespace
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
"description": "Simple and unopinionated ACME client",
|
||||
"private": false,
|
||||
"author": "nmorsman",
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"type": "module",
|
||||
"module": "./dist/index.js",
|
||||
"main": "./dist/index.js",
|
||||
@@ -18,7 +18,7 @@
|
||||
"types"
|
||||
],
|
||||
"dependencies": {
|
||||
"@certd/basic": "^1.41.4",
|
||||
"@certd/basic": "^1.42.5",
|
||||
"@peculiar/x509": "^1.11.0",
|
||||
"asn1js": "^3.0.5",
|
||||
"axios": "^1.9.0",
|
||||
@@ -50,10 +50,9 @@
|
||||
"scripts": {
|
||||
"before-build": "node -e \"const fs=require('fs');fs.rmSync('dist',{recursive:true,force:true});fs.rmSync('tsconfig.tsbuildinfo',{force:true});\"",
|
||||
"build": "npm run before-build && tsc -p tsconfig.build.json --skipLibCheck",
|
||||
"build-docs": "jsdoc2md dist/client.js > docs/client.md && jsdoc2md dist/crypto/index.js > docs/crypto.md && jsdoc2md dist/crypto/forge.js > docs/forge.md",
|
||||
"lint": "eslint \"src/**/*.ts\" \"types/**/*.ts\"",
|
||||
"lint-types": "tsd --files \"types/index.test-d.ts\"",
|
||||
"prepublishOnly": "npm run build && npm run build-docs",
|
||||
"prepublishOnly": "npm run build",
|
||||
"test": "mocha -t 60000 \"test/setup.js\" \"test/**/*.spec.js\"",
|
||||
"before-test:unit": "node -e \"const fs=require('fs');fs.rmSync('dist-test',{recursive:true,force:true});fs.rmSync('tsconfig.test.tsbuildinfo',{force:true});\"",
|
||||
"test:unit": "cross-env NODE_ENV=unittest npm run before-test:unit && cross-env NODE_ENV=unittest tsc -p tsconfig.test.json --skipLibCheck && cross-env NODE_ENV=unittest mocha -t 60000 \"dist-test/**/*.test.js\"",
|
||||
@@ -76,5 +75,5 @@
|
||||
"bugs": {
|
||||
"url": "https://github.com/publishlab/node-acme-client/issues"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -3,6 +3,30 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
**Note:** Version bump only for package @certd/basic
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/basic
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/basic
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/basic
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/basic
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
**Note:** Version bump only for package @certd/basic
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1 +1 @@
|
||||
21:25
|
||||
23:31
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@certd/basic",
|
||||
"private": false,
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"type": "module",
|
||||
"main": "./dist/index.js",
|
||||
"module": "./dist/index.js",
|
||||
@@ -54,5 +54,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -3,6 +3,40 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复上传到cos报runtimeDepsService未初始化的问题 ([167b303](https://github.com/certd/certd/commit/167b303faeca02cc11cf97e4be2a3df914852167))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 优化vke keubconfig获取方式,改成先查询,如果没有再创建临时config ([604fa5b](https://github.com/certd/certd/commit/604fa5be634d099d797bfee5c2b0f26ce0ac8461))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **pipeline:** 重构运行时依赖加载逻辑,修复火山引擎DNS解析报runtimeDepsService未初始化的bug ([ec69b8f](https://github.com/certd/certd/commit/ec69b8f11bfd4b20991aef74a72a47182ca79a9d))
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/pipeline
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/pipeline
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/pipeline
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Features
|
||||
|
||||
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
**Note:** Version bump only for package @certd/pipeline
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@certd/pipeline",
|
||||
"private": false,
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"type": "module",
|
||||
"main": "./dist/index.js",
|
||||
"module": "./dist/index.js",
|
||||
@@ -21,8 +21,8 @@
|
||||
"lint": "eslint --fix"
|
||||
},
|
||||
"dependencies": {
|
||||
"@certd/basic": "^1.41.4",
|
||||
"@certd/plus-core": "^1.41.4",
|
||||
"@certd/basic": "^1.42.5",
|
||||
"@certd/plus-core": "^1.42.5",
|
||||
"dayjs": "^1.11.7",
|
||||
"lodash-es": "^4.17.21",
|
||||
"reflect-metadata": "^0.2.2"
|
||||
@@ -51,5 +51,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@ import { FormItemProps } from "../dt/index.js";
|
||||
import { HttpClient, ILogger, utils } from "@certd/basic";
|
||||
import * as _ from "lodash-es";
|
||||
import { PluginRequestHandleReq } from "../plugin/index.js";
|
||||
import { IRuntimeDepsService, IServiceGetter } from "../service/index.js";
|
||||
import { IServiceGetter, getRuntimeDepsService } from "../service/index.js";
|
||||
|
||||
// export type AccessRequestHandleReqInput<T = any> = {
|
||||
// id?: number;
|
||||
@@ -48,23 +48,13 @@ export type AccessContext = {
|
||||
|
||||
export abstract class BaseAccess implements IAccess {
|
||||
ctx!: AccessContext;
|
||||
runtimeDepsService?: IRuntimeDepsService;
|
||||
|
||||
async importRuntime(specifier: string) {
|
||||
if (!this.runtimeDepsService) {
|
||||
throw new Error("runtimeDepsService 未初始化");
|
||||
}
|
||||
return await this.runtimeDepsService.importRuntime(specifier, this.ctx.logger);
|
||||
return await getRuntimeDepsService().importRuntime(specifier, this.ctx.logger);
|
||||
}
|
||||
|
||||
async setCtx(ctx: AccessContext) {
|
||||
this.ctx = ctx;
|
||||
if (!this.runtimeDepsService && this.ctx.serviceGetter) {
|
||||
this.runtimeDepsService = await this.ctx.serviceGetter.get("runtimeDepsService");
|
||||
}
|
||||
if (this.runtimeDepsService && this.ctx.define?.name) {
|
||||
await this.runtimeDepsService.ensureRuntimeDependencies({ pluginKeys: `access:${this.ctx.define.name}`, logger: this.ctx.logger });
|
||||
}
|
||||
}
|
||||
|
||||
async onRequest(req: AccessRequestHandleReq) {
|
||||
|
||||
@@ -47,7 +47,7 @@ export function AccessInput(input?: AccessInputDefine): PropertyDecorator {
|
||||
};
|
||||
}
|
||||
|
||||
export async function newAccess(type: string, input: any, accessService: IAccessService, ctx?: AccessContext) {
|
||||
export async function newAccess(type: string, input: any, accessService: IAccessService, ctx: AccessContext) {
|
||||
const register = accessRegistry.get(type);
|
||||
if (register == null) {
|
||||
throw new Error(`access ${type} not found`);
|
||||
|
||||
@@ -3,7 +3,7 @@ import { Registrable } from "../registry/index.js";
|
||||
import { FormItemProps, HistoryResult, Pipeline } from "../dt/index.js";
|
||||
import { HttpClient, ILogger, utils } from "@certd/basic";
|
||||
import * as _ from "lodash-es";
|
||||
import { IEmailService, IRuntimeDepsService, IServiceGetter } from "../service/index.js";
|
||||
import { IEmailService, IServiceGetter, getRuntimeDepsService } from "../service/index.js";
|
||||
|
||||
export type NotificationBody = {
|
||||
userId?: number;
|
||||
@@ -89,16 +89,16 @@ export abstract class BaseNotification implements INotification {
|
||||
ctx!: NotificationContext;
|
||||
http!: HttpClient;
|
||||
logger!: ILogger;
|
||||
runtimeDepsService?: IRuntimeDepsService;
|
||||
|
||||
async importRuntime(specifier: string) {
|
||||
if (!this.runtimeDepsService) {
|
||||
return await import(specifier);
|
||||
}
|
||||
return await this.runtimeDepsService.importRuntime(specifier, this.logger);
|
||||
return await getRuntimeDepsService().importRuntime(specifier, this.logger);
|
||||
}
|
||||
|
||||
async doSend(body: NotificationBody) {
|
||||
if (body.content) {
|
||||
const content = body.content?.replace(/\n/g, " \n");
|
||||
body.content = content;
|
||||
}
|
||||
return await this.send(body);
|
||||
}
|
||||
abstract send(body: NotificationBody): Promise<void>;
|
||||
@@ -109,12 +109,6 @@ export abstract class BaseNotification implements INotification {
|
||||
this.ctx = ctx;
|
||||
this.http = ctx.http;
|
||||
this.logger = ctx.logger;
|
||||
if (!this.runtimeDepsService && this.ctx.serviceGetter) {
|
||||
this.runtimeDepsService = await this.ctx.serviceGetter.get("runtimeDepsService");
|
||||
}
|
||||
if (this.runtimeDepsService && this.ctx.define?.name) {
|
||||
await this.runtimeDepsService.ensureRuntimeDependencies({ pluginKeys: `notification:${this.ctx.define.name}`, logger: this.logger });
|
||||
}
|
||||
}
|
||||
setDefine = (define: NotificationDefine) => {
|
||||
this.define = define;
|
||||
|
||||
@@ -10,7 +10,7 @@ import { INotificationService } from "../notification/index.js";
|
||||
import { Registrable } from "../registry/index.js";
|
||||
import { IPluginConfigService } from "../service/config.js";
|
||||
import { TaskEmitter } from "../service/emit.js";
|
||||
import { ICnameProxyService, IEmailService, IRuntimeDepsService, IServiceGetter, IUrlService } from "../service/index.js";
|
||||
import { ICnameProxyService, IEmailService, IServiceGetter, IUrlService, getRuntimeDepsService } from "../service/index.js";
|
||||
|
||||
export type PluginRequestHandleReq<T = any> = {
|
||||
typeName: string;
|
||||
@@ -76,7 +76,7 @@ export type ITaskPlugin = {
|
||||
execute(): Promise<void | string>;
|
||||
onRequest(req: PluginRequestHandleReq<any>): Promise<any>;
|
||||
setCtx(ctx: TaskInstanceContext): Promise<void>;
|
||||
importRuntime?(specifier: string): Promise<any>;
|
||||
importRuntime(specifier: string): Promise<any>;
|
||||
[key: string]: any;
|
||||
};
|
||||
|
||||
@@ -150,13 +150,9 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
|
||||
logger!: ILogger;
|
||||
http!: HttpClient;
|
||||
accessService!: IAccessService;
|
||||
runtimeDepsService!: IRuntimeDepsService;
|
||||
|
||||
async importRuntime(specifier: string) {
|
||||
if (!this.runtimeDepsService) {
|
||||
throw new Error("runtimeDepsService 未初始化");
|
||||
}
|
||||
return await this.runtimeDepsService.importRuntime(specifier, this.logger);
|
||||
return await getRuntimeDepsService().importRuntime(specifier, this.logger);
|
||||
}
|
||||
|
||||
clearLastStatus() {
|
||||
@@ -178,12 +174,6 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
|
||||
this.logger = ctx.logger;
|
||||
this.accessService = ctx.accessService;
|
||||
this.http = ctx.http;
|
||||
if (!this.runtimeDepsService && this.ctx.serviceGetter) {
|
||||
this.runtimeDepsService = await this.ctx.serviceGetter.get("runtimeDepsService");
|
||||
}
|
||||
if (this.runtimeDepsService && this.ctx.define?.name) {
|
||||
await this.runtimeDepsService.ensureRuntimeDependencies({ pluginKeys: `plugin:${this.ctx.define.name}`, logger: this.logger });
|
||||
}
|
||||
// 将证书加入secret
|
||||
// @ts-ignore
|
||||
if (this.cert && this.cert.crt && this.cert.key) {
|
||||
|
||||
+62
-226
@@ -1,38 +1,35 @@
|
||||
import assert from "assert";
|
||||
import assert from "assert";
|
||||
import fs from "fs";
|
||||
import path from "path";
|
||||
import os from "os";
|
||||
import { RuntimeDepsService, type RuntimeDependencyPluginDefine } from "./runtime-deps-service.js";
|
||||
import { accessRegistry, pluginRegistry } from "@certd/pipeline";
|
||||
import { addonRegistry } from "@certd/lib-server";
|
||||
import { RuntimeDepsService, NpmRegistryResolver, type RuntimeDependencyPluginDefine } from "./runtime.js";
|
||||
import { accessRegistry } from "../access/registry.js";
|
||||
import { pluginRegistry } from "../plugin/registry.js";
|
||||
|
||||
describe("RuntimeDepsService", () => {
|
||||
it("detects conflicting dependency ranges across plugins", () => {
|
||||
const service = new RuntimeDepsService();
|
||||
const service = new RuntimeDepsService({}, null);
|
||||
const merged = service.collectDependencies([
|
||||
{ name: "a", dependPackages: { foo: "^1.0.0" } },
|
||||
{ name: "b", dependPackages: { foo: "^1.2.0" } },
|
||||
]);
|
||||
|
||||
assert.deepEqual(merged.dependencies, { foo: "^1.0.0" });
|
||||
assert.equal(merged.conflicts.length, 0);
|
||||
});
|
||||
|
||||
it("reports incompatible dependency ranges", () => {
|
||||
const service = new RuntimeDepsService();
|
||||
const service = new RuntimeDepsService({}, null);
|
||||
const merged = service.collectDependencies([
|
||||
{ name: "a", dependPackages: { foo: "^1.0.0" } },
|
||||
{ name: "b", dependPackages: { foo: "^2.0.0" } },
|
||||
]);
|
||||
|
||||
assert.equal(merged.conflicts.length, 1);
|
||||
assert.equal(merged.conflicts[0].packageName, "foo");
|
||||
});
|
||||
|
||||
it("builds a runtime package manifest in the target directory", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
const service = new RuntimeDepsService({ rootDir }, null);
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "https://registry.npmmirror.com";
|
||||
@@ -50,18 +47,15 @@ describe("RuntimeDepsService", () => {
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
const plugins: RuntimeDependencyPluginDefine[] = [{ name: "a", dependPackages: { foo: "^1.0.0" } }];
|
||||
const result = await service.ensureInstalled(plugins);
|
||||
|
||||
const result = await service.ensureInstalled({ plugins });
|
||||
assert.equal(result.registryUrl, "https://registry.npmmirror.com");
|
||||
assert.ok(fs.existsSync(path.join(rootDir, "package.json")));
|
||||
});
|
||||
|
||||
it("installs direct dependency maps without plugin metadata", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-direct-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
const service = new RuntimeDepsService({ rootDir }, null);
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
@@ -77,9 +71,7 @@ describe("RuntimeDepsService", () => {
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
await service.ensureDependencies({ directPkg: "^1.0.0" });
|
||||
|
||||
await service.ensureDependencies({ dependencies: { directPkg: "^1.0.0" } });
|
||||
const manifest = JSON.parse(fs.readFileSync(path.join(rootDir, "package.json"), "utf8"));
|
||||
assert.deepEqual(manifest.dependencies, { directPkg: "^1.0.0" });
|
||||
});
|
||||
@@ -91,27 +83,19 @@ describe("RuntimeDepsService", () => {
|
||||
fs.writeFileSync(path.join(rootDir, "package.json"), JSON.stringify({ name: "runtime-root", type: "module" }), "utf8");
|
||||
fs.writeFileSync(path.join(packageDir, "package.json"), JSON.stringify({ name: "runtime-only", type: "module", main: "index.js" }), "utf8");
|
||||
fs.writeFileSync(path.join(packageDir, "index.js"), "export const value = 42;\n", "utf8");
|
||||
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
const service = new RuntimeDepsService({ rootDir }, null);
|
||||
service.commandRunner = {
|
||||
async run() {
|
||||
throw new Error("install should not run");
|
||||
},
|
||||
} as any;
|
||||
|
||||
const mod = await service.importRuntime("runtime-only");
|
||||
|
||||
assert.equal(mod.value, 42);
|
||||
});
|
||||
|
||||
it("installs configured lazy dependency when import target is missing", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-lazy-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.lazyDependencies = {
|
||||
"lazy-pkg": "^1.2.3",
|
||||
};
|
||||
const service = new RuntimeDepsService({ rootDir, lazyDependencies: { "lazy-pkg": "^1.2.3" } }, null);
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
@@ -130,9 +114,7 @@ describe("RuntimeDepsService", () => {
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
const mod = await service.importRuntime("lazy-pkg/sub/entry.js");
|
||||
|
||||
const manifest = JSON.parse(fs.readFileSync(path.join(rootDir, "package.json"), "utf8"));
|
||||
assert.deepEqual(manifest.dependencies, { "lazy-pkg": "^1.2.3" });
|
||||
assert.equal(mod.value, 7);
|
||||
@@ -140,11 +122,7 @@ describe("RuntimeDepsService", () => {
|
||||
|
||||
it("resolves scoped package names for lazy imports", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-scoped-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.lazyDependencies = {
|
||||
"@scope/lazy": "^2.0.0",
|
||||
};
|
||||
const service = new RuntimeDepsService({ rootDir, lazyDependencies: { "@scope/lazy": "^2.0.0" } }, null);
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
@@ -163,9 +141,7 @@ describe("RuntimeDepsService", () => {
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
const mod = await service.importRuntime("@scope/lazy/dist/index.js");
|
||||
|
||||
const manifest = JSON.parse(fs.readFileSync(path.join(rootDir, "package.json"), "utf8"));
|
||||
assert.deepEqual(manifest.dependencies, { "@scope/lazy": "^2.0.0" });
|
||||
assert.equal(mod.scoped, true);
|
||||
@@ -173,55 +149,20 @@ describe("RuntimeDepsService", () => {
|
||||
|
||||
it("reports missing lazy dependency configuration", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-lazy-missing-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.lazyDependencies = {};
|
||||
|
||||
const service = new RuntimeDepsService({ rootDir, lazyDependencies: {} }, null);
|
||||
await assert.rejects(() => service.importRuntime("missing-pkg/sub.js"), /未配置懒加载版本: missing-pkg/);
|
||||
});
|
||||
|
||||
it("falls back to project node_modules when lazy dependency is not configured", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-project-fallback-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.lazyDependencies = {};
|
||||
|
||||
const service = new RuntimeDepsService({ rootDir, lazyDependencies: {} }, null);
|
||||
const mod = await service.importRuntime("dayjs");
|
||||
|
||||
assert.equal(typeof mod.default, "function");
|
||||
});
|
||||
|
||||
it("falls back to project node_modules when lazy install fails", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-project-fallback-install-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.lazyDependencies = {
|
||||
dayjs: "^1.11.7",
|
||||
};
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
},
|
||||
} as any;
|
||||
service.commandRunner = {
|
||||
async run(command: string, args: string[]) {
|
||||
assert.equal(command, "pnpm");
|
||||
if (args.includes("--version")) {
|
||||
return { stdout: "9.1.0\n", stderr: "", code: 0 };
|
||||
}
|
||||
return { stdout: "", stderr: "install failed in test", code: 1 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
const mod = await service.importRuntime("dayjs");
|
||||
|
||||
assert.equal(typeof mod.default, "function");
|
||||
});
|
||||
|
||||
it("keeps previously installed dependencies when installing a later plugin", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-merge-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
const service = new RuntimeDepsService({ rootDir }, null);
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
@@ -237,22 +178,17 @@ describe("RuntimeDepsService", () => {
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
await service.ensureInstalled([{ name: "a", pluginType: "deploy", dependPackages: { foo: "^1.0.0" } }]);
|
||||
await service.ensureInstalled([{ name: "b", pluginType: "deploy", dependPackages: { bar: "^2.0.0" } }]);
|
||||
|
||||
await service.ensureInstalled({ plugins: [{ name: "a", pluginType: "deploy", dependPackages: { foo: "^1.0.0" } }] });
|
||||
await service.ensureInstalled({ plugins: [{ name: "b", pluginType: "deploy", dependPackages: { bar: "^2.0.0" } }] });
|
||||
const manifest = JSON.parse(fs.readFileSync(path.join(rootDir, "package.json"), "utf8"));
|
||||
assert.deepEqual(manifest.dependencies, {
|
||||
foo: "^1.0.0",
|
||||
bar: "^2.0.0",
|
||||
});
|
||||
assert.deepEqual(manifest.dependencies, { foo: "^1.0.0", bar: "^2.0.0" });
|
||||
});
|
||||
|
||||
it("includes npm dependencies from dependent plugins", () => {
|
||||
const service = new RuntimeDepsService();
|
||||
it("includes npm dependencies from dependent plugins", async () => {
|
||||
const service = new RuntimeDepsService({}, { accessRegistry, pluginRegistry });
|
||||
accessRegistry.register("runtimeDepsAccess", {
|
||||
define: { name: "runtimeDepsAccess", title: "access", dependPackages: { accessOnly: "^1.0.0" } } as any,
|
||||
target: async () => ({} as any),
|
||||
target: async () => ({}) as any,
|
||||
});
|
||||
try {
|
||||
const resolved = service.resolvePluginDependencies({
|
||||
@@ -262,11 +198,7 @@ describe("RuntimeDepsService", () => {
|
||||
dependPackages: { deployOnly: "^1.0.0" },
|
||||
});
|
||||
const merged = service.collectDependencies(resolved);
|
||||
|
||||
assert.deepEqual(merged.dependencies, {
|
||||
deployOnly: "^1.0.0",
|
||||
accessOnly: "^1.0.0",
|
||||
});
|
||||
assert.deepEqual(merged.dependencies, { deployOnly: "^1.0.0", accessOnly: "^1.0.0" });
|
||||
} finally {
|
||||
accessRegistry.unRegister("runtimeDepsAccess");
|
||||
}
|
||||
@@ -274,8 +206,7 @@ describe("RuntimeDepsService", () => {
|
||||
|
||||
it("installs dependencies by registered plugin key", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-key-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
const service = new RuntimeDepsService({ rootDir }, { pluginRegistry, accessRegistry });
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
@@ -293,11 +224,11 @@ describe("RuntimeDepsService", () => {
|
||||
} as any;
|
||||
pluginRegistry.register("runtimeDepsKey", {
|
||||
define: { name: "runtimeDepsKey", title: "key", dependPackages: { keyed: "^1.0.0" } } as any,
|
||||
target: async () => ({} as any),
|
||||
target: async () => ({}) as any,
|
||||
});
|
||||
try {
|
||||
service.setRegistries({ pluginRegistry, accessRegistry });
|
||||
await service.ensureRuntimeDependencies({ pluginKeys: "plugin:runtimeDepsKey" });
|
||||
|
||||
const manifest = JSON.parse(fs.readFileSync(path.join(rootDir, "package.json"), "utf8"));
|
||||
assert.deepEqual(manifest.dependencies, { keyed: "^1.0.0" });
|
||||
} finally {
|
||||
@@ -305,58 +236,16 @@ describe("RuntimeDepsService", () => {
|
||||
}
|
||||
});
|
||||
|
||||
it("installs dependencies from multiple plugin keys including addon subtype keys", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-keys-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
},
|
||||
} as any;
|
||||
service.commandRunner = {
|
||||
async run(command: string, args: string[]) {
|
||||
assert.equal(command, "pnpm");
|
||||
if (args.includes("--version")) {
|
||||
return { stdout: "9.1.0\n", stderr: "", code: 0 };
|
||||
}
|
||||
fs.mkdirSync(path.join(rootDir, "node_modules"), { recursive: true });
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
accessRegistry.register("runtimeDepsArrayAccess", {
|
||||
define: { name: "runtimeDepsArrayAccess", title: "access", dependPackages: { accessPkg: "^1.0.0" } } as any,
|
||||
target: async () => ({} as any),
|
||||
});
|
||||
addonRegistry.register("captcha:runtimeDepsArrayAddon", {
|
||||
define: { addonType: "captcha", name: "runtimeDepsArrayAddon", title: "addon", dependPackages: { addonPkg: "^2.0.0" } } as any,
|
||||
target: async () => ({} as any),
|
||||
});
|
||||
try {
|
||||
await service.ensureRuntimeDependencies({ pluginKeys: ["access:runtimeDepsArrayAccess", "addon:captcha:runtimeDepsArrayAddon"] });
|
||||
|
||||
const manifest = JSON.parse(fs.readFileSync(path.join(rootDir, "package.json"), "utf8"));
|
||||
assert.deepEqual(manifest.dependencies, {
|
||||
accessPkg: "^1.0.0",
|
||||
addonPkg: "^2.0.0",
|
||||
});
|
||||
} finally {
|
||||
accessRegistry.unRegister("runtimeDepsArrayAccess");
|
||||
addonRegistry.unRegister("captcha:runtimeDepsArrayAddon");
|
||||
}
|
||||
});
|
||||
|
||||
it("reports missing dependent plugins", () => {
|
||||
const service = new RuntimeDepsService();
|
||||
|
||||
const service = new RuntimeDepsService({}, { accessRegistry, pluginRegistry });
|
||||
assert.throws(() => service.resolvePluginDependencies({ name: "deploy", pluginType: "deploy", dependPlugins: { "access:access": "*" } }), /插件依赖缺失/);
|
||||
});
|
||||
|
||||
it("reports incompatible dependent plugin versions", () => {
|
||||
const service = new RuntimeDepsService();
|
||||
const service = new RuntimeDepsService({}, { accessRegistry, pluginRegistry });
|
||||
accessRegistry.register("runtimeDepsVersionedAccess", {
|
||||
define: { name: "runtimeDepsVersionedAccess", title: "access", version: "1.4.0", dependPackages: { accessOnly: "^1.0.0" } } as any,
|
||||
target: async () => ({} as any),
|
||||
target: async () => ({}) as any,
|
||||
});
|
||||
try {
|
||||
assert.throws(
|
||||
@@ -374,73 +263,10 @@ describe("RuntimeDepsService", () => {
|
||||
});
|
||||
|
||||
it("reports bare dependent plugin names as invalid format", () => {
|
||||
const service = new RuntimeDepsService();
|
||||
|
||||
const service = new RuntimeDepsService({}, null);
|
||||
assert.throws(() => service.resolvePluginDependencies({ name: "deploy", pluginType: "deploy", dependPlugins: { runtimeDepsBareName: "*" } }), /插件依赖格式错误/);
|
||||
});
|
||||
|
||||
it("records runtime install environment state", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-state-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
},
|
||||
} as any;
|
||||
service.commandRunner = {
|
||||
async run(command: string, args: string[]) {
|
||||
assert.equal(command, "pnpm");
|
||||
if (args.includes("--version")) {
|
||||
return { stdout: "9.1.0\n", stderr: "", code: 0 };
|
||||
}
|
||||
assert.equal(args[0], "install");
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
await service.ensureInstalled([{ name: "a", dependPackages: { foo: "^1.0.0" } }]);
|
||||
|
||||
const state = JSON.parse(fs.readFileSync(path.join(rootDir, "install-state.json"), "utf8"));
|
||||
assert.equal(state.nodeVersion, process.version);
|
||||
assert.equal(state.pnpmVersion, "9.1.0");
|
||||
assert.equal(state.lastError, undefined);
|
||||
});
|
||||
|
||||
it("serializes installs with a file lock", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-lock-"));
|
||||
const serviceA = new RuntimeDepsService();
|
||||
const serviceB = new RuntimeDepsService();
|
||||
for (const service of [serviceA, serviceB]) {
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
},
|
||||
} as any;
|
||||
}
|
||||
let installCount = 0;
|
||||
const commandRunner = {
|
||||
async run(command: string, args: string[]) {
|
||||
assert.equal(command, "pnpm");
|
||||
if (args.includes("--version")) {
|
||||
return { stdout: "9.1.0\n", stderr: "", code: 0 };
|
||||
}
|
||||
assert.equal(args[0], "install");
|
||||
installCount++;
|
||||
await new Promise(resolve => setTimeout(resolve, 50));
|
||||
fs.mkdirSync(path.join(rootDir, "node_modules"), { recursive: true });
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
};
|
||||
serviceA.commandRunner = commandRunner as any;
|
||||
serviceB.commandRunner = commandRunner as any;
|
||||
|
||||
await Promise.all([serviceA.ensureInstalled([{ name: "a", dependPackages: { foo: "^1.0.0" } }]), serviceB.ensureInstalled([{ name: "a", dependPackages: { foo: "^1.0.0" } }])]);
|
||||
|
||||
assert.equal(installCount, 1);
|
||||
});
|
||||
|
||||
it("does not pass node debugger options to pnpm child process", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-deps-env-"));
|
||||
const oldNodeOptions = process.env.NODE_OPTIONS;
|
||||
@@ -448,8 +274,7 @@ describe("RuntimeDepsService", () => {
|
||||
process.env.NODE_OPTIONS = "--inspect=127.0.0.1:9229 --max-old-space-size=4096";
|
||||
process.env.VSCODE_INSPECTOR_OPTIONS = '{"inspectorIpc":"test"}';
|
||||
try {
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
const service = new RuntimeDepsService({ rootDir }, null);
|
||||
service.registryResolver = {
|
||||
async resolve() {
|
||||
return "";
|
||||
@@ -467,8 +292,7 @@ describe("RuntimeDepsService", () => {
|
||||
return { stdout: "", stderr: "", code: 0 };
|
||||
},
|
||||
} as any;
|
||||
|
||||
await service.ensureInstalled([{ name: "a", dependPackages: { foo: "^1.0.0" } }]);
|
||||
await service.ensureInstalled({ plugins: [{ name: "a", dependPackages: { foo: "^1.0.0" } }] });
|
||||
} finally {
|
||||
if (oldNodeOptions == null) {
|
||||
delete process.env.NODE_OPTIONS;
|
||||
@@ -483,26 +307,38 @@ describe("RuntimeDepsService", () => {
|
||||
}
|
||||
});
|
||||
|
||||
it("clears runtime dependency directory", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-clear-"));
|
||||
const runtimeRootDir = path.join(rootDir, ".runtime-deps");
|
||||
fs.mkdirSync(path.join(runtimeRootDir, "node_modules", "foo"), { recursive: true });
|
||||
fs.writeFileSync(path.join(runtimeRootDir, "package.json"), "{}", "utf8");
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = runtimeRootDir;
|
||||
service.installTimeoutMs = 1000;
|
||||
|
||||
await service.clearRuntimeDeps();
|
||||
|
||||
assert.equal(fs.existsSync(runtimeRootDir), true);
|
||||
assert.equal(fs.readdirSync(runtimeRootDir).length, 0);
|
||||
});
|
||||
|
||||
it("rejects clearing unexpected runtime dependency path", async () => {
|
||||
const rootDir = fs.mkdtempSync(path.join(os.tmpdir(), "certd-runtime-clear-invalid-"));
|
||||
const service = new RuntimeDepsService();
|
||||
service.runtimeDepsRootDir = rootDir;
|
||||
|
||||
const service = new RuntimeDepsService({ rootDir }, null);
|
||||
await assert.rejects(() => service.clearRuntimeDeps(), /动态依赖目录配置异常/);
|
||||
});
|
||||
});
|
||||
|
||||
describe("NpmRegistryResolver", () => {
|
||||
it("chooses the fastest successful registry in auto mode", async () => {
|
||||
const resolver = new NpmRegistryResolver({
|
||||
mode: "auto",
|
||||
candidates: ["https://slow.example.com", "https://fast.example.com"],
|
||||
probeTimeoutMs: 100,
|
||||
cacheTtlMs: 1000,
|
||||
});
|
||||
resolver.probe = async (registryUrl: string) => ({
|
||||
registryUrl,
|
||||
ok: true,
|
||||
elapsedMs: registryUrl.includes("fast") ? 10 : 50,
|
||||
});
|
||||
const result = await resolver.resolve();
|
||||
assert.equal(result, "https://fast.example.com");
|
||||
});
|
||||
|
||||
it("uses fixed registry without probing", async () => {
|
||||
const resolver = new NpmRegistryResolver({
|
||||
mode: "fixed",
|
||||
fixedUrl: "https://registry.example.com",
|
||||
probeTimeoutMs: 100,
|
||||
cacheTtlMs: 1000,
|
||||
});
|
||||
const result = await resolver.resolve();
|
||||
assert.equal(result, "https://registry.example.com");
|
||||
});
|
||||
});
|
||||
@@ -1,27 +1,773 @@
|
||||
/**
|
||||
* 运行时动态导入函数类型
|
||||
*/
|
||||
export type ImportRuntime = (specifier: string, logger?: ILogger) => Promise<any>;
|
||||
|
||||
/**
|
||||
* 日志接口
|
||||
*/
|
||||
import fs from "fs";
|
||||
import path from "path";
|
||||
import { spawn } from "child_process";
|
||||
import crypto from "crypto";
|
||||
import { createRequire } from "module";
|
||||
import { pathToFileURL } from "url";
|
||||
import { logger as defaultLogger } from "@certd/basic";
|
||||
import type { Registry } from "../registry/registry.js";
|
||||
export type ILogger = {
|
||||
info: (message: string) => void;
|
||||
warn?: (message: string) => void;
|
||||
error?: (message: string, ...args: any[]) => void;
|
||||
};
|
||||
|
||||
/**
|
||||
* 运行时依赖服务参数
|
||||
*/
|
||||
export type ImportRuntime = (specifier: string, logger?: ILogger) => Promise<any>;
|
||||
|
||||
export type EnsureRuntimeDepsOptions = {
|
||||
pluginKeys: string | string[];
|
||||
logger?: ILogger;
|
||||
};
|
||||
|
||||
/**
|
||||
* 运行时依赖服务接口
|
||||
*/
|
||||
export interface IRuntimeDepsService {
|
||||
ensureRuntimeDependencies(options: EnsureRuntimeDepsOptions): Promise<any>;
|
||||
importRuntime: ImportRuntime;
|
||||
}
|
||||
|
||||
export type RuntimeDependencyPluginDefine = {
|
||||
name: string;
|
||||
key?: string;
|
||||
title?: string;
|
||||
version?: string;
|
||||
pluginType?: string;
|
||||
addonType?: string;
|
||||
dependPlugins?: Record<string, string>;
|
||||
dependPackages?: Record<string, string>;
|
||||
};
|
||||
|
||||
type RegisteredDefineLike = RuntimeDependencyPluginDefine & {
|
||||
key?: string;
|
||||
pluginType?: string;
|
||||
addonType?: string;
|
||||
dependPlugins?: Record<string, string>;
|
||||
dependPackages?: Record<string, string>;
|
||||
};
|
||||
|
||||
type DependencyConflict = {
|
||||
packageName: string;
|
||||
ranges: Array<{ pluginName: string; range: string }>;
|
||||
};
|
||||
|
||||
type CollectDependenciesResult = {
|
||||
dependencies: Record<string, string>;
|
||||
conflicts: DependencyConflict[];
|
||||
};
|
||||
|
||||
type InstallResult = {
|
||||
registryUrl: string;
|
||||
packageJsonPath: string;
|
||||
};
|
||||
|
||||
type RuntimeImportResolveResult = {
|
||||
resolved: string;
|
||||
packageName: string;
|
||||
};
|
||||
|
||||
type CommandRunnerResult = {
|
||||
stdout: string;
|
||||
stderr: string;
|
||||
code: number;
|
||||
};
|
||||
|
||||
type CommandRunner = {
|
||||
run(command: string, args: string[], options: { cwd: string; timeoutMs: number; env?: NodeJS.ProcessEnv }): Promise<CommandRunnerResult>;
|
||||
};
|
||||
|
||||
export type NpmRegistryResolverConfig = {
|
||||
mode?: "auto" | "fixed" | "system";
|
||||
fixedUrl?: string;
|
||||
candidates?: string[];
|
||||
probeTimeoutMs?: number;
|
||||
cacheTtlMs?: number;
|
||||
};
|
||||
|
||||
export type RegistryProbeResult = {
|
||||
registryUrl: string;
|
||||
ok: boolean;
|
||||
elapsedMs: number;
|
||||
};
|
||||
|
||||
export class NpmRegistryResolver {
|
||||
config: NpmRegistryResolverConfig;
|
||||
private cache?: { registryUrl: string; expiresAt: number };
|
||||
|
||||
constructor(config?: NpmRegistryResolverConfig) {
|
||||
this.config = config || {};
|
||||
}
|
||||
|
||||
async resolve(): Promise<string> {
|
||||
const config = this.config;
|
||||
if (config?.mode === "fixed" && config.fixedUrl) {
|
||||
return config.fixedUrl;
|
||||
}
|
||||
if (config?.mode === "system") {
|
||||
return "";
|
||||
}
|
||||
const cached = this.cache;
|
||||
if (cached && cached.expiresAt > Date.now()) {
|
||||
return cached.registryUrl;
|
||||
}
|
||||
const candidates = (config?.candidates || []).filter(Boolean);
|
||||
if (candidates.length === 0) {
|
||||
return "";
|
||||
}
|
||||
const probes = await Promise.allSettled(candidates.map(registryUrl => this.probe(registryUrl)));
|
||||
const okList = probes.map(item => (item.status === "fulfilled" ? item.value : null)).filter((item): item is RegistryProbeResult => !!item && item.ok);
|
||||
if (okList.length > 0) {
|
||||
okList.sort((a, b) => a.elapsedMs - b.elapsedMs);
|
||||
const best = okList[0].registryUrl;
|
||||
this.cache = { registryUrl: best, expiresAt: Date.now() + (config?.cacheTtlMs || 6 * 60 * 60 * 1000) };
|
||||
return best;
|
||||
}
|
||||
return "";
|
||||
}
|
||||
|
||||
async probe(registryUrl: string): Promise<RegistryProbeResult> {
|
||||
const timeoutMs = this.config?.probeTimeoutMs || 3000;
|
||||
const started = Date.now();
|
||||
try {
|
||||
const controller = new AbortController();
|
||||
const timer = setTimeout(() => controller.abort(), timeoutMs);
|
||||
try {
|
||||
const res = await fetch(`${registryUrl.replace(/\/$/, "")}/-/ping`, { signal: controller.signal });
|
||||
return { registryUrl, ok: res.ok, elapsedMs: Date.now() - started };
|
||||
} finally {
|
||||
clearTimeout(timer);
|
||||
}
|
||||
} catch {
|
||||
return { registryUrl, ok: false, elapsedMs: Date.now() - started };
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
export type RuntimeDepsConfig = {
|
||||
rootDir?: string;
|
||||
autoInstall?: boolean;
|
||||
enabled?: boolean;
|
||||
installTimeoutMs?: number;
|
||||
pnpmCommand?: string;
|
||||
lazyDependencies?: Record<string, string>;
|
||||
registry?: NpmRegistryResolverConfig;
|
||||
};
|
||||
|
||||
function normalizeRange(range: string) {
|
||||
return range.trim().replace(/^\^/, "").replace(/^~?/, "");
|
||||
}
|
||||
|
||||
function areRangesCompatible(a: string, b: string) {
|
||||
if (!a || !b) {
|
||||
return true;
|
||||
}
|
||||
if (a === "*" || b === "*") {
|
||||
return true;
|
||||
}
|
||||
const left = normalizeRange(a).split(".");
|
||||
const right = normalizeRange(b).split(".");
|
||||
return left[0] === right[0];
|
||||
}
|
||||
|
||||
const PROCESS_LOCKS = new Map<string, Promise<unknown>>();
|
||||
|
||||
class DefaultCommandRunner implements CommandRunner {
|
||||
async run(command: string, args: string[], options: { cwd: string; timeoutMs: number; env?: NodeJS.ProcessEnv }): Promise<CommandRunnerResult> {
|
||||
return await new Promise<CommandRunnerResult>(resolve => {
|
||||
let stdout = "";
|
||||
let stderr = "";
|
||||
let settled = false;
|
||||
const child = spawn(command, args, { cwd: options.cwd, env: options.env, windowsHide: true, shell: process.platform === "win32" });
|
||||
const timer = setTimeout(() => {
|
||||
if (settled) {
|
||||
return;
|
||||
}
|
||||
settled = true;
|
||||
child.kill("SIGTERM");
|
||||
resolve({ stdout, stderr: stderr || `command timeout after ${options.timeoutMs}ms`, code: 1 });
|
||||
}, options.timeoutMs);
|
||||
child.stdout?.on("data", chunk => {
|
||||
stdout += chunk.toString();
|
||||
});
|
||||
child.stderr?.on("data", chunk => {
|
||||
stderr += chunk.toString();
|
||||
});
|
||||
child.on("error", error => {
|
||||
if (settled) {
|
||||
return;
|
||||
}
|
||||
settled = true;
|
||||
clearTimeout(timer);
|
||||
resolve({ stdout, stderr: error.message, code: 1 });
|
||||
});
|
||||
child.on("close", code => {
|
||||
if (settled) {
|
||||
return;
|
||||
}
|
||||
settled = true;
|
||||
clearTimeout(timer);
|
||||
resolve({ stdout, stderr, code: code || 0 });
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
export class RuntimeDepsService {
|
||||
runtimeDepsRootDir: string;
|
||||
autoInstall: boolean;
|
||||
enabled: boolean;
|
||||
installTimeoutMs: number;
|
||||
pnpmCommand: string;
|
||||
lazyDependencies: Record<string, string>;
|
||||
registryResolver!: NpmRegistryResolver;
|
||||
commandRunner: CommandRunner = new DefaultCommandRunner();
|
||||
pluginLazyDependencies: Record<string, string> = {};
|
||||
private installPromises = new Map<string, Promise<InstallResult>>();
|
||||
private registriesMap: Record<string, { registry: Registry<any>; pluginType: string; addonType?: string }> | null = null;
|
||||
|
||||
constructor(config: RuntimeDepsConfig, registries: any) {
|
||||
this.runtimeDepsRootDir = config?.rootDir ?? "./data/.runtime-deps";
|
||||
this.autoInstall = config?.autoInstall ?? true;
|
||||
this.enabled = config?.enabled ?? true;
|
||||
this.installTimeoutMs = config?.installTimeoutMs ?? 120000;
|
||||
this.pnpmCommand = config?.pnpmCommand ?? "";
|
||||
this.lazyDependencies = config?.lazyDependencies ?? {};
|
||||
this.registryResolver = new NpmRegistryResolver(config?.registry);
|
||||
if (registries) {
|
||||
this.setRegistries(registries);
|
||||
}
|
||||
}
|
||||
|
||||
setRegistries(registries: { pluginRegistry?: Registry<any>; accessRegistry?: Registry<any>; notificationRegistry?: Registry<any>; dnsProviderRegistry?: Registry<any>; addonRegistry?: Registry<any> }) {
|
||||
const map: Record<string, { registry: Registry<any>; pluginType: string; addonType?: string }> = {};
|
||||
if (registries.pluginRegistry) {
|
||||
map["plugin"] = { registry: registries.pluginRegistry, pluginType: "plugin" };
|
||||
}
|
||||
if (registries.accessRegistry) {
|
||||
map["access"] = { registry: registries.accessRegistry, pluginType: "access" };
|
||||
}
|
||||
if (registries.notificationRegistry) {
|
||||
map["notification"] = { registry: registries.notificationRegistry, pluginType: "notification" };
|
||||
}
|
||||
if (registries.dnsProviderRegistry) {
|
||||
map["dnsProvider"] = { registry: registries.dnsProviderRegistry, pluginType: "dnsProvider" };
|
||||
}
|
||||
if (registries.addonRegistry) {
|
||||
map["addon"] = { registry: registries.addonRegistry, pluginType: "addon", addonType: "" };
|
||||
}
|
||||
this.registriesMap = map;
|
||||
}
|
||||
|
||||
collectDependencies(plugins: RuntimeDependencyPluginDefine[]): CollectDependenciesResult {
|
||||
const merged: Record<string, string> = {};
|
||||
const seen: Record<string, Array<{ pluginName: string; range: string }>> = {};
|
||||
for (const plugin of plugins) {
|
||||
const deps = plugin.dependPackages || {};
|
||||
for (const [packageName, range] of Object.entries(deps)) {
|
||||
seen[packageName] ||= [];
|
||||
seen[packageName].push({ pluginName: plugin.name, range });
|
||||
}
|
||||
}
|
||||
const conflicts: DependencyConflict[] = [];
|
||||
for (const [packageName, ranges] of Object.entries(seen)) {
|
||||
const first = ranges[0]?.range;
|
||||
if (!first) {
|
||||
continue;
|
||||
}
|
||||
const conflict = ranges.some(item => !areRangesCompatible(first, item.range));
|
||||
if (conflict) {
|
||||
conflicts.push({ packageName, ranges });
|
||||
continue;
|
||||
}
|
||||
merged[packageName] = first;
|
||||
}
|
||||
return { dependencies: merged, conflicts };
|
||||
}
|
||||
|
||||
async ensureInstalled(options: { plugins: RuntimeDependencyPluginDefine[]; logger?: ILogger }): Promise<InstallResult> {
|
||||
const { plugins, logger: log } = options;
|
||||
const { dependencies, conflicts } = this.resolveDependenciesFromPlugins(plugins);
|
||||
if (conflicts.length > 0) {
|
||||
const conflict = conflicts[0];
|
||||
throw new Error(`动态依赖版本冲突: ${conflict.packageName} => ${conflict.ranges.map(item => `${item.pluginName}:${item.range}`).join(", ")}`);
|
||||
}
|
||||
return await this.ensureDependencies({ dependencies, logger: log });
|
||||
}
|
||||
|
||||
async ensureDependencies(options: { dependencies: Record<string, string>; logger?: ILogger }): Promise<InstallResult> {
|
||||
const { dependencies, logger: log } = options;
|
||||
if (!this.enabled) {
|
||||
return { registryUrl: "", packageJsonPath: path.join(this.getRuntimeDepsRootDir(), "package.json") };
|
||||
}
|
||||
if (!this.autoInstall) {
|
||||
return { registryUrl: "", packageJsonPath: path.join(this.getRuntimeDepsRootDir(), "package.json") };
|
||||
}
|
||||
const dependenciesHash = this.createDependenciesHash(dependencies);
|
||||
let installPromise = this.installPromises.get(dependenciesHash);
|
||||
if (installPromise) {
|
||||
const nodeModulesPath = path.join(this.getRuntimeDepsRootDir(), "node_modules");
|
||||
if (!fs.existsSync(nodeModulesPath)) {
|
||||
this.installPromises.delete(dependenciesHash);
|
||||
installPromise = undefined;
|
||||
}
|
||||
}
|
||||
if (!installPromise) {
|
||||
installPromise = this.doEnsureInstalled({ dependencies, logger: log }).catch(error => {
|
||||
this.installPromises.delete(dependenciesHash);
|
||||
throw error;
|
||||
});
|
||||
this.installPromises.set(dependenciesHash, installPromise);
|
||||
}
|
||||
return await installPromise;
|
||||
}
|
||||
|
||||
resolveDependenciesFromPlugins(plugins: RuntimeDependencyPluginDefine[]): CollectDependenciesResult {
|
||||
const expandedPlugins = plugins.flatMap(plugin => this.resolvePluginDependencies(plugin));
|
||||
return this.collectDependencies(expandedPlugins);
|
||||
}
|
||||
|
||||
async ensureRuntimeDependencies(options: { pluginKeys: string | string[]; logger?: ILogger }): Promise<InstallResult> {
|
||||
const { pluginKeys, logger: log } = options;
|
||||
const keys = Array.isArray(pluginKeys) ? pluginKeys : [pluginKeys];
|
||||
const pluginDefines = keys.map(pluginKey => this.getDefineByPluginKey(pluginKey));
|
||||
if (pluginDefines.every(pluginDefine => !pluginDefine.dependPackages && !pluginDefine.dependPlugins)) {
|
||||
return { registryUrl: "", packageJsonPath: path.join(this.getRuntimeDepsRootDir(), "package.json") };
|
||||
}
|
||||
const expandedPluginDefines = pluginDefines.flatMap(pluginDefine => this.resolvePluginDependencies(pluginDefine));
|
||||
return await this.ensureInstalled({ plugins: expandedPluginDefines, logger: log });
|
||||
}
|
||||
|
||||
async importRuntime(specifier: string, logger: ILogger = defaultLogger) {
|
||||
if (this.isNativeImportSpecifier(specifier)) {
|
||||
return await import(specifier);
|
||||
}
|
||||
const resolved = await this.resolveImportSpecifier(specifier, logger);
|
||||
return await import(pathToFileURL(resolved).href);
|
||||
}
|
||||
|
||||
private async resolveImportSpecifier(specifier: string, logger: ILogger = defaultLogger) {
|
||||
try {
|
||||
return this.resolveRuntimeSpecifier(specifier).resolved;
|
||||
} catch (runtimeError: any) {
|
||||
if (!this.isModuleNotFoundError(runtimeError)) {
|
||||
throw runtimeError;
|
||||
}
|
||||
return await this.resolveMissingRuntimeSpecifier(specifier, runtimeError, logger);
|
||||
}
|
||||
}
|
||||
|
||||
private async resolveMissingRuntimeSpecifier(specifier: string, runtimeError: any, logger?: ILogger) {
|
||||
const packageName = this.parsePackageName(specifier);
|
||||
const mergedDeps = this.getMergedLazyDependencies();
|
||||
const lazyRange = mergedDeps[packageName];
|
||||
if (!lazyRange) {
|
||||
try {
|
||||
return this.resolveProjectSpecifier(specifier, runtimeError).resolved;
|
||||
} catch {
|
||||
throw new Error(`动态依赖未安装且未配置懒加载版本: ${packageName}`);
|
||||
}
|
||||
}
|
||||
try {
|
||||
await this.ensureLazyDependency(packageName, logger);
|
||||
return this.resolveRuntimeSpecifier(specifier).resolved;
|
||||
} catch (lazyError: any) {
|
||||
return this.resolveProjectSpecifier(specifier, lazyError).resolved;
|
||||
}
|
||||
}
|
||||
|
||||
private isNativeImportSpecifier(specifier: string) {
|
||||
return specifier.startsWith(".") || specifier.startsWith("/") || specifier.startsWith("file:") || specifier.startsWith("node:");
|
||||
}
|
||||
|
||||
private resolveRuntimeSpecifier(specifier: string): RuntimeImportResolveResult {
|
||||
const packageName = this.parsePackageName(specifier);
|
||||
const packageJsonPath = path.join(this.getRuntimeDepsRootDir(), "package.json");
|
||||
const require = createRequire(packageJsonPath);
|
||||
const resolved = require.resolve(specifier);
|
||||
return { packageName, resolved };
|
||||
}
|
||||
|
||||
private resolveProjectSpecifier(specifier: string, cause?: any): RuntimeImportResolveResult {
|
||||
try {
|
||||
const packageName = this.parsePackageName(specifier);
|
||||
const packageJsonPath = path.resolve("package.json");
|
||||
const require = createRequire(packageJsonPath);
|
||||
const resolved = require.resolve(specifier);
|
||||
return { packageName, resolved };
|
||||
} catch (projectError: any) {
|
||||
if (cause) {
|
||||
projectError.cause = cause;
|
||||
}
|
||||
throw projectError;
|
||||
}
|
||||
}
|
||||
|
||||
private parsePackageName(specifier: string) {
|
||||
if (!specifier || specifier.trim() !== specifier) {
|
||||
throw new Error(`动态依赖导入路径无效: ${specifier}`);
|
||||
}
|
||||
const parts = specifier.split("/");
|
||||
if (specifier.startsWith("@")) {
|
||||
if (parts.length < 2 || !parts[0] || !parts[1]) {
|
||||
throw new Error(`动态依赖导入路径无效: ${specifier}`);
|
||||
}
|
||||
return `${parts[0]}/${parts[1]}`;
|
||||
}
|
||||
if (!parts[0]) {
|
||||
throw new Error(`动态依赖导入路径无效: ${specifier}`);
|
||||
}
|
||||
return parts[0];
|
||||
}
|
||||
|
||||
private async ensureLazyDependency(packageName: string, logger?: ILogger) {
|
||||
const range = this.lazyDependencies?.[packageName];
|
||||
if (!range) {
|
||||
throw new Error(`动态依赖未安装且未配置懒加载版本: ${packageName}`);
|
||||
}
|
||||
await this.ensureDependencies({ dependencies: { [packageName]: range }, logger });
|
||||
}
|
||||
|
||||
private isModuleNotFoundError(error: any) {
|
||||
return error?.code === "MODULE_NOT_FOUND" || error?.code === "ERR_MODULE_NOT_FOUND";
|
||||
}
|
||||
|
||||
resolvePluginDependencies(current: RuntimeDependencyPluginDefine): RuntimeDependencyPluginDefine[] {
|
||||
const resolved: RuntimeDependencyPluginDefine[] = [];
|
||||
const visited = new Set<string>();
|
||||
const visit = (item: RuntimeDependencyPluginDefine) => {
|
||||
const key = this.buildPluginDependencyKey(item);
|
||||
if (visited.has(key)) {
|
||||
return;
|
||||
}
|
||||
visited.add(key);
|
||||
resolved.push(item);
|
||||
for (const [dependencyName, expectedRange] of Object.entries(item.dependPlugins || {})) {
|
||||
const dependency = this.getDefineByPluginKey(dependencyName, item);
|
||||
if (!isPluginVersionCompatible(dependency, expectedRange)) {
|
||||
throw new Error(`插件依赖版本冲突: ${item.name} 依赖 ${dependencyName}@${expectedRange},当前版本为 ${dependency.version || "未声明"}`);
|
||||
}
|
||||
visit(dependency);
|
||||
}
|
||||
};
|
||||
visit(current);
|
||||
return resolved;
|
||||
}
|
||||
|
||||
private buildPluginDependencyKey(plugin: RuntimeDependencyPluginDefine) {
|
||||
if (plugin.pluginType === "addon" && plugin.addonType) {
|
||||
return `addon:${plugin.addonType}:${plugin.name}`;
|
||||
}
|
||||
const pluginType = plugin.pluginType === "deploy" ? "plugin" : plugin.pluginType || "unknown";
|
||||
return `${pluginType}:${plugin.name}`;
|
||||
}
|
||||
|
||||
private getDefineByPluginKey(pluginKey: string, owner?: RuntimeDependencyPluginDefine): RuntimeDependencyPluginDefine {
|
||||
const parts = pluginKey.split(":");
|
||||
let pluginType: string, name: string, subtype: string | undefined;
|
||||
if (parts.length === 2) {
|
||||
[pluginType, name] = parts;
|
||||
} else if (parts.length === 3) {
|
||||
[pluginType, subtype, name] = parts;
|
||||
} else {
|
||||
const ownerName = owner?.name || pluginKey;
|
||||
throw new Error(`插件依赖格式错误: ${ownerName} 依赖 ${pluginKey}`);
|
||||
}
|
||||
if (!this.registriesMap) {
|
||||
throw new Error("注册表未设置,请先调用 setRegistries");
|
||||
}
|
||||
const target = this.registriesMap[pluginType];
|
||||
if (!target) {
|
||||
const ownerName = owner?.name || pluginKey;
|
||||
throw new Error(`插件依赖格式错误: ${ownerName} 依赖 ${pluginKey},未知插件类型 ${pluginType}`);
|
||||
}
|
||||
// addon 类型的 key 需要包含 subtype
|
||||
const registryKey = pluginType === "addon" && subtype ? `${subtype}:${name}` : name;
|
||||
const define = target.registry.getDefine(registryKey) as RegisteredDefineLike;
|
||||
if (!define) {
|
||||
throw new Error(`插件依赖缺失: ${owner?.name || pluginKey} 依赖 ${pluginKey},但该插件未注册或已禁用`);
|
||||
}
|
||||
return { ...define, key: pluginKey, pluginType: target.pluginType, addonType: target.addonType };
|
||||
}
|
||||
|
||||
private async doEnsureInstalled(options: { dependencies: Record<string, string>; logger?: ILogger }): Promise<InstallResult> {
|
||||
let { dependencies } = options;
|
||||
const log = options.logger || defaultLogger;
|
||||
return await this.withInstallLock(async () => {
|
||||
const rootDir = this.getRuntimeDepsRootDir();
|
||||
const packageJsonPath = path.join(rootDir, "package.json");
|
||||
const lockPath = path.join(rootDir, "pnpm-lock.yaml");
|
||||
log.info(`第三方依赖安装: ${JSON.stringify(dependencies)}`);
|
||||
dependencies = this.mergeInstalledDependencies(this.readManifestDependencies(packageJsonPath), dependencies);
|
||||
const dependenciesHash = this.createDependenciesHash(dependencies);
|
||||
const statePath = path.join(rootDir, "install-state.json");
|
||||
const currentState = this.readInstallState(statePath);
|
||||
if (currentState?.dependenciesHash === dependenciesHash && fs.existsSync(path.join(rootDir, "node_modules"))) {
|
||||
log.info("第三方依赖已安装");
|
||||
return { registryUrl: currentState.registryUrl || "", packageJsonPath };
|
||||
}
|
||||
const manifest = { name: "certd-runtime-deps", private: true, type: "module", dependencies };
|
||||
fs.writeFileSync(packageJsonPath, JSON.stringify(manifest, null, 2), "utf8");
|
||||
const registryUrl = await this.registryResolver.resolve();
|
||||
const env = this.buildChildEnv(registryUrl);
|
||||
const command = this.getPnpmCommand();
|
||||
const pnpmVersion = await this.getPnpmVersion(command, env);
|
||||
const args = ["install", "--prod", "--ignore-scripts", "--ignore-workspace", "--no-frozen-lockfile", "--reporter=append-only"];
|
||||
if (registryUrl) {
|
||||
args.push(`--registry=${registryUrl}`);
|
||||
}
|
||||
log.info(`开始安装第三方依赖: ${Object.keys(dependencies).join(", ")}`);
|
||||
const result = await this.commandRunner.run(command, args, { cwd: rootDir, timeoutMs: this.installTimeoutMs, env });
|
||||
if (result.code !== 0) {
|
||||
const message = result.stderr || result.stdout || "unknown error";
|
||||
this.writeInstallState(statePath, {
|
||||
...currentState,
|
||||
installedAt: currentState?.installedAt,
|
||||
failedAt: new Date().toISOString(),
|
||||
registryUrl,
|
||||
dependenciesHash,
|
||||
nodeVersion: process.version,
|
||||
pnpmVersion,
|
||||
lockFileExists: fs.existsSync(lockPath),
|
||||
lastError: message,
|
||||
});
|
||||
throw new Error(`动态依赖安装失败: ${message}`);
|
||||
}
|
||||
this.writeInstallState(statePath, { installedAt: new Date().toISOString(), registryUrl, dependenciesHash, nodeVersion: process.version, pnpmVersion, lockFileExists: fs.existsSync(lockPath) });
|
||||
log.info("第三方依赖安装完成");
|
||||
return { registryUrl, packageJsonPath };
|
||||
});
|
||||
}
|
||||
|
||||
private async withInstallLock<T>(run: () => Promise<T>): Promise<T> {
|
||||
const rootDir = this.getRuntimeDepsRootDir();
|
||||
fs.mkdirSync(rootDir, { recursive: true });
|
||||
const lockFile = path.join(rootDir, ".install.lock");
|
||||
const previous = PROCESS_LOCKS.get(lockFile);
|
||||
if (previous) {
|
||||
await previous.catch(() => undefined);
|
||||
}
|
||||
let releaseProcessLock!: () => void;
|
||||
const current = new Promise<void>(resolve => {
|
||||
releaseProcessLock = resolve;
|
||||
});
|
||||
PROCESS_LOCKS.set(lockFile, current);
|
||||
let fd: number | undefined;
|
||||
try {
|
||||
fd = await this.acquireFileLock(lockFile);
|
||||
return await run();
|
||||
} finally {
|
||||
if (fd != null) {
|
||||
fs.closeSync(fd);
|
||||
try {
|
||||
fs.rmSync(lockFile, { force: true });
|
||||
} catch {
|
||||
try {
|
||||
fs.rmSync(lockFile, { force: true });
|
||||
} catch {}
|
||||
}
|
||||
}
|
||||
releaseProcessLock();
|
||||
if (PROCESS_LOCKS.get(lockFile) === current) {
|
||||
PROCESS_LOCKS.delete(lockFile);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private async acquireFileLock(lockFile: string) {
|
||||
const deadline = Date.now() + this.installTimeoutMs;
|
||||
while (true) {
|
||||
try {
|
||||
const fd = fs.openSync(lockFile, "wx");
|
||||
fs.writeFileSync(fd, JSON.stringify({ pid: process.pid, createdAt: new Date().toISOString() }), "utf8");
|
||||
return fd;
|
||||
} catch (error: any) {
|
||||
if (error?.code !== "EEXIST") {
|
||||
throw error;
|
||||
}
|
||||
if (Date.now() > deadline) {
|
||||
throw new Error(`动态依赖安装锁等待超时: ${lockFile}`);
|
||||
}
|
||||
await this.waitForExternalLock(lockFile, deadline);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private async waitForExternalLock(lockFile: string, deadline: number) {
|
||||
while (fs.existsSync(lockFile)) {
|
||||
if (Date.now() > deadline) {
|
||||
throw new Error(`动态依赖安装锁等待超时: ${lockFile}`);
|
||||
}
|
||||
await new Promise(resolve => setTimeout(resolve, 300));
|
||||
}
|
||||
}
|
||||
|
||||
async clearRuntimeDeps() {
|
||||
const rootDir = this.getRuntimeDepsRootDir();
|
||||
const normalizedRootDir = path.normalize(rootDir);
|
||||
if (!normalizedRootDir.endsWith(path.normalize(".runtime-deps"))) {
|
||||
throw new Error(`动态依赖目录配置异常,拒绝清理: ${rootDir}`);
|
||||
}
|
||||
await this.withInstallLock(async () => {
|
||||
if (fs.existsSync(rootDir)) {
|
||||
const entries = fs.readdirSync(rootDir);
|
||||
for (const entry of entries) {
|
||||
if (entry === ".install.lock") {
|
||||
continue;
|
||||
}
|
||||
fs.rmSync(path.join(rootDir, entry), { recursive: true, force: true });
|
||||
}
|
||||
}
|
||||
this.installPromises.clear();
|
||||
return undefined;
|
||||
});
|
||||
}
|
||||
|
||||
getMergedLazyDependencies(): Record<string, string> {
|
||||
return { ...this.lazyDependencies, ...this.pluginLazyDependencies };
|
||||
}
|
||||
|
||||
collectPluginDeps(logger?: ILogger) {
|
||||
if (!this.registriesMap) {
|
||||
return;
|
||||
}
|
||||
const deps: Record<string, string> = {};
|
||||
for (const { registry } of Object.values(this.registriesMap)) {
|
||||
const defineList = registry.getDefineList();
|
||||
for (const define of defineList) {
|
||||
const dependPackages = (define as any).dependPackages as Record<string, string> | undefined;
|
||||
if (!dependPackages) {
|
||||
continue;
|
||||
}
|
||||
for (const [pkgName, range] of Object.entries(dependPackages)) {
|
||||
const existing = deps[pkgName];
|
||||
if (existing && !areRangesCompatible(existing, range)) {
|
||||
(logger || defaultLogger).warn?.(`懒加载依赖版本冲突: ${pkgName} => ${existing} vs ${range},保留已有版本`);
|
||||
continue;
|
||||
}
|
||||
deps[pkgName] = range;
|
||||
}
|
||||
}
|
||||
}
|
||||
this.pluginLazyDependencies = deps;
|
||||
(logger || defaultLogger).info(`从插件注册表收集到 ${Object.keys(deps).length} 个懒加载依赖`);
|
||||
}
|
||||
|
||||
refreshPluginDeps(logger?: ILogger) {
|
||||
this.collectPluginDeps(logger);
|
||||
}
|
||||
|
||||
private readInstallState(statePath: string): any {
|
||||
if (!fs.existsSync(statePath)) {
|
||||
return null;
|
||||
}
|
||||
try {
|
||||
return JSON.parse(fs.readFileSync(statePath, "utf8"));
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private writeInstallState(statePath: string, state: any) {
|
||||
fs.writeFileSync(statePath, JSON.stringify(state, null, 2), "utf8");
|
||||
}
|
||||
|
||||
private readManifestDependencies(packageJsonPath: string): Record<string, string> {
|
||||
if (!fs.existsSync(packageJsonPath)) {
|
||||
return {};
|
||||
}
|
||||
try {
|
||||
const manifest = JSON.parse(fs.readFileSync(packageJsonPath, "utf8"));
|
||||
return manifest.dependencies || {};
|
||||
} catch {
|
||||
return {};
|
||||
}
|
||||
}
|
||||
|
||||
private mergeInstalledDependencies(installed: Record<string, string>, requested: Record<string, string>) {
|
||||
const dependencies = { ...installed };
|
||||
for (const [packageName, range] of Object.entries(requested)) {
|
||||
const installedRange = dependencies[packageName];
|
||||
if (installedRange && !areRangesCompatible(installedRange, range)) {
|
||||
throw new Error(`动态依赖版本冲突: ${packageName} => installed:${installedRange}, requested:${range}`);
|
||||
}
|
||||
dependencies[packageName] = installedRange || range;
|
||||
}
|
||||
return dependencies;
|
||||
}
|
||||
|
||||
private async getPnpmVersion(command: string, env: NodeJS.ProcessEnv) {
|
||||
const result = await this.commandRunner.run(command, ["--version"], { cwd: this.getRuntimeDepsRootDir(), timeoutMs: Math.min(this.installTimeoutMs, 10000), env });
|
||||
if (result.code !== 0) {
|
||||
return "";
|
||||
}
|
||||
return (result.stdout || result.stderr || "").trim();
|
||||
}
|
||||
|
||||
private getPnpmCommand() {
|
||||
return this.pnpmCommand || "pnpm";
|
||||
}
|
||||
|
||||
private buildChildEnv(registryUrl: string) {
|
||||
const env = { ...process.env };
|
||||
for (const key of ["NODE_OPTIONS", "VSCODE_INSPECTOR_OPTIONS", "NODE_INSPECTOR_PORT", "NODE_DEBUG"]) {
|
||||
if (!env[key]) {
|
||||
continue;
|
||||
}
|
||||
if (key === "NODE_OPTIONS") {
|
||||
env[key] = this.stripDebugNodeOptions(env[key] as string);
|
||||
} else {
|
||||
delete env[key];
|
||||
}
|
||||
}
|
||||
if (registryUrl) {
|
||||
env.npm_config_registry = registryUrl;
|
||||
env.pnpm_config_registry = registryUrl;
|
||||
}
|
||||
env.CI = env.CI || "true";
|
||||
env.npm_config_confirm_modules_purge = "false";
|
||||
env.pnpm_config_confirm_modules_purge = "false";
|
||||
return env;
|
||||
}
|
||||
|
||||
private stripDebugNodeOptions(value: string) {
|
||||
return value
|
||||
.split(/\s+/)
|
||||
.filter(Boolean)
|
||||
.filter(item => !/^--inspect(-brk|-port)?(=|$)/.test(item))
|
||||
.filter(item => !/^--debug(=|$)/.test(item))
|
||||
.join(" ");
|
||||
}
|
||||
|
||||
getRuntimeDepsRootDir() {
|
||||
return path.resolve(this.runtimeDepsRootDir);
|
||||
}
|
||||
|
||||
private createDependenciesHash(dependencies: Record<string, string>) {
|
||||
return crypto.createHash("sha256").update(JSON.stringify(dependencies)).digest("hex");
|
||||
}
|
||||
}
|
||||
|
||||
function isPluginVersionCompatible(plugin: RuntimeDependencyPluginDefine, expectedRange: string) {
|
||||
if (!expectedRange || expectedRange === "*") {
|
||||
return true;
|
||||
}
|
||||
if (!plugin.version) {
|
||||
return false;
|
||||
}
|
||||
return areRangesCompatible(expectedRange, plugin.version);
|
||||
}
|
||||
|
||||
let runtimeDepsServiceInstance: RuntimeDepsService | null = null;
|
||||
|
||||
export function initRuntimeDepsService(config: RuntimeDepsConfig, registries: any): RuntimeDepsService {
|
||||
runtimeDepsServiceInstance = new RuntimeDepsService(config, registries);
|
||||
return runtimeDepsServiceInstance;
|
||||
}
|
||||
|
||||
export function getRuntimeDepsService(): RuntimeDepsService {
|
||||
if (!runtimeDepsServiceInstance) {
|
||||
throw new Error("RuntimeDepsService 未初始化");
|
||||
}
|
||||
return runtimeDepsServiceInstance!;
|
||||
}
|
||||
|
||||
export async function importRuntime(specifier: string, logger: ILogger = defaultLogger): Promise<any> {
|
||||
return getRuntimeDepsService().importRuntime(specifier, logger);
|
||||
}
|
||||
|
||||
@@ -3,6 +3,30 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-huawei
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-huawei
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-huawei
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-huawei
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-huawei
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-huawei
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@certd/lib-huawei",
|
||||
"private": false,
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"main": "./dist/bundle.js",
|
||||
"module": "./dist/bundle.js",
|
||||
"types": "./dist/d/index.d.ts",
|
||||
@@ -26,9 +26,10 @@
|
||||
"@typescript-eslint/eslint-plugin": "^8.26.1",
|
||||
"@typescript-eslint/parser": "^8.26.1",
|
||||
"cross-env": "^7.0.3",
|
||||
"eslint": "^8.57.0",
|
||||
"esmock": "^2.7.5",
|
||||
"prettier": "3.3.3",
|
||||
"tslib": "^2.8.1"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -3,6 +3,30 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-iframe
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-iframe
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-iframe
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-iframe
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-iframe
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-iframe
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@certd/lib-iframe",
|
||||
"private": false,
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"type": "module",
|
||||
"main": "./dist/index.js",
|
||||
"module": "./dist/index.js",
|
||||
@@ -37,5 +37,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -3,6 +3,30 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
**Note:** Version bump only for package @certd/jdcloud
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/jdcloud
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/jdcloud
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/jdcloud
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/jdcloud
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
**Note:** Version bump only for package @certd/jdcloud
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@certd/jdcloud",
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"description": "jdcloud openApi sdk",
|
||||
"main": "./dist/bundle.js",
|
||||
"module": "./dist/bundle.js",
|
||||
@@ -35,6 +35,7 @@
|
||||
"chai": "^5.1.0",
|
||||
"config": "^1.30.0",
|
||||
"cross-env": "^7.0.3",
|
||||
"eslint": "^8.57.0",
|
||||
"esmock": "^2.7.5",
|
||||
"js-yaml": "^3.11.0",
|
||||
"mocha": "^10.6.0",
|
||||
@@ -62,5 +63,5 @@
|
||||
"fetch"
|
||||
]
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -3,6 +3,30 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-k8s
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-k8s
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-k8s
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-k8s
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-k8s
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-k8s
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-k8s
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@certd/lib-k8s",
|
||||
"private": false,
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"type": "module",
|
||||
"main": "./dist/index.js",
|
||||
"module": "./dist/index.js",
|
||||
@@ -21,7 +21,7 @@
|
||||
"lint": "eslint --fix"
|
||||
},
|
||||
"dependencies": {
|
||||
"@certd/basic": "^1.41.4",
|
||||
"@certd/basic": "^1.42.5",
|
||||
"@kubernetes/client-node": "0.21.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
@@ -38,5 +38,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -3,6 +3,43 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复上传到cos报runtimeDepsService未初始化的问题 ([167b303](https://github.com/certd/certd/commit/167b303faeca02cc11cf97e4be2a3df914852167))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **pipeline:** 重构运行时依赖加载逻辑,修复火山引擎DNS解析报runtimeDepsService未初始化的bug ([ec69b8f](https://github.com/certd/certd/commit/ec69b8f11bfd4b20991aef74a72a47182ca79a9d))
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-server
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-server
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-server
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Features
|
||||
|
||||
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
|
||||
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
|
||||
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
|
||||
* dns默认ipv4first ([194463b](https://github.com/certd/certd/commit/194463bea9e797315aa7a724f4b2930701570419))
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
**Note:** Version bump only for package @certd/lib-server
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@certd/lib-server",
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"description": "midway with flyway, sql upgrade way ",
|
||||
"private": false,
|
||||
"type": "module",
|
||||
@@ -29,11 +29,11 @@
|
||||
],
|
||||
"license": "AGPL",
|
||||
"dependencies": {
|
||||
"@certd/acme-client": "^1.41.4",
|
||||
"@certd/basic": "^1.41.4",
|
||||
"@certd/pipeline": "^1.41.4",
|
||||
"@certd/plugin-lib": "^1.41.4",
|
||||
"@certd/plus-core": "^1.41.4",
|
||||
"@certd/acme-client": "^1.42.5",
|
||||
"@certd/basic": "^1.42.5",
|
||||
"@certd/pipeline": "^1.42.5",
|
||||
"@certd/plugin-lib": "^1.42.5",
|
||||
"@certd/plus-core": "^1.42.5",
|
||||
"@midwayjs/cache": "3.14.0",
|
||||
"@midwayjs/core": "3.20.11",
|
||||
"@midwayjs/i18n": "3.20.13",
|
||||
@@ -49,8 +49,6 @@
|
||||
"typeorm": "^0.3.20"
|
||||
},
|
||||
"devDependencies": {
|
||||
"mwts": "^1.3.0",
|
||||
"mwtsc": "^1.4.0",
|
||||
"@types/chai": "^4.3.12",
|
||||
"@types/mocha": "^10.0.6",
|
||||
"@types/node": "^18",
|
||||
@@ -62,6 +60,8 @@
|
||||
"eslint-plugin-prettier": "^5.1.3",
|
||||
"esmock": "^2.7.5",
|
||||
"mocha": "^10.6.0",
|
||||
"mwts": "^1.3.0",
|
||||
"mwtsc": "^1.4.0",
|
||||
"prettier": "3.3.3",
|
||||
"rimraf": "^5.0.5",
|
||||
"ts-node": "^10.9.2",
|
||||
@@ -69,5 +69,5 @@
|
||||
"typeorm": "^0.3.20",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
import { ApplicationContext, Inject } from '@midwayjs/core';
|
||||
import type {IMidwayContainer} from '@midwayjs/core';
|
||||
import * as koa from '@midwayjs/koa';
|
||||
import { Constants } from './constants.js';
|
||||
import { isEnterprise } from './mode.js';
|
||||
|
||||
import { ApplicationContext, Inject } from "@midwayjs/core";
|
||||
import type { IMidwayContainer } from "@midwayjs/core";
|
||||
import * as koa from "@midwayjs/koa";
|
||||
import { Constants } from "./constants.js";
|
||||
import { isEnterprise } from "./mode.js";
|
||||
|
||||
export abstract class BaseController {
|
||||
@Inject()
|
||||
@@ -41,7 +40,7 @@ export abstract class BaseController {
|
||||
getUserId() {
|
||||
const userId = this.ctx.user?.id;
|
||||
if (userId == null) {
|
||||
throw new Error('Token已过期');
|
||||
throw new Error("Token已过期");
|
||||
}
|
||||
return userId;
|
||||
}
|
||||
@@ -49,7 +48,7 @@ export abstract class BaseController {
|
||||
getLoginUser() {
|
||||
const user = this.ctx.user;
|
||||
if (user == null) {
|
||||
throw new Error('Token已过期');
|
||||
throw new Error("Token已过期");
|
||||
}
|
||||
return user;
|
||||
}
|
||||
@@ -61,47 +60,48 @@ export abstract class BaseController {
|
||||
}
|
||||
}
|
||||
|
||||
async getProjectId(permission:string) {
|
||||
async getProjectId(permission: string) {
|
||||
if (!isEnterprise()) {
|
||||
return undefined
|
||||
return undefined;
|
||||
}
|
||||
let projectIdStr = this.ctx.headers["project-id"] as string;
|
||||
if (!projectIdStr){
|
||||
if (!projectIdStr) {
|
||||
projectIdStr = this.ctx.request.query["projectId"] as string;
|
||||
}
|
||||
if (!projectIdStr) {
|
||||
//这里必须抛异常,否则可能会有权限问题
|
||||
throw new Error("projectId 不能为空")
|
||||
throw new Error("projectId 不能为空");
|
||||
}
|
||||
const userId = this.getUserId()
|
||||
const projectId = parseInt(projectIdStr)
|
||||
await this.checkProjectPermission(userId, projectId,permission)
|
||||
const userId = this.getUserId();
|
||||
const projectId = parseInt(projectIdStr);
|
||||
await this.checkProjectPermission(userId, projectId, permission);
|
||||
return projectId;
|
||||
}
|
||||
|
||||
async getProjectUserId(permission:string){
|
||||
let userId = this.getUserId()
|
||||
const projectId = await this.getProjectId(permission)
|
||||
if(projectId){
|
||||
userId = -1 // 企业管理模式下,用户id固定-1
|
||||
async getProjectUserId(permission: string) {
|
||||
let userId = this.getUserId();
|
||||
const projectId = await this.getProjectId(permission);
|
||||
if (projectId) {
|
||||
userId = -1; // 企业管理模式下,用户id固定-1
|
||||
}
|
||||
return {
|
||||
projectId,userId
|
||||
}
|
||||
projectId,
|
||||
userId,
|
||||
};
|
||||
}
|
||||
async getProjectUserIdRead(){
|
||||
return await this.getProjectUserId("read")
|
||||
async getProjectUserIdRead() {
|
||||
return await this.getProjectUserId("read");
|
||||
}
|
||||
async getProjectUserIdWrite(){
|
||||
return await this.getProjectUserId("write")
|
||||
async getProjectUserIdWrite() {
|
||||
return await this.getProjectUserId("write");
|
||||
}
|
||||
async getProjectUserIdAdmin(){
|
||||
return await this.getProjectUserId("admin")
|
||||
async getProjectUserIdAdmin() {
|
||||
return await this.getProjectUserId("admin");
|
||||
}
|
||||
|
||||
async checkProjectPermission(userId: number, projectId: number,permission:string) {
|
||||
const projectService:any = await this.applicationContext.getAsync("projectService");
|
||||
await projectService.checkPermission({userId,projectId,permission})
|
||||
async checkProjectPermission(userId: number, projectId: number, permission: string) {
|
||||
const projectService: any = await this.applicationContext.getAsync("projectService");
|
||||
await projectService.checkPermission({ userId, projectId, permission });
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -109,25 +109,22 @@ export abstract class BaseController {
|
||||
* @param service 检查记录是否属于某用户或某项目
|
||||
* @param id
|
||||
*/
|
||||
async checkOwner(service:any,id:number,permission:string,allowAdmin:boolean = false){
|
||||
let { projectId,userId } = await this.getProjectUserId(permission)
|
||||
const authService:any = await this.applicationContext.getAsync("authService");
|
||||
async checkOwner(service: any, id: number, permission: string, allowAdmin: boolean = false) {
|
||||
const { projectId, userId } = await this.getProjectUserId(permission);
|
||||
const authService: any = await this.applicationContext.getAsync("authService");
|
||||
if (projectId) {
|
||||
await authService.checkProjectId(service, id, projectId);
|
||||
}else{
|
||||
|
||||
if(userId === Constants.systemUserId){
|
||||
} else {
|
||||
if (userId === Constants.systemUserId) {
|
||||
//系统级别,不检查权限
|
||||
}else{
|
||||
if(allowAdmin){
|
||||
} else {
|
||||
if (allowAdmin) {
|
||||
await authService.checkUserIdButAllowAdmin(this.ctx, service, id);
|
||||
}else{
|
||||
await authService.checkUserId( service, id, userId);
|
||||
} else {
|
||||
await authService.checkUserId(service, id, userId);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
return {projectId,userId}
|
||||
return { projectId, userId };
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
import { PermissionException, ValidateException } from './exception/index.js';
|
||||
import { EntityTarget, FindOneOptions, In, Repository, SelectQueryBuilder } from 'typeorm';
|
||||
import { Inject } from '@midwayjs/core';
|
||||
import { TypeORMDataSourceManager } from '@midwayjs/typeorm';
|
||||
import { EntityManager } from 'typeorm/entity-manager/EntityManager.js';
|
||||
import { FindManyOptions } from 'typeorm';
|
||||
import { Constants } from './constants.js';
|
||||
import { PermissionException, ValidateException } from "./exception/index.js";
|
||||
import { EntityTarget, FindOneOptions, In, Repository, SelectQueryBuilder } from "typeorm";
|
||||
import { Inject } from "@midwayjs/core";
|
||||
import { TypeORMDataSourceManager } from "@midwayjs/typeorm";
|
||||
import { EntityManager } from "typeorm/entity-manager/EntityManager.js";
|
||||
import { FindManyOptions } from "typeorm";
|
||||
import { Constants } from "./constants.js";
|
||||
|
||||
export type PageReq<T = any> = {
|
||||
page?: { offset: number; limit: number };
|
||||
@@ -34,7 +34,7 @@ export abstract class BaseService<T> {
|
||||
abstract getRepository(): Repository<T>;
|
||||
|
||||
async transaction(callback: (entityManager: EntityManager) => Promise<any>) {
|
||||
const dataSource = this.dataSourceManager.getDataSource('default');
|
||||
const dataSource = this.dataSourceManager.getDataSource("default");
|
||||
return await dataSource.transaction(callback as any);
|
||||
}
|
||||
|
||||
@@ -52,11 +52,11 @@ export abstract class BaseService<T> {
|
||||
if (ctx.manager) {
|
||||
return ctx.manager.getRepository(entity);
|
||||
}
|
||||
const dataSource = this.dataSourceManager.getDataSource('default');
|
||||
const dataSource = this.dataSourceManager.getDataSource("default");
|
||||
return dataSource.getRepository(entity);
|
||||
}
|
||||
|
||||
protected buildUserProjectQuery(userId: number, projectId?: number) {
|
||||
public buildUserProjectQuery(userId: number, projectId?: number) {
|
||||
const query: { userId: number; projectId?: number; [key: string]: any } = {
|
||||
userId,
|
||||
};
|
||||
@@ -73,7 +73,7 @@ export abstract class BaseService<T> {
|
||||
*/
|
||||
async info(id, infoIgnoreProperty?): Promise<T | null> {
|
||||
if (!id) {
|
||||
throw new ValidateException('id不能为空');
|
||||
throw new ValidateException("id不能为空");
|
||||
}
|
||||
const info = await this.getRepository().findOneBy({ id } as any);
|
||||
if (info && infoIgnoreProperty) {
|
||||
@@ -119,18 +119,18 @@ export abstract class BaseService<T> {
|
||||
...where,
|
||||
});
|
||||
await this.modifyAfter(idArr);
|
||||
return ids
|
||||
return ids;
|
||||
}
|
||||
|
||||
resolveIdArr(ids: string | any[]) {
|
||||
if (!ids) {
|
||||
throw new ValidateException('ids不能为空');
|
||||
throw new ValidateException("ids不能为空");
|
||||
}
|
||||
if (typeof ids === 'string') {
|
||||
return ids.split(',');
|
||||
} else if(!Array.isArray(ids)){
|
||||
if (typeof ids === "string") {
|
||||
return ids.split(",");
|
||||
} else if (!Array.isArray(ids)) {
|
||||
return [ids];
|
||||
}else {
|
||||
} else {
|
||||
return ids;
|
||||
}
|
||||
}
|
||||
@@ -147,7 +147,7 @@ export abstract class BaseService<T> {
|
||||
* 新增
|
||||
* @param param 数据
|
||||
*/
|
||||
async add(param: any) {
|
||||
async add(param: any): Promise<{ id: number; [key: string]: any }> {
|
||||
const now = new Date();
|
||||
param.createTime = now;
|
||||
param.updateTime = now;
|
||||
@@ -163,7 +163,7 @@ export abstract class BaseService<T> {
|
||||
* @param param 数据
|
||||
*/
|
||||
async update(param: any) {
|
||||
if (!param.id) throw new ValidateException('id 不能为空');
|
||||
if (!param.id) throw new ValidateException("id 不能为空");
|
||||
param.updateTime = new Date();
|
||||
await this.addOrUpdate(param);
|
||||
await this.modifyAfter(param);
|
||||
@@ -201,10 +201,10 @@ export abstract class BaseService<T> {
|
||||
}
|
||||
|
||||
private buildListQuery(listReq: ListReq<T>) {
|
||||
const { query, sort, buildQuery,select } = listReq;
|
||||
const qb = this.getRepository().createQueryBuilder('main');
|
||||
const { query, sort, buildQuery, select } = listReq;
|
||||
const qb = this.getRepository().createQueryBuilder("main");
|
||||
if (select) {
|
||||
qb.setFindOptions({select});
|
||||
qb.setFindOptions({ select });
|
||||
}
|
||||
if (query) {
|
||||
const keys = Object.keys(query);
|
||||
@@ -223,10 +223,10 @@ export abstract class BaseService<T> {
|
||||
}
|
||||
});
|
||||
if (found) {
|
||||
qb.addOrderBy('main.' + sort.prop, sort.asc ? 'ASC' : 'DESC');
|
||||
qb.addOrderBy("main." + sort.prop, sort.asc ? "ASC" : "DESC");
|
||||
}
|
||||
}
|
||||
qb.addOrderBy('id', 'DESC');
|
||||
qb.addOrderBy("id", "DESC");
|
||||
//自定义query
|
||||
if (buildQuery) {
|
||||
buildQuery(qb);
|
||||
@@ -243,12 +243,12 @@ export abstract class BaseService<T> {
|
||||
return await qb.getMany();
|
||||
}
|
||||
|
||||
async checkUserId(ids: number | number[] = 0, userId: number, userKey = 'userId') {
|
||||
async checkUserId(ids: number | number[] = 0, userId: number, userKey = "userId") {
|
||||
if (ids == null) {
|
||||
throw new ValidateException('id不能为空');
|
||||
throw new ValidateException("id不能为空");
|
||||
}
|
||||
if (userId == null) {
|
||||
throw new ValidateException('userId不能为空');
|
||||
throw new ValidateException("userId不能为空");
|
||||
}
|
||||
if (!Array.isArray(ids)) {
|
||||
ids = [ids];
|
||||
@@ -268,20 +268,20 @@ export abstract class BaseService<T> {
|
||||
if (!res || res.length === ids.length) {
|
||||
return;
|
||||
}
|
||||
throw new PermissionException('权限不足');
|
||||
throw new PermissionException("权限不足");
|
||||
}
|
||||
|
||||
filterIds(ids: any[]) {
|
||||
filterIds(ids: any[]) {
|
||||
if (!ids) {
|
||||
throw new ValidateException('ids不能为空');
|
||||
throw new ValidateException("ids不能为空");
|
||||
}
|
||||
return ids.filter((item) => {
|
||||
return item!=null && item != ""
|
||||
return ids.filter(item => {
|
||||
return item != null && item != "";
|
||||
});
|
||||
}
|
||||
async batchDelete(ids: number[], userId: number,projectId?:number) {
|
||||
async batchDelete(ids: number[], userId: number, projectId?: number): Promise<number> {
|
||||
ids = this.filterIds(ids);
|
||||
if(userId!=null){
|
||||
if (userId != null) {
|
||||
const userProjectQuery = this.buildUserProjectQuery(userId, projectId);
|
||||
const list = await this.getRepository().find({
|
||||
where: {
|
||||
@@ -289,30 +289,30 @@ export abstract class BaseService<T> {
|
||||
id: In(ids),
|
||||
...userProjectQuery,
|
||||
},
|
||||
})
|
||||
});
|
||||
// @ts-ignore
|
||||
ids = list.map(item => item.id)
|
||||
ids = list.map(item => item.id);
|
||||
}
|
||||
|
||||
await this.delete(ids);
|
||||
return ids.length;
|
||||
}
|
||||
|
||||
async findOne(options: FindOneOptions<T>) {
|
||||
return await this.getRepository().findOne(options);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
export function checkUserProjectParam(userId: number, projectId: number) {
|
||||
if (projectId != null ){
|
||||
if( userId !== Constants.enterpriseUserId) {
|
||||
throw new ValidateException('userId projectId 错误');
|
||||
if (projectId != null) {
|
||||
if (userId !== Constants.enterpriseUserId) {
|
||||
throw new ValidateException("userId projectId 错误");
|
||||
}
|
||||
return true
|
||||
}else{
|
||||
if( userId != null) {
|
||||
return true
|
||||
return true;
|
||||
} else {
|
||||
if (userId != null) {
|
||||
return true;
|
||||
}
|
||||
throw new ValidateException('userId不能为空');
|
||||
throw new ValidateException("userId不能为空");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
import { Inject, Provide, Scope, ScopeEnum } from '@midwayjs/core';
|
||||
import { AppKey, PlusRequestService } from '@certd/plus-core';
|
||||
import { cache, http, HttpRequestConfig, logger } from '@certd/basic';
|
||||
import { SysInstallInfo, SysLicenseInfo, SysSettingsService } from '../../settings/index.js';
|
||||
import { merge } from 'lodash-es';
|
||||
import fs from 'fs';
|
||||
import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
|
||||
import { AppKey, PlusRequestService } from "@certd/plus-core";
|
||||
import { cache, http, HttpRequestConfig, logger } from "@certd/basic";
|
||||
import { SysInstallInfo, SysLicenseInfo, SysSettingsService } from "../../settings/index.js";
|
||||
import { merge } from "lodash-es";
|
||||
import fs from "fs";
|
||||
@Provide("plusService")
|
||||
@Scope(ScopeEnum.Request, { allowDowngrade: true })
|
||||
export class PlusService {
|
||||
@@ -54,9 +54,9 @@ export class PlusService {
|
||||
await plusRequestService.verify({ license: licenseInfo.license });
|
||||
}
|
||||
|
||||
async bindUrl(url: string, url2?:string) {
|
||||
async bindUrl(url: string, url2?: string) {
|
||||
const plusRequestService = await this.getPlusRequestService();
|
||||
const res = await plusRequestService.bindUrl(url,url2);
|
||||
const res = await plusRequestService.bindUrl(url, url2);
|
||||
this.plusRequestService = null;
|
||||
return res;
|
||||
}
|
||||
@@ -66,7 +66,7 @@ export class PlusService {
|
||||
const licenseInfo: SysLicenseInfo = await this.sysSettingsService.getSetting(SysLicenseInfo);
|
||||
if (!licenseInfo.license) {
|
||||
await plusRequestService.register();
|
||||
logger.info('站点注册成功');
|
||||
logger.info("站点注册成功");
|
||||
this.plusRequestService = null;
|
||||
}
|
||||
}
|
||||
@@ -74,8 +74,8 @@ export class PlusService {
|
||||
async userPreBind(userId: number) {
|
||||
const plusRequestService = await this.getPlusRequestService();
|
||||
await plusRequestService.requestWithoutSign({
|
||||
url: '/activation/subject/preBind',
|
||||
method: 'POST',
|
||||
url: "/activation/subject/preBind",
|
||||
method: "POST",
|
||||
data: {
|
||||
userId,
|
||||
appKey: AppKey,
|
||||
@@ -91,9 +91,9 @@ export class PlusService {
|
||||
if (attachments.length > 0) {
|
||||
const newAttachments: any[] = [];
|
||||
attachments.forEach((item: any) => {
|
||||
const name = item.filename || item.path.split('/').pop();
|
||||
const name = item.filename || item.path.split("/").pop();
|
||||
const body = item.content || fs.readFileSync(item.path);
|
||||
const bodyBase64 = Buffer.from(body).toString('base64');
|
||||
const bodyBase64 = Buffer.from(body).toString("base64");
|
||||
item = {
|
||||
name,
|
||||
body: bodyBase64,
|
||||
@@ -104,7 +104,7 @@ export class PlusService {
|
||||
}
|
||||
|
||||
await plusRequestService.request({
|
||||
url: '/activation/emailSend',
|
||||
url: "/activation/emailSend",
|
||||
data: {
|
||||
subject: email.subject,
|
||||
to: email.receivers,
|
||||
@@ -116,7 +116,7 @@ export class PlusService {
|
||||
}
|
||||
|
||||
async getAccessToken() {
|
||||
const cacheKey = 'certd:subject:access_token';
|
||||
const cacheKey = "certd:subject:access_token";
|
||||
const token = cache.get(cacheKey);
|
||||
if (token) {
|
||||
return token;
|
||||
@@ -131,15 +131,15 @@ export class PlusService {
|
||||
return res.accessToken;
|
||||
}
|
||||
|
||||
async getVipTrial(vipType= "plus") {
|
||||
async getVipTrial(vipType = "plus") {
|
||||
await this.register();
|
||||
const plusRequestService = await this.getPlusRequestService();
|
||||
const res = await plusRequestService.request({
|
||||
url: '/activation/subject/vip/trialGet',
|
||||
method: 'POST',
|
||||
data:{
|
||||
vipType
|
||||
}
|
||||
url: "/activation/subject/vip/trialGet",
|
||||
method: "POST",
|
||||
data: {
|
||||
vipType,
|
||||
},
|
||||
});
|
||||
if (res.license) {
|
||||
await this.updateLicense(res.license);
|
||||
@@ -147,14 +147,14 @@ export class PlusService {
|
||||
duration: res.duration,
|
||||
};
|
||||
} else {
|
||||
throw new Error('您已经领取过VIP试用了');
|
||||
throw new Error("您已经领取过VIP试用了");
|
||||
}
|
||||
}
|
||||
|
||||
async getTodayOrderCount () {
|
||||
async getTodayOrderCount() {
|
||||
await this.register();
|
||||
const plusRequestService = await this.getPlusRequestService();
|
||||
return await plusRequestService.getOrderCount()
|
||||
return await plusRequestService.getOrderCount();
|
||||
}
|
||||
|
||||
async requestWithToken(config: HttpRequestConfig) {
|
||||
@@ -162,7 +162,7 @@ export class PlusService {
|
||||
const token = await this.getAccessToken();
|
||||
merge(config, {
|
||||
baseURL: plusRequestService.getBaseURL(),
|
||||
method: 'post',
|
||||
method: "post",
|
||||
headers: {
|
||||
Authorization: `Berear ${token}`,
|
||||
},
|
||||
|
||||
@@ -1,33 +1,33 @@
|
||||
import { Column, Entity, PrimaryGeneratedColumn } from 'typeorm';
|
||||
import { Column, Entity, PrimaryGeneratedColumn } from "typeorm";
|
||||
|
||||
/**
|
||||
*/
|
||||
@Entity('sys_settings')
|
||||
@Entity("sys_settings")
|
||||
export class SysSettingsEntity {
|
||||
@PrimaryGeneratedColumn()
|
||||
id: number;
|
||||
@Column({ comment: 'key', length: 100 })
|
||||
@Column({ comment: "key", length: 100 })
|
||||
key: string;
|
||||
@Column({ comment: '名称', length: 100 })
|
||||
@Column({ comment: "名称", length: 100 })
|
||||
title: string;
|
||||
|
||||
@Column({ name: 'setting', comment: '设置', length: 1024, nullable: true })
|
||||
@Column({ name: "setting", comment: "设置", length: 1024, nullable: true })
|
||||
setting: string;
|
||||
|
||||
// public 公开读,私有写, private 私有读,私有写
|
||||
@Column({ name: 'access', comment: '访问权限' })
|
||||
@Column({ name: "access", comment: "访问权限" })
|
||||
access: string;
|
||||
|
||||
@Column({
|
||||
name: 'create_time',
|
||||
comment: '创建时间',
|
||||
default: () => 'CURRENT_TIMESTAMP',
|
||||
name: "create_time",
|
||||
comment: "创建时间",
|
||||
default: () => "CURRENT_TIMESTAMP",
|
||||
})
|
||||
createTime: Date;
|
||||
@Column({
|
||||
name: 'update_time',
|
||||
comment: '修改时间',
|
||||
default: () => 'CURRENT_TIMESTAMP',
|
||||
name: "update_time",
|
||||
comment: "修改时间",
|
||||
default: () => "CURRENT_TIMESTAMP",
|
||||
})
|
||||
updateTime: Date;
|
||||
}
|
||||
|
||||
@@ -1,19 +1,19 @@
|
||||
import { cloneDeep } from 'lodash-es';
|
||||
import { cloneDeep } from "lodash-es";
|
||||
|
||||
export class BaseSettings {
|
||||
static __key__: string;
|
||||
static __title__: string;
|
||||
static __access__ = 'private';
|
||||
static __access__ = "private";
|
||||
|
||||
static getCacheKey() {
|
||||
return 'settings.' + this.__key__;
|
||||
return "settings." + this.__key__;
|
||||
}
|
||||
}
|
||||
|
||||
export class SysPublicSettings extends BaseSettings {
|
||||
static __key__ = 'sys.public';
|
||||
static __title__ = '系统公共设置';
|
||||
static __access__ = 'public';
|
||||
static __key__ = "sys.public";
|
||||
static __title__ = "系统公共设置";
|
||||
static __access__ = "public";
|
||||
|
||||
registerEnabled = false;
|
||||
userValidTimeEnabled?: boolean = false;
|
||||
@@ -34,19 +34,15 @@ export class SysPublicSettings extends BaseSettings {
|
||||
aiChatEnabled = true;
|
||||
homePageEnabled = true;
|
||||
|
||||
|
||||
//验证码是否开启
|
||||
captchaEnabled = false;
|
||||
//验证码类型
|
||||
captchaType?: string;
|
||||
captchaAddonId?: number;
|
||||
|
||||
|
||||
|
||||
//流水线是否启用有效期
|
||||
pipelineValidTimeEnabled?: boolean = false;
|
||||
|
||||
|
||||
//证书域名添加到监控
|
||||
certDomainAddToMonitorEnabled?: boolean = false;
|
||||
|
||||
@@ -60,12 +56,15 @@ export class SysPublicSettings extends BaseSettings {
|
||||
|
||||
// 第三方OAuth配置
|
||||
oauthEnabled?: boolean = false;
|
||||
oauthProviders: Record<string, {
|
||||
type: string;
|
||||
title: string;
|
||||
addonId: number;
|
||||
icon?: string;
|
||||
}> = {};
|
||||
oauthProviders: Record<
|
||||
string,
|
||||
{
|
||||
type: string;
|
||||
title: string;
|
||||
addonId: number;
|
||||
icon?: string;
|
||||
}
|
||||
> = {};
|
||||
|
||||
notice?: string;
|
||||
|
||||
@@ -73,40 +72,37 @@ export class SysPublicSettings extends BaseSettings {
|
||||
}
|
||||
|
||||
export class SysPrivateSettings extends BaseSettings {
|
||||
static __title__ = '系统私有设置';
|
||||
static __access__ = 'private';
|
||||
static __key__ = 'sys.private';
|
||||
static __title__ = "系统私有设置";
|
||||
static __access__ = "private";
|
||||
static __key__ = "sys.private";
|
||||
jwtKey?: string;
|
||||
encryptSecret?: string;
|
||||
|
||||
httpsProxy? = '';
|
||||
httpProxy? = '';
|
||||
noProxy? = '';
|
||||
commonHeaders?: string = '';
|
||||
httpsProxy? = "";
|
||||
httpProxy? = "";
|
||||
noProxy? = "";
|
||||
commonHeaders?: string = "";
|
||||
|
||||
reverseProxies?: Record<string, string> = {};
|
||||
|
||||
dnsResultOrder? = '';
|
||||
dnsResultOrder? = "";
|
||||
commonCnameEnabled?: boolean = true;
|
||||
|
||||
httpRequestTimeout?: number = 30;
|
||||
|
||||
pipelineMaxRunningCount?: number;
|
||||
|
||||
|
||||
environmentVars?: string = '';
|
||||
|
||||
environmentVars?: string = "";
|
||||
|
||||
acmeWalkFromAuthoritative?: boolean = true;
|
||||
|
||||
|
||||
sms?: {
|
||||
type?: string;
|
||||
config?: any;
|
||||
} = {
|
||||
type: 'aliyun',
|
||||
config: {},
|
||||
};
|
||||
type: "aliyun",
|
||||
config: {},
|
||||
};
|
||||
|
||||
removeSecret() {
|
||||
const clone = cloneDeep(this);
|
||||
@@ -117,9 +113,9 @@ export class SysPrivateSettings extends BaseSettings {
|
||||
}
|
||||
|
||||
export class SysInstallInfo extends BaseSettings {
|
||||
static __title__ = '系统安装信息';
|
||||
static __key__ = 'sys.install';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "系统安装信息";
|
||||
static __key__ = "sys.install";
|
||||
static __access__ = "private";
|
||||
installTime?: number;
|
||||
siteId?: string;
|
||||
bindUserId?: number;
|
||||
@@ -130,21 +126,20 @@ export class SysInstallInfo extends BaseSettings {
|
||||
}
|
||||
|
||||
export class SysLicenseInfo extends BaseSettings {
|
||||
static __title__ = '授权许可信息';
|
||||
static __key__ = 'sys.license';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "授权许可信息";
|
||||
static __key__ = "sys.license";
|
||||
static __access__ = "private";
|
||||
license?: string;
|
||||
}
|
||||
|
||||
|
||||
export type EmailTemplate = {
|
||||
addonId?: number;
|
||||
}
|
||||
};
|
||||
|
||||
export class SysEmailConf extends BaseSettings {
|
||||
static __title__ = '邮箱配置';
|
||||
static __key__ = 'sys.email';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "邮箱配置";
|
||||
static __key__ = "sys.email";
|
||||
static __access__ = "private";
|
||||
|
||||
host: string;
|
||||
port: number;
|
||||
@@ -160,18 +155,18 @@ export class SysEmailConf extends BaseSettings {
|
||||
sender: string;
|
||||
usePlus?: boolean;
|
||||
|
||||
templates:{
|
||||
registerCode?: EmailTemplate,
|
||||
forgotPassword?: EmailTemplate,
|
||||
pipelineResult?: EmailTemplate,
|
||||
common?: EmailTemplate,
|
||||
}
|
||||
templates: {
|
||||
registerCode?: EmailTemplate;
|
||||
forgotPassword?: EmailTemplate;
|
||||
pipelineResult?: EmailTemplate;
|
||||
common?: EmailTemplate;
|
||||
};
|
||||
}
|
||||
|
||||
export class SysSiteInfo extends BaseSettings {
|
||||
static __title__ = '站点信息';
|
||||
static __key__ = 'sys.site';
|
||||
static __access__ = 'public';
|
||||
static __title__ = "站点信息";
|
||||
static __key__ = "sys.site";
|
||||
static __access__ = "public";
|
||||
title?: string;
|
||||
slogan?: string;
|
||||
logo?: string;
|
||||
@@ -179,9 +174,9 @@ export class SysSiteInfo extends BaseSettings {
|
||||
}
|
||||
|
||||
export class SysSecretBackup extends BaseSettings {
|
||||
static __title__ = '密钥信息备份';
|
||||
static __key__ = 'sys.secret.backup';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "密钥信息备份";
|
||||
static __key__ = "sys.secret.backup";
|
||||
static __access__ = "private";
|
||||
siteId?: string;
|
||||
encryptSecret?: string;
|
||||
}
|
||||
@@ -190,9 +185,9 @@ export class SysSecretBackup extends BaseSettings {
|
||||
* 不要修改
|
||||
*/
|
||||
export class SysSecret extends BaseSettings {
|
||||
static __title__ = '密钥信息';
|
||||
static __key__ = 'sys.secret';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "密钥信息";
|
||||
static __key__ = "sys.secret";
|
||||
static __access__ = "private";
|
||||
siteId?: string;
|
||||
encryptSecret?: string;
|
||||
}
|
||||
@@ -215,9 +210,9 @@ export type MenuItem = {
|
||||
children?: MenuItem[];
|
||||
};
|
||||
export class SysHeaderMenus extends BaseSettings {
|
||||
static __title__ = '顶部菜单';
|
||||
static __key__ = 'sys.header.menus';
|
||||
static __access__ = 'public';
|
||||
static __title__ = "顶部菜单";
|
||||
static __key__ = "sys.header.menus";
|
||||
static __access__ = "public";
|
||||
|
||||
menus: MenuItem[];
|
||||
}
|
||||
@@ -228,9 +223,9 @@ export type PaymentItem = {
|
||||
};
|
||||
|
||||
export class SysPaymentSetting extends BaseSettings {
|
||||
static __title__ = '支付设置';
|
||||
static __key__ = 'sys.payment';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "支付设置";
|
||||
static __key__ = "sys.payment";
|
||||
static __access__ = "private";
|
||||
|
||||
yizhifu?: PaymentItem = { enabled: false };
|
||||
|
||||
@@ -240,9 +235,9 @@ export class SysPaymentSetting extends BaseSettings {
|
||||
}
|
||||
|
||||
export class SysSuiteSetting extends BaseSettings {
|
||||
static __title__ = '套餐设置';
|
||||
static __key__ = 'sys.suite';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "套餐设置";
|
||||
static __key__ = "sys.suite";
|
||||
static __access__ = "private";
|
||||
|
||||
enabled: boolean = false;
|
||||
|
||||
@@ -257,26 +252,25 @@ export class SysSuiteSetting extends BaseSettings {
|
||||
}
|
||||
|
||||
export class SysAutoFixSetting extends BaseSettings {
|
||||
static __title__ = '自动修复记录';
|
||||
static __key__ = 'sys.auto.fix';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "自动修复记录";
|
||||
static __key__ = "sys.auto.fix";
|
||||
static __access__ = "private";
|
||||
|
||||
fixed: Record<string, boolean> = {};
|
||||
}
|
||||
|
||||
|
||||
export type SiteHidden = {
|
||||
enabled: boolean;
|
||||
openPath?: string;
|
||||
//md5 hash 两次后保存
|
||||
openPassword?: string;
|
||||
autoHiddenTimes?: number;
|
||||
hiddenOpenApi?: boolean
|
||||
hiddenOpenApi?: boolean;
|
||||
};
|
||||
export class SysSafeSetting extends BaseSettings {
|
||||
static __title__ = '站点安全设置';
|
||||
static __key__ = 'sys.safe';
|
||||
static __access__ = 'private';
|
||||
static __title__ = "站点安全设置";
|
||||
static __key__ = "sys.safe";
|
||||
static __access__ = "private";
|
||||
|
||||
// 站点隐藏
|
||||
hidden: SiteHidden = {
|
||||
|
||||
@@ -1,29 +1,20 @@
|
||||
import { IAccessService, IRuntimeDepsService } from "@certd/pipeline";
|
||||
|
||||
export type AccessRuntimeDepsService = IRuntimeDepsService;
|
||||
import { IAccessService } from "@certd/pipeline";
|
||||
|
||||
export class AccessGetter implements IAccessService {
|
||||
userId: number;
|
||||
projectId?: number;
|
||||
runtimeDepsService?: AccessRuntimeDepsService;
|
||||
getter: <T>(id: any, userId?: number, projectId?: number, ignorePermission?: boolean, runtimeDepsService?: AccessRuntimeDepsService) => Promise<T>;
|
||||
constructor(
|
||||
userId: number,
|
||||
projectId: number,
|
||||
getter: (id: any, userId: number, projectId?: number, ignorePermission?: boolean, runtimeDepsService?: AccessRuntimeDepsService) => Promise<any>,
|
||||
runtimeDepsService?: AccessRuntimeDepsService
|
||||
) {
|
||||
getter: <T>(id: any, userId?: number, projectId?: number, ignorePermission?: boolean) => Promise<T>;
|
||||
constructor(userId: number, projectId: number, getter: (id: any, userId: number, projectId?: number, ignorePermission?: boolean) => Promise<any>) {
|
||||
this.userId = userId;
|
||||
this.projectId = projectId;
|
||||
this.getter = getter;
|
||||
this.runtimeDepsService = runtimeDepsService;
|
||||
}
|
||||
|
||||
async getById<T = any>(id: any) {
|
||||
return await this.getter<T>(id, this.userId, this.projectId, false, this.runtimeDepsService);
|
||||
return await this.getter<T>(id, this.userId, this.projectId, false);
|
||||
}
|
||||
|
||||
async getCommonById<T = any>(id: any) {
|
||||
return await this.getter<T>(id, 0, null, false, this.runtimeDepsService);
|
||||
return await this.getter<T>(id, 0, null, false);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import { Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
|
||||
import { ApplicationContext, Inject, Provide, Scope, ScopeEnum } from "@midwayjs/core";
|
||||
import type { IMidwayContainer } from "@midwayjs/core";
|
||||
import { InjectEntityModel } from "@midwayjs/typeorm";
|
||||
import { In, Repository } from "typeorm";
|
||||
import { AccessGetter, BaseService, PageReq, PermissionException, ValidateException } from "../../../index.js";
|
||||
import type { AccessRuntimeDepsService } from "./access-getter.js";
|
||||
import { AccessEntity } from "../entity/access.js";
|
||||
import { AccessDefine, accessRegistry, newAccess } from "@certd/pipeline";
|
||||
import { EncryptService } from "./encrypt-service.js";
|
||||
@@ -20,6 +20,9 @@ export class AccessService extends BaseService<AccessEntity> {
|
||||
@Inject()
|
||||
encryptService: EncryptService;
|
||||
|
||||
@ApplicationContext()
|
||||
applicationContext: IMidwayContainer;
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
||||
//@ts-ignore
|
||||
getRepository() {
|
||||
@@ -35,7 +38,7 @@ export class AccessService extends BaseService<AccessEntity> {
|
||||
return res;
|
||||
}
|
||||
|
||||
async add(param) {
|
||||
async add(param: any): Promise<{ id: number; [key: string]: any }> {
|
||||
let oldEntity = null;
|
||||
if (param._copyFrom) {
|
||||
oldEntity = await this.info(param._copyFrom);
|
||||
@@ -161,7 +164,7 @@ export class AccessService extends BaseService<AccessEntity> {
|
||||
};
|
||||
}
|
||||
|
||||
async getAccessById(id: any, checkUserId: boolean, userId?: number, projectId?: number, runtimeDepsService?: AccessRuntimeDepsService): Promise<any> {
|
||||
async getAccessById(id: any, checkUserId: boolean, userId?: number, projectId?: number): Promise<any> {
|
||||
const entity = await this.info(id);
|
||||
if (entity == null) {
|
||||
throw new Error(`该授权配置不存在,请确认是否已被删除:id=${id}`);
|
||||
@@ -184,20 +187,23 @@ export class AccessService extends BaseService<AccessEntity> {
|
||||
id: entity.id,
|
||||
...setting,
|
||||
};
|
||||
const taskServiceBuilder: any = await this.applicationContext.getAsync("taskServiceBuilder");
|
||||
const serviceGetter = taskServiceBuilder.create({ userId: userId || 0, projectId });
|
||||
const getAccessById = this.getById.bind(this);
|
||||
const accessGetter = new AccessGetter(userId, projectId, getAccessById, runtimeDepsService);
|
||||
const accessGetter = new AccessGetter(userId, projectId, getAccessById);
|
||||
const accessContext = {
|
||||
logger,
|
||||
http,
|
||||
utils,
|
||||
accessService: accessGetter,
|
||||
serviceGetter,
|
||||
} as any;
|
||||
const access = await newAccess(entity.type, input, accessGetter, accessContext);
|
||||
return access;
|
||||
}
|
||||
|
||||
async getById(id: any, userId: number, projectId?: number, _ignorePermission?: boolean, runtimeDepsService?: AccessRuntimeDepsService): Promise<any> {
|
||||
return await this.getAccessById(id, true, userId, projectId, runtimeDepsService);
|
||||
async getById(id: any, userId: number, projectId?: number, _ignorePermission?: boolean): Promise<any> {
|
||||
return await this.getAccessById(id, true, userId, projectId);
|
||||
}
|
||||
|
||||
decryptAccessEntity(entity: AccessEntity): any {
|
||||
|
||||
@@ -1,15 +1,6 @@
|
||||
import { HttpClient, ILogger, utils } from "@certd/basic";
|
||||
import {upperFirst} from "lodash-es";
|
||||
import {
|
||||
accessRegistry,
|
||||
FormItemProps,
|
||||
IAccessService,
|
||||
IRuntimeDepsService,
|
||||
IServiceGetter,
|
||||
PluginRequestHandleReq,
|
||||
Registrable
|
||||
} from "@certd/pipeline";
|
||||
|
||||
import { upperFirst } from "lodash-es";
|
||||
import { accessRegistry, FormItemProps, IAccessService, IServiceGetter, PluginRequestHandleReq, Registrable, getRuntimeDepsService } from "@certd/pipeline";
|
||||
|
||||
export type AddonRequestHandleReqInput<T = any> = {
|
||||
id?: number;
|
||||
@@ -19,7 +10,7 @@ export type AddonRequestHandleReqInput<T = any> = {
|
||||
|
||||
export type AddonRequestHandleReq<T = any> = {
|
||||
addonType: string;
|
||||
} &PluginRequestHandleReq<AddonRequestHandleReqInput<T>>;
|
||||
} & PluginRequestHandleReq<AddonRequestHandleReqInput<T>>;
|
||||
|
||||
export type AddonInputDefine = FormItemProps & {
|
||||
title: string;
|
||||
@@ -48,8 +39,6 @@ export type AddonInstanceConfig = {
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
export interface IAddon {
|
||||
ctx: AddonContext;
|
||||
[key: string]: any;
|
||||
@@ -67,13 +56,9 @@ export abstract class BaseAddon implements IAddon {
|
||||
ctx!: AddonContext;
|
||||
http!: HttpClient;
|
||||
logger!: ILogger;
|
||||
runtimeDepsService?: IRuntimeDepsService;
|
||||
|
||||
async importRuntime(specifier: string) {
|
||||
if (!this.runtimeDepsService) {
|
||||
return await import(specifier);
|
||||
}
|
||||
return await this.runtimeDepsService.importRuntime(specifier, this.logger);
|
||||
return await getRuntimeDepsService().importRuntime(specifier, this.logger);
|
||||
}
|
||||
|
||||
title!: string;
|
||||
@@ -85,7 +70,7 @@ export abstract class BaseAddon implements IAddon {
|
||||
if (accessId == null) {
|
||||
throw new Error("您还没有配置授权");
|
||||
}
|
||||
const accessService = await this.ctx.serviceGetter.get<IAccessService>("accessService")
|
||||
const accessService = await this.ctx.serviceGetter.get<IAccessService>("accessService");
|
||||
let res: any = null;
|
||||
if (isCommon) {
|
||||
res = await accessService.getCommonById(accessId);
|
||||
@@ -118,18 +103,12 @@ export abstract class BaseAddon implements IAddon {
|
||||
this.ctx = ctx;
|
||||
this.http = ctx.http;
|
||||
this.logger = ctx.logger;
|
||||
if (!this.runtimeDepsService && this.ctx.serviceGetter) {
|
||||
this.runtimeDepsService = await this.ctx.serviceGetter.get("runtimeDepsService");
|
||||
}
|
||||
if (this.runtimeDepsService && this.define?.addonType && this.define?.name) {
|
||||
await this.runtimeDepsService.ensureRuntimeDependencies({ pluginKeys: `addon:${this.define.addonType}:${this.define.name}`, logger: this.logger });
|
||||
}
|
||||
}
|
||||
setDefine = (define:AddonDefine) => {
|
||||
setDefine = (define: AddonDefine) => {
|
||||
this.define = define;
|
||||
};
|
||||
|
||||
async onRequest(req:AddonRequestHandleReq) {
|
||||
async onRequest(req: AddonRequestHandleReq) {
|
||||
if (!req.action) {
|
||||
throw new Error("action is required");
|
||||
}
|
||||
@@ -147,10 +126,8 @@ export abstract class BaseAddon implements IAddon {
|
||||
}
|
||||
throw new Error(`action ${req.action} not found`);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
export interface IAddonGetter {
|
||||
getById<T = any>(id: any): Promise<T>;
|
||||
getCommonById<T = any>(id: any): Promise<T>;
|
||||
|
||||
@@ -3,6 +3,32 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 给SQLITE_IOERR_WRITE增加友好报错提示,将certd:latest镜像改为certd:slim ([b91c9e4](https://github.com/certd/certd/commit/b91c9e4ea671cb359ef164e27864de1d66cba9d3))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/midway-flyway-js
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/midway-flyway-js
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/midway-flyway-js
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/midway-flyway-js
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
**Note:** Version bump only for package @certd/midway-flyway-js
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@certd/midway-flyway-js",
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"description": "midway with flyway, sql upgrade way ",
|
||||
"private": false,
|
||||
"type": "module",
|
||||
@@ -52,5 +52,5 @@
|
||||
"typeorm": "^0.3.20",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import * as path from 'path';
|
||||
import * as fs from 'fs';
|
||||
import { QueryRunner, Table } from 'typeorm';
|
||||
import { FlywayHistory } from './entity.js';
|
||||
import * as crypto from 'crypto';
|
||||
import * as path from "path";
|
||||
import * as fs from "fs";
|
||||
import { QueryRunner, Table } from "typeorm";
|
||||
import { FlywayHistory } from "./entity.js";
|
||||
import * as crypto from "crypto";
|
||||
|
||||
/**
|
||||
* 脚本文件信息
|
||||
@@ -32,10 +32,10 @@ const DefaultLogger = {
|
||||
},
|
||||
};
|
||||
|
||||
let customLogger:any = null;
|
||||
export function setFlywayLogger (logger: any) {
|
||||
let customLogger: any = null;
|
||||
export function setFlywayLogger(logger: any) {
|
||||
customLogger = logger;
|
||||
};
|
||||
}
|
||||
|
||||
export class Flyway {
|
||||
scriptDir;
|
||||
@@ -45,8 +45,8 @@ export class Flyway {
|
||||
connection;
|
||||
logger;
|
||||
constructor(opts: any) {
|
||||
this.scriptDir = opts.scriptDir ?? 'db/migration';
|
||||
this.flywayTableName = opts.flywayTableName ?? 'flyway_history';
|
||||
this.scriptDir = opts.scriptDir ?? "db/migration";
|
||||
this.flywayTableName = opts.flywayTableName ?? "flyway_history";
|
||||
this.baseline = opts.baseline ?? false;
|
||||
this.allowHashNotMatch = opts.allowHashNotMatch ?? false;
|
||||
this.logger = customLogger || opts.logger || DefaultLogger;
|
||||
@@ -54,9 +54,9 @@ export class Flyway {
|
||||
}
|
||||
|
||||
async run(ignores?: (RegExp | string)[]) {
|
||||
this.logger.info('[ midfly ] start-------------');
|
||||
this.logger.info("[ midfly ] start-------------");
|
||||
if (!fs.existsSync(this.scriptDir)) {
|
||||
this.logger.info('[ midfly ] scriptDir<' + this.scriptDir + '> not found');
|
||||
this.logger.info("[ midfly ] scriptDir<" + this.scriptDir + "> not found");
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -77,7 +77,7 @@ export class Flyway {
|
||||
continue;
|
||||
}
|
||||
if (!file.isBaseline) {
|
||||
this.logger.info('need exec script file: ', file.script);
|
||||
this.logger.info("need exec script file: ", file.script);
|
||||
//执行sql文件
|
||||
if (/\.sql$/.test(file.script)) {
|
||||
await this.execSql(filepath, queryRunner);
|
||||
@@ -87,7 +87,7 @@ export class Flyway {
|
||||
// await this.execJsOrTs(filepath, t);
|
||||
// }
|
||||
} else {
|
||||
this.logger.info('baseline script file: ', file.script);
|
||||
this.logger.info("baseline script file: ", file.script);
|
||||
}
|
||||
await this.storeSqlExecLog(file.script, filepath, true, queryRunner);
|
||||
await queryRunner.commitTransaction();
|
||||
@@ -95,10 +95,15 @@ export class Flyway {
|
||||
this.logger.error(err);
|
||||
await this.storeSqlExecLog(file.script, filepath, false, queryRunner);
|
||||
await queryRunner.rollbackTransaction();
|
||||
|
||||
if (err.code === "SQLITE_IOERR_WRITE") {
|
||||
this.logger.warn("SQLite数据库写入失败,可能您的操作系统版本太低,请将「certd:latest」镜像改为「certd:slim」即可。(如需指定版本可以修改成「certd:[version]-slim」)", file.script);
|
||||
}
|
||||
|
||||
throw err;
|
||||
}
|
||||
}
|
||||
this.logger.info('[ midfly ] end-------------');
|
||||
this.logger.info("[ midfly ] end-------------");
|
||||
}
|
||||
|
||||
private async storeSqlExecLog(filename: string, filepath: string, success: boolean, queryRunner: QueryRunner) {
|
||||
@@ -160,17 +165,17 @@ export class Flyway {
|
||||
name: this.flywayTableName,
|
||||
columns: [
|
||||
{
|
||||
name: 'id',
|
||||
name: "id",
|
||||
type: this.connection.driver.normalizeType({
|
||||
type: this.connection.driver.mappedDataTypes.migrationId,
|
||||
}),
|
||||
isGenerated: true,
|
||||
generationStrategy: 'increment',
|
||||
generationStrategy: "increment",
|
||||
isPrimary: true,
|
||||
isNullable: false,
|
||||
},
|
||||
{
|
||||
name: 'timestamp',
|
||||
name: "timestamp",
|
||||
type: this.connection.driver.normalizeType({
|
||||
type: this.connection.driver.mappedDataTypes.migrationTimestamp,
|
||||
}),
|
||||
@@ -178,23 +183,23 @@ export class Flyway {
|
||||
isNullable: false,
|
||||
},
|
||||
{
|
||||
name: 'name',
|
||||
name: "name",
|
||||
type: this.connection.driver.normalizeType({
|
||||
type: this.connection.driver.mappedDataTypes.migrationName,
|
||||
}),
|
||||
isNullable: false,
|
||||
},
|
||||
{
|
||||
name: 'hash',
|
||||
name: "hash",
|
||||
type: this.connection.driver.normalizeType({
|
||||
type: this.connection.driver.mappedDataTypes.migrationName,
|
||||
}),
|
||||
isNullable: true,
|
||||
},
|
||||
{
|
||||
name: 'success',
|
||||
name: "success",
|
||||
type: this.connection.driver.normalizeType({
|
||||
type: 'boolean',
|
||||
type: "boolean",
|
||||
}),
|
||||
isNullable: true,
|
||||
},
|
||||
@@ -210,7 +215,7 @@ export class Flyway {
|
||||
}
|
||||
let ret = false;
|
||||
for (const ignore of ignores) {
|
||||
if (typeof ignore === 'string' && file === ignore) {
|
||||
if (typeof ignore === "string" && file === ignore) {
|
||||
ret = true;
|
||||
break;
|
||||
}
|
||||
@@ -233,20 +238,20 @@ export class Flyway {
|
||||
if (history.hash !== hash && this.allowHashNotMatch === false) {
|
||||
throw new Error(file + `hash conflict ,old: ${history.hash} != new: ${hash}`);
|
||||
}
|
||||
this.logger.info('[ midfly ] script<' + file + '> already executed');
|
||||
this.logger.info("[ midfly ] script<" + file + "> already executed");
|
||||
return true;
|
||||
}
|
||||
this.logger.info('[ midfly ] script<' + file + '> not yet execute');
|
||||
this.logger.info("[ midfly ] script<" + file + "> not yet execute");
|
||||
return false;
|
||||
}
|
||||
|
||||
private async getFileHash(filepath: string) {
|
||||
const content = fs.readFileSync(filepath).toString();
|
||||
return crypto.createHash('md5').update(content.toString()).digest('hex');
|
||||
return crypto.createHash("md5").update(content.toString()).digest("hex");
|
||||
}
|
||||
|
||||
private async execSql(filepath: string, queryRunner: QueryRunner) {
|
||||
this.logger.info('[ midfly ] exec ', filepath);
|
||||
this.logger.info("[ midfly ] exec ", filepath);
|
||||
const content = fs.readFileSync(filepath).toString().trim();
|
||||
const arr = this.splitSql2Array(content);
|
||||
for (const s of arr) {
|
||||
@@ -255,11 +260,11 @@ export class Flyway {
|
||||
}
|
||||
|
||||
private async execOnePart(sql: string, queryRunner: QueryRunner) {
|
||||
this.logger.debug('exec sql index: ', sql);
|
||||
this.logger.debug("exec sql index: ", sql);
|
||||
try {
|
||||
await queryRunner.query(sql);
|
||||
} catch (err: any) {
|
||||
this.logger.error('exec sql error : ', err.message, err);
|
||||
this.logger.error("exec sql error : ", err.message, err);
|
||||
throw err;
|
||||
}
|
||||
}
|
||||
@@ -275,11 +280,11 @@ export class Flyway {
|
||||
|
||||
const temp = String(str).trim();
|
||||
|
||||
if (temp === 'null') {
|
||||
if (temp === "null") {
|
||||
return [];
|
||||
}
|
||||
|
||||
const semicolon = ';';
|
||||
const semicolon = ";";
|
||||
const deepChars = ['"', "'"];
|
||||
const splits = [];
|
||||
|
||||
@@ -289,7 +294,7 @@ export class Flyway {
|
||||
|
||||
if (deepChars.indexOf(charAt) >= 0) {
|
||||
//如果是深度char
|
||||
if (i !== 0 && temp.charAt(i - 1) === '\\') {
|
||||
if (i !== 0 && temp.charAt(i - 1) === "\\") {
|
||||
//如果前一个是转义字符,忽略它
|
||||
} else {
|
||||
//说明需要进出深度了
|
||||
|
||||
@@ -3,6 +3,30 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-cert
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-cert
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-cert
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-cert
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-cert
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-cert
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-cert
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@certd/plugin-cert",
|
||||
"private": false,
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"type": "module",
|
||||
"main": "./dist/index.js",
|
||||
"types": "./dist/index.d.ts",
|
||||
@@ -20,7 +20,7 @@
|
||||
"lint": "eslint --fix"
|
||||
},
|
||||
"dependencies": {
|
||||
"@certd/plugin-lib": "^1.41.4"
|
||||
"@certd/plugin-lib": "^1.42.5"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/chai": "^4.3.12",
|
||||
@@ -38,5 +38,5 @@
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"extension": ["ts"],
|
||||
"spec": "test/**/*.test.ts",
|
||||
"require": "ts-node/register"
|
||||
"node-option": ["loader=ts-node/esm", "no-warnings"]
|
||||
}
|
||||
@@ -3,6 +3,47 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复上传到cos报runtimeDepsService未初始化的问题 ([167b303](https://github.com/certd/certd/commit/167b303faeca02cc11cf97e4be2a3df914852167))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **pipeline:** 重构运行时依赖加载逻辑,修复火山引擎DNS解析报runtimeDepsService未初始化的bug ([ec69b8f](https://github.com/certd/certd/commit/ec69b8f11bfd4b20991aef74a72a47182ca79a9d))
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-lib
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-lib
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复jdk证书格式的问题 ([260f5ae](https://github.com/certd/certd/commit/260f5ae777b83493b0c578fe30fd00ec0c873226))
|
||||
|
||||
### Features
|
||||
|
||||
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
|
||||
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
**Note:** Version bump only for package @certd/plugin-lib
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "@certd/plugin-lib",
|
||||
"private": false,
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"type": "module",
|
||||
"main": "./dist/index.js",
|
||||
"types": "./dist/index.d.ts",
|
||||
@@ -10,26 +10,23 @@
|
||||
"before-build": "rimraf dist && rimraf tsconfig.tsbuildinfo && rimraf .rollup.cache",
|
||||
"build": "npm run before-build && tsc -p tsconfig.build.json --skipLibCheck",
|
||||
"dev-build": "npm run build",
|
||||
"build3": "rollup -c",
|
||||
"build2": "vue-tsc --noEmit && vite build",
|
||||
"preview": "vite preview",
|
||||
"test:unit": "cross-env NODE_ENV=unittest mocha --no-config --node-option no-warnings --node-option loader=ts-node/esm \"src/**/*.test.ts\"",
|
||||
"test:unit": "cross-env NODE_ENV=unittest mocha",
|
||||
"pub": "npm publish",
|
||||
"compile": "tsc --skipLibCheck --watch",
|
||||
"format": "prettier --write src",
|
||||
"lint": "eslint --fix"
|
||||
},
|
||||
"dependencies": {
|
||||
"@certd/acme-client": "^1.41.4",
|
||||
"@certd/basic": "^1.41.4",
|
||||
"@certd/pipeline": "^1.41.4",
|
||||
"@certd/acme-client": "^1.42.5",
|
||||
"@certd/basic": "^1.42.5",
|
||||
"@certd/pipeline": "^1.42.5",
|
||||
"dayjs": "^1.11.7",
|
||||
"jszip": "^3.10.1",
|
||||
"lodash-es": "^4.17.21",
|
||||
"psl": "^1.15.0",
|
||||
"punycode.js": "^2.3.1"
|
||||
},
|
||||
"devDependencies": {
|
||||
"rimraf": "^5.0.5",
|
||||
"@types/chai": "^4.3.12",
|
||||
"@types/mocha": "^10.0.6",
|
||||
"@typescript-eslint/eslint-plugin": "^8.26.1",
|
||||
@@ -41,10 +38,12 @@
|
||||
"eslint-plugin-prettier": "^5.1.3",
|
||||
"esmock": "^2.7.5",
|
||||
"mocha": "^10.6.0",
|
||||
"node-forge": "^1.3.1",
|
||||
"prettier": "3.3.3",
|
||||
"rimraf": "^5.0.5",
|
||||
"ts-node": "^10.9.2",
|
||||
"tslib": "^2.8.1",
|
||||
"typescript": "^5.4.2"
|
||||
},
|
||||
"gitHead": "bc731e4fb119787930e816a7d57c808b1b5cd66a"
|
||||
"gitHead": "83495b32138cf831b4ea02054d12981d9787ebf0"
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@ import cryptoLib from "crypto";
|
||||
import { ILogger } from "@certd/basic";
|
||||
import dayjs from "dayjs";
|
||||
import { uniq } from "lodash-es";
|
||||
import JSZip from "jszip";
|
||||
|
||||
export interface ICertInfoGetter {
|
||||
getByPipelineId: (pipelineId: number) => Promise<CertInfo>;
|
||||
@@ -301,4 +302,70 @@ export class CertReader {
|
||||
static buildCertName(cert: CertInfo, useHash: boolean = false) {
|
||||
return new CertReader(cert).buildCertName("", useHash);
|
||||
}
|
||||
|
||||
async buildZip(): Promise<Buffer> {
|
||||
const cert = this.cert;
|
||||
|
||||
const zip = new JSZip();
|
||||
|
||||
if (cert.crt) {
|
||||
zip.file("证书.pem", cert.crt);
|
||||
}
|
||||
if (cert.key) {
|
||||
zip.file("私钥.pem", cert.key);
|
||||
}
|
||||
if (cert.ic) {
|
||||
zip.file("中间证书.pem", cert.ic);
|
||||
}
|
||||
if (cert.crt) {
|
||||
zip.file("cert.crt", cert.crt);
|
||||
}
|
||||
if (cert.key) {
|
||||
zip.file("cert.key", cert.key);
|
||||
}
|
||||
if (cert.ic) {
|
||||
zip.file("intermediate.crt", cert.ic);
|
||||
}
|
||||
if (cert.oc) {
|
||||
zip.file("origin.crt", cert.oc);
|
||||
}
|
||||
if (cert.one) {
|
||||
zip.file("one.pem", cert.one);
|
||||
}
|
||||
if (cert.p7b) {
|
||||
zip.file("cert.p7b", cert.p7b);
|
||||
}
|
||||
if (cert.pfx) {
|
||||
zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
|
||||
}
|
||||
if (cert.der) {
|
||||
zip.file("cert.der", Buffer.from(cert.der, "base64"));
|
||||
}
|
||||
if (cert.jks) {
|
||||
zip.file("cert.jks", Buffer.from(cert.jks, "base64"));
|
||||
}
|
||||
|
||||
zip.file(
|
||||
"说明.txt",
|
||||
`证书文件说明
|
||||
cert.crt:证书文件,包含证书链,pem格式
|
||||
cert.key:私钥文件,pem格式
|
||||
intermediate.crt:中间证书文件,pem格式
|
||||
origin.crt:原始证书文件,不含证书链,pem格式
|
||||
one.pem: 证书和私钥简单合并成一个文件,pem格式,crt正文+key正文
|
||||
cert.pfx:pfx格式证书文件,iis服务器使用
|
||||
cert.der:der格式证书文件
|
||||
cert.jks:jks格式证书文件,java服务器使用
|
||||
`
|
||||
);
|
||||
|
||||
return zip.generateAsync({ type: "nodebuffer" });
|
||||
}
|
||||
|
||||
buildZipFilename(prefix = "cert"): string {
|
||||
let domain = this.getMainDomain();
|
||||
domain = domain.replaceAll(".", "_").replaceAll("*", "_");
|
||||
const timeStr = dayjs().format("YYYYMMDDHHmmss");
|
||||
return `${prefix}_${domain}_${timeStr}.zip`;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { ILogger, sp } from "@certd/basic";
|
||||
import { ILogger, sp, http } from "@certd/basic";
|
||||
import type { CertInfo } from "./cert-reader.js";
|
||||
import { CertReader, CertReaderHandleContext } from "./cert-reader.js";
|
||||
import path from "path";
|
||||
@@ -52,6 +52,81 @@ export class CertConverter {
|
||||
});
|
||||
}
|
||||
|
||||
async getJksGoPath(): Promise<string> {
|
||||
const osType = process.platform === "win32" ? "windows" : "linux";
|
||||
const jksGoDir = path.resolve("./tools/jks-go");
|
||||
const JKS_GO_VERSION = process.env.JKS_GO_VERSION || "1.0.0";
|
||||
|
||||
const versionFile = path.join(jksGoDir, "version");
|
||||
const finalPath = path.join(jksGoDir, osType === "windows" ? "jks-go.exe" : "jks-go");
|
||||
|
||||
let needDownload = false;
|
||||
if (!fs.existsSync(finalPath)) {
|
||||
needDownload = true;
|
||||
} else if (!fs.existsSync(versionFile)) {
|
||||
needDownload = true;
|
||||
} else {
|
||||
const currentVersion = fs.readFileSync(versionFile, "utf-8").trim();
|
||||
if (currentVersion !== JKS_GO_VERSION) {
|
||||
this.logger.info(`jks-go版本不匹配,当前版本:${currentVersion},期望版本:${JKS_GO_VERSION},准备重新下载`);
|
||||
needDownload = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (!needDownload) {
|
||||
return finalPath;
|
||||
}
|
||||
|
||||
if (!fs.existsSync(jksGoDir)) {
|
||||
fs.mkdirSync(jksGoDir, { recursive: true });
|
||||
}
|
||||
|
||||
const arch = process.arch;
|
||||
let platformArch = "amd64";
|
||||
if (arch === "arm64") {
|
||||
platformArch = "arm64";
|
||||
} else if (arch === "arm") {
|
||||
platformArch = "arm_armv7";
|
||||
}
|
||||
|
||||
let jksGoFileName = `jks-go_${osType}_${platformArch}`;
|
||||
if (osType === "windows") {
|
||||
jksGoFileName += ".exe";
|
||||
}
|
||||
|
||||
const jksGoFilePath = path.join(jksGoDir, jksGoFileName);
|
||||
this.logger.info(`jks-go文件不存在或版本不匹配,准备下载:${jksGoFileName}`);
|
||||
const downloadUrl = `https://atomgit.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/${jksGoFileName}`;
|
||||
// https://atomgit.com/certd/jks-go/releases/download/v1.0.2/jks-go_linux_amd64
|
||||
const response = await http.request({
|
||||
url: downloadUrl,
|
||||
method: "GET",
|
||||
responseType: "arraybuffer",
|
||||
logRes: false,
|
||||
logParams: false,
|
||||
logData: false,
|
||||
});
|
||||
|
||||
const buffer = Buffer.from(response);
|
||||
fs.writeFileSync(jksGoFilePath, buffer);
|
||||
this.logger.info("下载jks-go成功");
|
||||
|
||||
if (fs.existsSync(finalPath)) {
|
||||
fs.unlinkSync(finalPath);
|
||||
}
|
||||
fs.copyFileSync(jksGoFilePath, finalPath);
|
||||
if (osType === "linux") {
|
||||
await sp.spawn({
|
||||
cmd: `chmod +x ${finalPath}`,
|
||||
});
|
||||
}
|
||||
|
||||
fs.writeFileSync(versionFile, JKS_GO_VERSION, "utf-8");
|
||||
this.logger.info(`jks-go版本已更新为:${JKS_GO_VERSION}`);
|
||||
|
||||
return finalPath;
|
||||
}
|
||||
|
||||
private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string, pfxArgs: string) {
|
||||
const { tmpCrtPath, tmpKeyPath } = opts;
|
||||
|
||||
@@ -118,22 +193,22 @@ export class CertConverter {
|
||||
const jksPassword = pfxPassword || "123456";
|
||||
try {
|
||||
const randomStr = Math.floor(Math.random() * 1000000) + "";
|
||||
const { tmpOnePath } = opts;
|
||||
|
||||
const p12Path = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.p12`);
|
||||
const { tmpCrtPath, tmpKeyPath } = opts;
|
||||
let passwordArg = "-passout pass:";
|
||||
if (jksPassword) {
|
||||
passwordArg = `-password pass:${jksPassword}`;
|
||||
}
|
||||
await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
|
||||
|
||||
const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
|
||||
const dir = path.dirname(jksPath);
|
||||
const bundlePath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_bundle.pem`);
|
||||
const dir = path.dirname(bundlePath);
|
||||
if (!fs.existsSync(dir)) {
|
||||
fs.mkdirSync(dir, { recursive: true });
|
||||
}
|
||||
await this.exec(`keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype JKS -deststorepass "${jksPassword}" `);
|
||||
fs.unlinkSync(p12Path);
|
||||
|
||||
const crtContent = fs.readFileSync(tmpOnePath);
|
||||
fs.writeFileSync(bundlePath, crtContent);
|
||||
|
||||
const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
|
||||
|
||||
const jksGoPath = await this.getJksGoPath();
|
||||
await this.exec(`${jksGoPath} -importkeystore -srckeystore ${bundlePath} -srcstoretype PEM -destkeystore ${jksPath} -deststorepass "${jksPassword}"`);
|
||||
fs.unlinkSync(bundlePath);
|
||||
|
||||
const fileBuffer = fs.readFileSync(jksPath);
|
||||
const certBase64 = fileBuffer.toString("base64");
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { HttpClient, ILogger } from "@certd/basic";
|
||||
import { IAccessService, IRuntimeDepsService, PageRes, PageSearch } from "@certd/pipeline";
|
||||
import { IAccessService, PageRes, PageSearch, getRuntimeDepsService } from "@certd/pipeline";
|
||||
import punycode from "punycode.js";
|
||||
import { CreateRecordOptions, DnsProviderContext, DnsProviderDefine, DnsResolveRecord, DomainRecord, IDnsProvider, RemoveRecordOptions } from "./api.js";
|
||||
import { dnsProviderRegistry } from "./registry.js";
|
||||
@@ -7,13 +7,9 @@ export abstract class AbstractDnsProvider<T = any> implements IDnsProvider<T> {
|
||||
ctx!: DnsProviderContext;
|
||||
http!: HttpClient;
|
||||
logger!: ILogger;
|
||||
runtimeDepsService?: IRuntimeDepsService;
|
||||
|
||||
async importRuntime(specifier: string) {
|
||||
if (!this.runtimeDepsService) {
|
||||
throw new Error("runtimeDepsService 未初始化");
|
||||
}
|
||||
return await this.runtimeDepsService.importRuntime(specifier, this.logger);
|
||||
return await getRuntimeDepsService().importRuntime(specifier, this.logger);
|
||||
}
|
||||
|
||||
usePunyCode(): boolean {
|
||||
@@ -42,12 +38,6 @@ export abstract class AbstractDnsProvider<T = any> implements IDnsProvider<T> {
|
||||
this.ctx = ctx;
|
||||
this.logger = ctx.logger;
|
||||
this.http = ctx.http;
|
||||
if (!this.runtimeDepsService && this.ctx.serviceGetter) {
|
||||
this.runtimeDepsService = await this.ctx.serviceGetter.get("runtimeDepsService");
|
||||
}
|
||||
if (this.runtimeDepsService && this.ctx.define?.name) {
|
||||
await this.runtimeDepsService.ensureRuntimeDependencies({ pluginKeys: `dnsProvider:${this.ctx.define.name}`, logger: this.logger });
|
||||
}
|
||||
}
|
||||
|
||||
async parseDomain(fullDomain: string) {
|
||||
|
||||
@@ -0,0 +1,109 @@
|
||||
/// <reference types="mocha" />
|
||||
/// <reference types="node" />
|
||||
|
||||
import assert from "node:assert/strict";
|
||||
|
||||
import { CertReader } from "../src/cert/cert-reader.js";
|
||||
import type { CertInfo } from "../src/cert/cert-reader.js";
|
||||
|
||||
// @ts-ignore
|
||||
import forge from "node-forge";
|
||||
|
||||
/**
|
||||
* Generate a minimal self-signed X.509 cert + key in PEM format for testing.
|
||||
*/
|
||||
function createSelfSignedCert(commonName: string): { crt: string; key: string } {
|
||||
const keypair = forge.pki.rsa.generateKeyPair(2048);
|
||||
|
||||
const cert = forge.pki.createCertificate();
|
||||
cert.publicKey = keypair.publicKey;
|
||||
cert.serialNumber = "01";
|
||||
cert.validFrom = new Date("2025-01-01").toISOString();
|
||||
cert.validTo = new Date("2026-01-01").toISOString();
|
||||
|
||||
const attrs = [{ name: "commonName", value: commonName }];
|
||||
cert.setSubject(attrs);
|
||||
cert.setIssuer(attrs);
|
||||
cert.sign(keypair.privateKey, forge.md.sha256.create());
|
||||
|
||||
return {
|
||||
crt: forge.pki.certificateToPem(cert),
|
||||
key: forge.pki.privateKeyToPem(keypair.privateKey),
|
||||
};
|
||||
}
|
||||
|
||||
const testCert = createSelfSignedCert("example.com");
|
||||
const testCertIc = createSelfSignedCert("intermediate.ca");
|
||||
const mockCertInfo: CertInfo = {
|
||||
crt: testCert.crt + "\n" + testCertIc.crt,
|
||||
key: testCert.key,
|
||||
oc: testCert.crt,
|
||||
ic: testCertIc.crt,
|
||||
one: testCert.crt + "\n" + testCert.key,
|
||||
p7b: "PKCS7 test content",
|
||||
pfx: Buffer.from("fake-pfx-data").toString("base64"),
|
||||
der: Buffer.from("fake-der-data").toString("base64"),
|
||||
jks: Buffer.from("fake-jks-data").toString("base64"),
|
||||
};
|
||||
|
||||
describe("CertReader.buildZip", () => {
|
||||
it("returns a non-empty Buffer", async () => {
|
||||
const reader = new CertReader(mockCertInfo);
|
||||
const buf = await reader.buildZip();
|
||||
assert.ok(Buffer.isBuffer(buf));
|
||||
assert.ok(buf.length > 0);
|
||||
});
|
||||
|
||||
it("produces a valid zip containing expected files", async () => {
|
||||
const reader = new CertReader(mockCertInfo);
|
||||
const buf = await reader.buildZip();
|
||||
const { default: JSZip } = await import("jszip");
|
||||
const zip = await JSZip.loadAsync(buf);
|
||||
|
||||
assert.ok(zip.file("证书.pem"), "should contain 证书.pem");
|
||||
assert.ok(zip.file("私钥.pem"), "should contain 私钥.pem");
|
||||
assert.ok(zip.file("中间证书.pem"), "should contain 中间证书.pem");
|
||||
assert.ok(zip.file("cert.crt"), "should contain cert.crt");
|
||||
assert.ok(zip.file("cert.key"), "should contain cert.key");
|
||||
assert.ok(zip.file("intermediate.crt"), "should contain intermediate.crt");
|
||||
assert.ok(zip.file("origin.crt"), "should contain origin.crt");
|
||||
assert.ok(zip.file("one.pem"), "should contain one.pem");
|
||||
assert.ok(zip.file("cert.p7b"), "should contain cert.p7b");
|
||||
assert.ok(zip.file("cert.pfx"), "should contain cert.pfx");
|
||||
assert.ok(zip.file("cert.der"), "should contain cert.der");
|
||||
assert.ok(zip.file("cert.jks"), "should contain cert.jks");
|
||||
assert.ok(zip.file("说明.txt"), "should contain 说明.txt");
|
||||
|
||||
const pemContent = await zip.file("证书.pem").async("string");
|
||||
assert.ok(pemContent.includes("-----BEGIN CERTIFICATE-----"));
|
||||
|
||||
const pfx = await zip.file("cert.pfx").async("nodebuffer");
|
||||
assert.equal(pfx.toString(), "fake-pfx-data");
|
||||
});
|
||||
});
|
||||
|
||||
describe("CertReader.buildZipFilename", () => {
|
||||
it("includes the main domain and timestamp", () => {
|
||||
const reader = new CertReader(mockCertInfo);
|
||||
const name = reader.buildZipFilename("cert");
|
||||
assert.ok(name.startsWith("cert_example_com_"));
|
||||
assert.ok(name.endsWith(".zip"));
|
||||
const tsPart = name.replace("cert_example_com_", "").replace(".zip", "");
|
||||
assert.match(tsPart, /^\d{14}$/);
|
||||
});
|
||||
|
||||
it("uses the default prefix when not provided", () => {
|
||||
const reader = new CertReader(mockCertInfo);
|
||||
const name = reader.buildZipFilename();
|
||||
assert.ok(name.startsWith("cert_example_com_"));
|
||||
});
|
||||
|
||||
it("wildcard domain replaces asterisk", () => {
|
||||
const wildcardCert = createSelfSignedCert("*.example.com");
|
||||
const wcInfo: CertInfo = { crt: wildcardCert.crt, key: wildcardCert.key };
|
||||
const reader = new CertReader(wcInfo);
|
||||
const name = reader.buildZipFilename("cert");
|
||||
assert.ok(name.startsWith("cert___example_com_"), "asterisk should be replaced, got: " + name);
|
||||
assert.ok(!name.includes("*"));
|
||||
});
|
||||
});
|
||||
+45
-15
@@ -1,9 +1,15 @@
|
||||
# 根据目标平台选择基础镜像:amd64/arm64 用 trixie-slim,arm/v7 没有 trixie-slim 发布,回退到 alpine
|
||||
FROM --platform=linux/amd64 node:22-trixie-slim AS base-amd64
|
||||
FROM --platform=linux/arm64 node:22-trixie-slim AS base-arm64
|
||||
FROM --platform=linux/arm/v7 node:22-alpine AS base-arm-v7
|
||||
ARG base_type=alpine
|
||||
|
||||
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT} AS builder
|
||||
# 根据 base_type 参数选择基础镜像系列
|
||||
FROM --platform=linux/amd64 node:22-alpine AS base-amd64-alpine
|
||||
FROM --platform=linux/arm64 node:22-alpine AS base-arm64-alpine
|
||||
FROM --platform=linux/arm/v7 node:22-alpine AS base-arm-v7-alpine
|
||||
|
||||
FROM --platform=linux/amd64 node:22-trixie-slim AS base-amd64-slim
|
||||
FROM --platform=linux/arm64 node:22-trixie-slim AS base-arm64-slim
|
||||
FROM --platform=linux/arm/v7 node:22-alpine AS base-arm-v7-slim
|
||||
|
||||
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT}-${base_type} AS builder
|
||||
|
||||
WORKDIR /workspace/
|
||||
COPY . /workspace/
|
||||
@@ -12,36 +18,36 @@ COPY . /workspace/
|
||||
RUN npm install -g pnpm@10.33.4
|
||||
|
||||
RUN cp /workspace/certd-client/dist/* /workspace/certd-server/public/ -rf
|
||||
RUN cd /workspace/certd-server && pnpm install --production && npm run build-on-docker
|
||||
RUN cd /workspace/certd-server && pnpm install && npm run build-on-docker
|
||||
RUN rm -rf /workspace/certd-server/node_modules
|
||||
|
||||
ARG base_type=alpine
|
||||
|
||||
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT}
|
||||
# ------------------------------------------------------------------
|
||||
# 构建生产环境镜像
|
||||
# ------------------------------------------------------------------
|
||||
FROM base-${TARGETARCH}${TARGETVARIANT:+-}${TARGETVARIANT}-${base_type}
|
||||
EXPOSE 7001
|
||||
EXPOSE 7002
|
||||
|
||||
ARG base_type=alpine
|
||||
|
||||
# 根据基础镜像发行版选择包管理器
|
||||
# trixie-slim -> apt-get, alpine -> apk
|
||||
RUN if [ -f /etc/debian_version ]; then \
|
||||
apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
gnupg \
|
||||
wget \
|
||||
openssl \
|
||||
netcat-openbsd \
|
||||
iputils-ping \
|
||||
dnsutils \
|
||||
iproute2 \
|
||||
&& wget -O - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /usr/share/keyrings/adoptium.gpg > /dev/null \
|
||||
&& echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main" | tee /etc/apt/sources.list.d/adoptium.list \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y --no-install-recommends temurin-8-jre \
|
||||
&& apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/*; \
|
||||
elif [ -f /etc/alpine-release ]; then \
|
||||
apk add --no-cache \
|
||||
openssl \
|
||||
openjdk8-jre; \
|
||||
apk add --no-cache openssl wget ca-certificates; \
|
||||
else \
|
||||
echo "Unsupported base image"; exit 1; \
|
||||
fi
|
||||
@@ -52,6 +58,9 @@ ENV TERM=xterm
|
||||
ENV LEGO_VERSION=4.30.1
|
||||
ENV LEGO_DOWNLOAD_DIR=/app/tools/lego
|
||||
|
||||
ENV JKS_GO_VERSION=1.0.3
|
||||
ENV JKS_GO_DOWNLOAD_DIR=/app/tools/jks-go
|
||||
|
||||
ENV ALIYUN_CLIENT_CONNECT_TIMEOUT=10000
|
||||
ENV ALIYUN_CLIENT_READ_TIMEOUT=20000
|
||||
|
||||
@@ -68,6 +77,26 @@ RUN ARCH=$(uname -m) && \
|
||||
echo "Unsupported architecture: $ARCH"; \
|
||||
fi
|
||||
|
||||
RUN mkdir -p $JKS_GO_DOWNLOAD_DIR
|
||||
|
||||
# 根据架构下载jks-go
|
||||
RUN ARCH=$(uname -m) && \
|
||||
if [ "$ARCH" = "x86_64" ]; then \
|
||||
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_amd64 && \
|
||||
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 && \
|
||||
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_amd64 /usr/local/bin/jks-go; \
|
||||
elif [ "$ARCH" = "aarch64" ]; then \
|
||||
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_arm64 && \
|
||||
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 && \
|
||||
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm64 /usr/local/bin/jks-go; \
|
||||
elif [ "$ARCH" = "armv7l" ]; then \
|
||||
wget -O $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 https://github.com/certd/jks-go/releases/download/v${JKS_GO_VERSION}/jks-go_linux_arm_armv7 && \
|
||||
chmod +x $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 && \
|
||||
ln -s $JKS_GO_DOWNLOAD_DIR/jks-go_linux_arm_armv7 /usr/local/bin/jks-go; \
|
||||
else \
|
||||
echo "Unsupported architecture: $ARCH"; \
|
||||
fi
|
||||
|
||||
ENV TZ=Asia/Shanghai
|
||||
ENV NODE_ENV=production
|
||||
ENV MIDWAY_SERVER_ENV=production
|
||||
@@ -76,5 +105,6 @@ RUN npm install -g pnpm@10.33.4
|
||||
|
||||
|
||||
COPY --from=builder /workspace/certd-server/ /app/
|
||||
RUN pnpm install --production
|
||||
COPY ./patch/ssh2/*.js /app/node_modules/.pnpm/node_modules/ssh2/lib/protocol/
|
||||
CMD ["node", "--optimize-for-size", "./bootstrap.js"]
|
||||
|
||||
@@ -3,6 +3,45 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复上传到cos报runtimeDepsService未初始化的问题 ([167b303](https://github.com/certd/certd/commit/167b303faeca02cc11cf97e4be2a3df914852167))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
**Note:** Version bump only for package @certd/ui-client
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
**Note:** Version bump only for package @certd/ui-client
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **login:** 修复输入法 composing 状态下回车触发提交的问题 ([b74db81](https://github.com/certd/certd/commit/b74db81304bbe68476bbec5ea4307a2264060e92))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
|
||||
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
|
||||
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
|
||||
* **plugin:** 在线插件编辑支持配置第三方依赖和插件依赖 ([635f069](https://github.com/certd/certd/commit/635f069012d4193cfb7cb051c96e28eec1247ca2))
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "@certd/ui-client",
|
||||
"version": "1.41.4",
|
||||
"version": "1.42.5",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
"dev": "vite --open",
|
||||
@@ -59,7 +59,6 @@
|
||||
"class-variance-authority": "^0.7.1",
|
||||
"clsx": "^2.1.1",
|
||||
"core-js": "^3.36.0",
|
||||
"cos-js-sdk-v5": "^1.7.0",
|
||||
"cron-parser": "^4.9.0",
|
||||
"cropperjs": "^1.6.1",
|
||||
"cssnano": "^7.0.6",
|
||||
@@ -105,8 +104,8 @@
|
||||
"zod-defaults": "^0.1.3"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@certd/lib-iframe": "^1.41.4",
|
||||
"@certd/pipeline": "^1.41.4",
|
||||
"@certd/lib-iframe": "^1.42.5",
|
||||
"@certd/pipeline": "^1.42.5",
|
||||
"@rollup/plugin-commonjs": "^25.0.7",
|
||||
"@rollup/plugin-node-resolve": "^15.2.3",
|
||||
"@types/chai": "^4.3.12",
|
||||
|
||||
@@ -26,9 +26,10 @@ export default {
|
||||
store: "Store",
|
||||
version: "Version",
|
||||
pluginDependencies: "Plugin Dependencies",
|
||||
pluginDependenciesHelper: "Format: [author/]pluginName[:version]. Required plugins must be installed first",
|
||||
pluginDependenciesHelper:
|
||||
"Format: pluginType:pluginName, use * for version\nSupported: plugin:name, access:name, notification:name, dnsProvider:name, addon:subtype:name\nExample: access:AliyunAccess, plugin:DeployToAliyunCDN",
|
||||
thirdPartyDependencies: "Third-party Dependencies",
|
||||
thirdPartyDependenciesHelper: "Format: npmPackageName: version. Auto-installed at runtime",
|
||||
thirdPartyDependenciesHelper: "Format: npmPackageName: version. Auto-installed at runtime\nExample: aliyun-sdk: ^1.0.0",
|
||||
editableRunStrategy: "Editable Run Strategy",
|
||||
editable: "Editable",
|
||||
notEditable: "Not Editable",
|
||||
|
||||
@@ -70,7 +70,7 @@ export default {
|
||||
confirmToggleStatus: "确定要{action}吗?",
|
||||
batchDelete: "批量删除",
|
||||
sourcee: "来源",
|
||||
clickToToggle: "点击切换启用/禁用",
|
||||
clickToToggle: "点击启用/禁用",
|
||||
nickName: "昵称",
|
||||
avatar: "头像",
|
||||
expires: "过期",
|
||||
|
||||
@@ -26,9 +26,9 @@ export default {
|
||||
store: "市场",
|
||||
version: "版本",
|
||||
pluginDependencies: "插件依赖",
|
||||
pluginDependenciesHelper: "格式: [作者/]插件名[:版本],需先安装依赖插件",
|
||||
pluginDependenciesHelper: "格式: 插件类型:插件名,版本号填 *\n支持: plugin:name、access:name、notification:name、dnsProvider:name、addon:subtype:name\n示例: access:AliyunAccess, plugin:DeployToAliyunCDN",
|
||||
thirdPartyDependencies: "第三方依赖",
|
||||
thirdPartyDependenciesHelper: "格式: npm包名: 版本号,运行时自动安装",
|
||||
thirdPartyDependenciesHelper: "格式: npm包名: 版本号,运行时自动安装\n示例: aliyun-sdk: ^1.0.0",
|
||||
editableRunStrategy: "可编辑运行策略",
|
||||
editable: "可编辑",
|
||||
notEditable: "不可编辑",
|
||||
|
||||
@@ -31,6 +31,13 @@ export function useFormDialog() {
|
||||
crudOptions: {
|
||||
columns: req.columns,
|
||||
form: {
|
||||
labelCol: {
|
||||
// @ts-ignore
|
||||
span: null,
|
||||
style: {
|
||||
width: "100px",
|
||||
},
|
||||
},
|
||||
initialForm: req.initialForm,
|
||||
wrapper: warpper,
|
||||
async afterSubmit() {},
|
||||
@@ -44,7 +51,7 @@ export function useFormDialog() {
|
||||
};
|
||||
}
|
||||
const { crudOptions } = createCrudOptions();
|
||||
await openCrudFormDialog({ crudOptions });
|
||||
return await openCrudFormDialog({ crudOptions });
|
||||
}
|
||||
return {
|
||||
openFormDialog,
|
||||
|
||||
@@ -73,6 +73,14 @@ async function handleSubmit() {
|
||||
}
|
||||
}
|
||||
|
||||
function handleKeydownEnter(e: KeyboardEvent) {
|
||||
if (e.isComposing) {
|
||||
return;
|
||||
}
|
||||
e.preventDefault();
|
||||
handleSubmit();
|
||||
}
|
||||
|
||||
function handleGo(path: string) {
|
||||
router.push(path);
|
||||
}
|
||||
@@ -89,7 +97,7 @@ defineExpose({
|
||||
</script>
|
||||
|
||||
<template>
|
||||
<div @keydown.enter.prevent="handleSubmit">
|
||||
<div @keydown.enter="handleKeydownEnter">
|
||||
<slot name="title">
|
||||
<Title>
|
||||
<slot name="title">
|
||||
|
||||
@@ -16,8 +16,8 @@
|
||||
</div>
|
||||
</template>
|
||||
|
||||
<script>
|
||||
import { defineComponent, reactive, ref, watch, inject } from "vue";
|
||||
<script lang="ts">
|
||||
import { defineComponent, reactive, ref, watch, inject, onMounted } from "vue";
|
||||
import CertAccessModal from "./access/index.vue";
|
||||
import { createAccessApi } from "../api";
|
||||
import { message } from "ant-design-vue";
|
||||
@@ -55,6 +55,10 @@ export default defineComponent({
|
||||
type: Boolean,
|
||||
default: false,
|
||||
},
|
||||
defaultSelect: {
|
||||
type: Boolean,
|
||||
default: false,
|
||||
},
|
||||
},
|
||||
emits: ["update:modelValue", "change", "selectedChange"],
|
||||
setup(props, ctx) {
|
||||
@@ -158,12 +162,43 @@ export default defineComponent({
|
||||
},
|
||||
});
|
||||
|
||||
async function selectFirst(clearCurrent = false) {
|
||||
if (!clearCurrent && props.modelValue) {
|
||||
return;
|
||||
}
|
||||
const searchForm = projectStore.getSearchForm();
|
||||
const query: any = {
|
||||
query: {
|
||||
type: props.type,
|
||||
...searchForm,
|
||||
},
|
||||
page: { page: 1, pageSize: 1 },
|
||||
sort: { prop: "id", order: "ascending" },
|
||||
};
|
||||
if (props.subtype) {
|
||||
query.query.subtype = props.subtype;
|
||||
}
|
||||
const res = await api.GetList(query);
|
||||
const records = res?.records || [];
|
||||
if (records.length > 0) {
|
||||
await emitValue(records[0].id);
|
||||
}
|
||||
}
|
||||
|
||||
onMounted(async () => {
|
||||
if (!props.defaultSelect) {
|
||||
return;
|
||||
}
|
||||
await selectFirst();
|
||||
});
|
||||
|
||||
return {
|
||||
clear,
|
||||
target,
|
||||
selectedId,
|
||||
providerDefine,
|
||||
chooseForm,
|
||||
selectFirst,
|
||||
};
|
||||
},
|
||||
});
|
||||
|
||||
@@ -18,6 +18,10 @@ defineProps<{
|
||||
showButton: boolean;
|
||||
}>();
|
||||
|
||||
const emit = defineEmits<{
|
||||
(e: "close"): void;
|
||||
}>();
|
||||
|
||||
let passwordFormRef = ref();
|
||||
|
||||
type OpenOptions = {
|
||||
@@ -68,8 +72,8 @@ const passwordFormOptions: CrudOptions = {
|
||||
},
|
||||
async afterSubmit() {
|
||||
const formData = passwordFormRef.value?.getFormData?.();
|
||||
const message = formData?.init ? t("authentication.initPasswordSuccessMessage") : t("authentication.successMessage");
|
||||
notification.success({ message });
|
||||
const msg = formData?.init ? t("authentication.initPasswordSuccessMessage") : t("authentication.successMessage");
|
||||
notification.success({ message: msg });
|
||||
},
|
||||
},
|
||||
columns: {
|
||||
@@ -84,6 +88,7 @@ const passwordFormOptions: CrudOptions = {
|
||||
title: t("authentication.oldPassword"),
|
||||
type: "password",
|
||||
form: {
|
||||
//@ts-ignore
|
||||
show: compute(({ form }) => form.init !== true),
|
||||
rules: [{ required: true, message: t("authentication.oldPasswordRequired") }],
|
||||
},
|
||||
@@ -118,16 +123,18 @@ const passwordFormOptions: CrudOptions = {
|
||||
|
||||
async function open(opts: OpenOptions = {}) {
|
||||
const formOptions = buildFormOptions(passwordFormOptions);
|
||||
formOptions.newInstance = true; //新实例打开
|
||||
formOptions.newInstance = true;
|
||||
if (opts.init) {
|
||||
formOptions.wrapper.title = t("authentication.initPasswordTitle");
|
||||
}
|
||||
formOptions.wrapper.onClosed = () => {
|
||||
emit("close");
|
||||
};
|
||||
passwordFormRef.value = await openDialog(formOptions);
|
||||
passwordFormRef.value.setFormData({
|
||||
init: opts.init === true,
|
||||
password: opts.password || "",
|
||||
});
|
||||
console.log(passwordFormRef.value);
|
||||
}
|
||||
|
||||
const scope = ref({
|
||||
|
||||
@@ -107,6 +107,10 @@
|
||||
<div class="passkey-info">
|
||||
<div class="passkey-name">{{ passkey.deviceName }}</div>
|
||||
<div class="passkey-meta flex items-center">
|
||||
<span class="meta-item flex items-center">
|
||||
<fs-icon icon="ion:globe-outline" class="meta-icon" />
|
||||
{{ passkey.rpId || "-" }}
|
||||
</span>
|
||||
<span class="meta-item flex items-center">
|
||||
<fs-icon icon="ion:calendar-outline" class="meta-icon" />
|
||||
{{ formatDate(passkey.registeredAt) }}
|
||||
@@ -454,6 +458,8 @@ onMounted(async () => {
|
||||
}
|
||||
|
||||
.card-header {
|
||||
background: linear-gradient(145deg, #1e1e1e, #252525);
|
||||
|
||||
.header-bg-gradient {
|
||||
background: rgba(255, 255, 255, 0.04);
|
||||
opacity: 1;
|
||||
@@ -472,6 +478,7 @@ onMounted(async () => {
|
||||
|
||||
.detail-tag {
|
||||
background: #3b3b3b;
|
||||
border-color: rgba(255, 255, 255, 0.12);
|
||||
color: #e5e5e5;
|
||||
|
||||
.tag-icon {
|
||||
@@ -480,6 +487,23 @@ onMounted(async () => {
|
||||
}
|
||||
}
|
||||
|
||||
.card-title {
|
||||
border-bottom-color: rgba(255, 255, 255, 0.1);
|
||||
}
|
||||
|
||||
.binding-icon {
|
||||
background: linear-gradient(135deg, rgba(102, 126, 234, 0.22) 0%, rgba(160, 120, 234, 0.22) 100%);
|
||||
}
|
||||
|
||||
.passkey-icon {
|
||||
background: linear-gradient(135deg, rgba(17, 153, 142, 0.22) 0%, rgba(56, 239, 125, 0.22) 100%);
|
||||
}
|
||||
|
||||
.binding-icon .icon,
|
||||
.passkey-icon .icon {
|
||||
color: rgba(255, 255, 255, 0.7);
|
||||
}
|
||||
|
||||
.bindings-list {
|
||||
.binding-item {
|
||||
background: #2d2d2d;
|
||||
|
||||
@@ -138,10 +138,6 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
|
||||
type: "link",
|
||||
icon: "ant-design:download-outlined",
|
||||
async click({ row }) {
|
||||
if (!row.certFile) {
|
||||
notification.error({ message: t("certd.certificateNotGenerated") });
|
||||
return;
|
||||
}
|
||||
let url = "/api/monitor/cert/download?id=" + row.id;
|
||||
if (projectStore.isEnterprise) {
|
||||
url += `&projectId=${projectStore.currentProject?.id}`;
|
||||
|
||||
@@ -207,7 +207,7 @@ export function useCertUpload() {
|
||||
const { id } = await api.Save({
|
||||
title: pipeline.title,
|
||||
content: JSON.stringify(pipeline),
|
||||
keepHistoryCount: 30,
|
||||
keepHistoryCount: 100,
|
||||
type: "cert_upload",
|
||||
groupId: form.groupId,
|
||||
});
|
||||
|
||||
@@ -605,7 +605,7 @@ export function useCertPipelineCreator({ formWrapperRef }: { formWrapperRef: Ref
|
||||
const { id } = await api.Save({
|
||||
title: pipeline.title,
|
||||
content: JSON.stringify(pipeline),
|
||||
keepHistoryCount: 30,
|
||||
keepHistoryCount: 100,
|
||||
type: "cert",
|
||||
groupId,
|
||||
addToMonitorEnabled: form.addToMonitorEnabled,
|
||||
|
||||
@@ -160,7 +160,7 @@ export async function createPipelineByTemplate(opts: { templateId: number; title
|
||||
return await templateApi.CreatePipelineByTemplate({
|
||||
title,
|
||||
content: JSON.stringify(pipeline),
|
||||
keepHistoryCount: keepHistoryCount ?? 30,
|
||||
keepHistoryCount: keepHistoryCount ?? 100,
|
||||
groupId,
|
||||
templateId,
|
||||
});
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
import * as api from "/@/views/certd/pipeline/api";
|
||||
import { notification } from "ant-design-vue";
|
||||
import CertView from "/@/views/certd/pipeline/cert-view.vue";
|
||||
import { env } from "/@/utils/util.env";
|
||||
import { useModal } from "/@/use/use-modal";
|
||||
import { useProjectStore } from "/@/store/project";
|
||||
import { useUserStore } from "/@/store/user";
|
||||
import * as api from "/@/views/certd/pipeline/api";
|
||||
|
||||
export function useCertViewer() {
|
||||
const projectStore = useProjectStore();
|
||||
@@ -29,42 +29,12 @@ export function useCertViewer() {
|
||||
};
|
||||
|
||||
const downloadCert = async (id: any) => {
|
||||
const files = await api.GetFiles(id);
|
||||
model.success({
|
||||
title: "点击链接下载",
|
||||
maskClosable: true,
|
||||
okText: "关闭",
|
||||
content: () => {
|
||||
const children = [];
|
||||
for (const file of files) {
|
||||
let downloadUrl = `${env.API}/pi/history/download?pipelineId=${id}&fileId=${file.id}`;
|
||||
if (projectStore.isEnterprise) {
|
||||
downloadUrl += `&projectId=${projectStore.currentProject?.id}`;
|
||||
}
|
||||
downloadUrl += `&token=${userStore.getToken}`;
|
||||
children.push(
|
||||
<div>
|
||||
<div class={"flex-o m-5"}>
|
||||
<fs-icon icon={"ant-design:cloud-download-outlined"} class={"mr-5 fs-16"}></fs-icon>
|
||||
<a href={downloadUrl} target={"_blank"}>
|
||||
{file.filename}
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
if (children.length === 0) {
|
||||
return <div>暂无文件下载</div>;
|
||||
}
|
||||
|
||||
return (
|
||||
<div class={"mt-3"}>
|
||||
<div> {children}</div>
|
||||
</div>
|
||||
);
|
||||
},
|
||||
});
|
||||
let downloadUrl = `${env.API}/pi/cert/downloadZip?id=${id}`;
|
||||
if (projectStore.isEnterprise) {
|
||||
downloadUrl += `&projectId=${projectStore.currentProject?.id}`;
|
||||
}
|
||||
downloadUrl += `&token=${userStore.getToken}`;
|
||||
window.open(downloadUrl);
|
||||
};
|
||||
return {
|
||||
viewCert,
|
||||
|
||||
@@ -2,22 +2,116 @@
|
||||
<fs-page class="home—index bg-neutral-100 dark:bg-black">
|
||||
<!-- <page-content />-->
|
||||
<dashboard-user />
|
||||
<change-password-button ref="changePasswordButtonRef" :show-button="false"></change-password-button>
|
||||
<change-password-button ref="changePasswordButtonRef" :show-button="false" @close="checkAndSetupAccount"></change-password-button>
|
||||
</fs-page>
|
||||
</template>
|
||||
|
||||
<script lang="ts" setup>
|
||||
<script lang="tsx" setup>
|
||||
import DashboardUser from "./dashboard/index.vue";
|
||||
import { useUserStore } from "/@/store/user";
|
||||
import ChangePasswordButton from "/@/views/certd/mine/change-password-button.vue";
|
||||
import { onMounted, ref } from "vue";
|
||||
import { Modal } from "ant-design-vue";
|
||||
import { Modal, notification } from "ant-design-vue";
|
||||
import { useI18n } from "/src/locales";
|
||||
import { request } from "/@/api/service";
|
||||
import { useFormDialog } from "/@/use/use-dialog";
|
||||
import { useSettingStore } from "/@/store/settings/index.jsx";
|
||||
|
||||
const { t } = useI18n();
|
||||
const { openFormDialog } = useFormDialog();
|
||||
|
||||
const userStore = useUserStore();
|
||||
const settingStore = useSettingStore();
|
||||
|
||||
const changePasswordButtonRef = ref();
|
||||
const emailFormWrapperRef = ref<any>();
|
||||
|
||||
const validateEmailConfirm = async (_rule: any, value: string) => {
|
||||
if (!value) {
|
||||
return;
|
||||
}
|
||||
const formData = emailFormWrapperRef.value?.getFormData?.();
|
||||
if (formData && value !== formData.email) {
|
||||
throw new Error("两次输入的邮箱地址不一致");
|
||||
}
|
||||
};
|
||||
|
||||
async function checkAndSetupAccount() {
|
||||
if (settingStore.isEnterprise) {
|
||||
return;
|
||||
}
|
||||
try {
|
||||
const userInfo = userStore.getUserInfo as any;
|
||||
if (!userInfo.needInitAccount) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (userInfo.email) {
|
||||
await request({
|
||||
url: "/mine/accountInit",
|
||||
method: "post",
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
emailFormWrapperRef.value = await openFormDialog({
|
||||
title: "绑定邮箱",
|
||||
wrapper: {
|
||||
width: 560,
|
||||
},
|
||||
initialForm: { email: "", emailConfirm: "" },
|
||||
async onSubmit(form: any) {
|
||||
await request({
|
||||
url: "/mine/accountInit",
|
||||
method: "post",
|
||||
data: { email: form.email },
|
||||
});
|
||||
notification.success({
|
||||
message: "邮箱绑定成功",
|
||||
});
|
||||
},
|
||||
body: () => {
|
||||
return <a-alert class="mb-4" message="为保证用户体验,请先绑定邮箱,初始化您的账号" type="success" show-icon></a-alert>;
|
||||
},
|
||||
columns: {
|
||||
email: {
|
||||
title: "邮箱",
|
||||
type: "text",
|
||||
form: {
|
||||
col: { span: 24 },
|
||||
component: {
|
||||
placeholder: "请输入邮箱地址",
|
||||
},
|
||||
helper: "请输入您的邮箱",
|
||||
rules: [
|
||||
{ required: true, message: "请输入邮箱地址" },
|
||||
{ type: "email", message: "请输入有效的邮箱地址" },
|
||||
],
|
||||
},
|
||||
},
|
||||
emailConfirm: {
|
||||
title: "确认邮箱",
|
||||
type: "text",
|
||||
form: {
|
||||
col: { span: 24 },
|
||||
component: {
|
||||
placeholder: "请再次输入邮箱地址",
|
||||
},
|
||||
helper: "请再次输入邮箱,以确认邮箱地址无误",
|
||||
rules: [
|
||||
{ required: true, message: "请再次输入邮箱地址" },
|
||||
{ type: "email", message: "请输入有效的邮箱地址" },
|
||||
{ validator: validateEmailConfirm, trigger: "blur" },
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
});
|
||||
} catch (e) {
|
||||
console.error("AcmeAccount setup failed:", e);
|
||||
}
|
||||
}
|
||||
|
||||
onMounted(() => {
|
||||
if (userStore.getUserInfo.isWeak === true) {
|
||||
Modal.info({
|
||||
@@ -30,6 +124,9 @@ onMounted(() => {
|
||||
},
|
||||
okText: t("authentication.changeNow"),
|
||||
});
|
||||
} else {
|
||||
//两个弹框不要同时出现
|
||||
checkAndSetupAccount();
|
||||
}
|
||||
});
|
||||
</script>
|
||||
|
||||
@@ -450,7 +450,7 @@ export default function ({ crudExpose, context }: CreateCrudOptionsProps): Creat
|
||||
},
|
||||
},
|
||||
disabled: {
|
||||
title: t("certd.enableDisable"),
|
||||
title: t("certd.clickToToggle"),
|
||||
type: "dict-switch",
|
||||
dict: dict({
|
||||
data: [
|
||||
|
||||
@@ -1,2 +1,3 @@
|
||||
LEGO_VERSION=4.30.1
|
||||
JKS_GO_VERSION=1.0.3
|
||||
certd_plugin_loadmode=dev
|
||||
@@ -1,24 +0,0 @@
|
||||
{
|
||||
"parser": "@typescript-eslint/parser",
|
||||
"plugins": [
|
||||
"@typescript-eslint"
|
||||
],
|
||||
"ignorePatterns": ["dist"],
|
||||
"extends": [
|
||||
"plugin:@typescript-eslint/recommended",
|
||||
"plugin:prettier/recommended",
|
||||
"prettier"
|
||||
],
|
||||
"env": {
|
||||
"mocha": true
|
||||
},
|
||||
"rules": {
|
||||
"@typescript-eslint/no-var-requires": "off",
|
||||
"@typescript-eslint/ban-ts-comment": "off",
|
||||
"@typescript-eslint/ban-ts-ignore": "off",
|
||||
"@typescript-eslint/no-explicit-any": "off",
|
||||
"@typescript-eslint/no-empty-function": "off",
|
||||
"@typescript-eslint/no-unused-vars": "off",
|
||||
"@typescript-eslint/no-this-alias": "off"
|
||||
}
|
||||
}
|
||||
@@ -20,6 +20,7 @@ run/
|
||||
|
||||
.env.pgpl.yaml
|
||||
tools/lego/*
|
||||
tools/jks-go
|
||||
!tools/lego/readme.md
|
||||
test.mjs
|
||||
isolate-*.log
|
||||
|
||||
@@ -3,6 +3,76 @@
|
||||
All notable changes to this project will be documented in this file.
|
||||
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
||||
|
||||
## [1.42.5](https://github.com/certd/certd/compare/v1.42.4...v1.42.5) (2026-07-15)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复上传到cos报runtimeDepsService未初始化的问题 ([167b303](https://github.com/certd/certd/commit/167b303faeca02cc11cf97e4be2a3df914852167))
|
||||
* 修复dingtalk通知格式没有换行的bug ([7ed1be9](https://github.com/certd/certd/commit/7ed1be994f8b4b74cdeb38743060c912c027248b))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 优化vke keubconfig获取方式,改成先查询,如果没有再创建临时config ([604fa5b](https://github.com/certd/certd/commit/604fa5be634d099d797bfee5c2b0f26ce0ac8461))
|
||||
|
||||
## [1.42.4](https://github.com/certd/certd/compare/v1.42.3...v1.42.4) (2026-07-11)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复火山引擎查不到自定义源站域名的问题 ([02dabe1](https://github.com/certd/certd/commit/02dabe11db3e9b13ca4621ce9ddd2b808bfca390))
|
||||
* 修复火山引擎自定义源站域名查询不到的问题 ([e44bf9d](https://github.com/certd/certd/commit/e44bf9d77375d48ac7fd1582e69fae02dfd248fa))
|
||||
* **pipeline:** 重构运行时依赖加载逻辑,修复火山引擎DNS解析报runtimeDepsService未初始化的bug ([ec69b8f](https://github.com/certd/certd/commit/ec69b8f11bfd4b20991aef74a72a47182ca79a9d))
|
||||
|
||||
## [1.42.3](https://github.com/certd/certd/compare/v1.42.2...v1.42.3) (2026-07-08)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **volcengine-alb:** 修复火山引擎ALB 默认证书部署类型会部署到扩展证书的问题 ([0a068a2](https://github.com/certd/certd/commit/0a068a274673e9768954e9f7367c267d44f3b530))
|
||||
|
||||
## [1.42.2](https://github.com/certd/certd/compare/v1.42.1...v1.42.2) (2026-07-07)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复火山视频点播源站选择不到自定义源站的bug ([0071bcb](https://github.com/certd/certd/commit/0071bcb0e4dd108c86d7ca01820a9f6e6960e440))
|
||||
* 修复企业模式下弹出邮箱绑定提醒的问题 ([8d9dad9](https://github.com/certd/certd/commit/8d9dad9c82f6f2fd3ab3040068946a33f37145b1))
|
||||
* 修复AsiaIsp CDN证书重复情况下部署失败的问题 ([c3d6db3](https://github.com/certd/certd/commit/c3d6db3f1ef2f1c897b7989521fe8809dffaded1))
|
||||
* 修复cname用阿里云校验时报找不到runtimeDepsService的错误 ([072edd7](https://github.com/certd/certd/commit/072edd7affee424ab3411f4d41d338f084d7cac6))
|
||||
|
||||
## [1.42.1](https://github.com/certd/certd/compare/v1.42.0...v1.42.1) (2026-07-06)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复多域名无法使用passkey登录的bug ([d176f9c](https://github.com/certd/certd/commit/d176f9cc0ebd051a614bfac74d1616d1945fc9a3))
|
||||
* 修复企业模式下登录报projectId不能为空的问题 ([a65366b](https://github.com/certd/certd/commit/a65366bbe1aadea8baaffbdadab58a5b631d9417))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* **certd-server:** 使用 jks-go转换jks证书,大幅精简镜像大小 ([c78898e](https://github.com/certd/certd/commit/c78898e4c10dd1701467d2e42e3f72bd8f2a352f))
|
||||
* **pipeline:** 将默认历史保留条数从30调整为100 ([d3e4677](https://github.com/certd/certd/commit/d3e4677ea4fac8e7533749d7f4187e410489e536))
|
||||
|
||||
# [1.42.0](https://github.com/certd/certd/compare/v1.41.4...v1.42.0) (2026-07-05)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* 修复telegram - 符号转义问题 ([d5882f1](https://github.com/certd/certd/commit/d5882f16bedb09baf09ace92049b02872620f5dc))
|
||||
* **aliyun:** 修复阿里云CDN/DCDN根据证书自动匹配不到证书的bug ([1ae185d](https://github.com/certd/certd/commit/1ae185d0bc356f4678bc38ca0582ce3396f82ebe))
|
||||
|
||||
### Features
|
||||
|
||||
* 通过插件配置懒加载依赖,动态加载第三方依赖包,精简安装镜像大小 ([01568ca](https://github.com/certd/certd/commit/01568ca1489069046b5a89ebdd4ced2f7f6ddf93))
|
||||
|
||||
### Performance Improvements
|
||||
|
||||
* 阿里云ESA证书部署支持SaaS模式 ([82276b5](https://github.com/certd/certd/commit/82276b53a8474a18a3d0237050907c994fc748f0))
|
||||
* 【破坏性更新】 证书压缩包不再生成文件存储,而是实时打包下载,证书申请插件不再输出certZip ([7cff1a9](https://github.com/certd/certd/commit/7cff1a98424120585205889874b3ef4956a30583))
|
||||
* 火山引擎点播插件支持部署到自定义源站域名 ([095791c](https://github.com/certd/certd/commit/095791cdc2b7c1f4b913b634643afec5e30fe9b0))
|
||||
* 新增橙域网络(asia-isp) CDN证书部署插件 ([b48831e](https://github.com/certd/certd/commit/b48831e60b0059bef7ef9a34ab61c9dd2f684641))
|
||||
* 优化阿里云API网关增加翻页查询 ([ed58ae3](https://github.com/certd/certd/commit/ed58ae3c5339e4a0238a92acfe7ea6d2f566ea28))
|
||||
* 优化用户体验,首次访问时弹出邮箱账号绑定用以初始化账号 ([608cc2a](https://github.com/certd/certd/commit/608cc2a81ff0b4872c9fe11ed9c9c0b4b90a12a3))
|
||||
* 优化ACME账号字段的选择提示 ([bfd3cac](https://github.com/certd/certd/commit/bfd3cacc687fc5cbc3cb2ca3cadbc140de300dc2))
|
||||
* 支持全自动匹配部署宝塔网站证书 ([4dff48e](https://github.com/certd/certd/commit/4dff48e807c32a7623ec9206cf39c88e88f89f6a))
|
||||
* **cert-plugin:** 调整更新天数自动减半逻辑,仅7天ip证书生效,其他情况下不减半 ([56e5524](https://github.com/certd/certd/commit/56e5524a0f4af3645d70bc3b3ec750b45ba8de10))
|
||||
* **passkey:** passkey支持多域名rpid ([79f6586](https://github.com/certd/certd/commit/79f65868ca0f5162bbc2f935ce89abc28011d816))
|
||||
|
||||
## [1.41.4](https://github.com/certd/certd/compare/v1.41.3...v1.41.4) (2026-06-14)
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
|
||||
ALTER TABLE `sys_passkey` ADD COLUMN `rp_id` varchar(256) NULL;
|
||||
|
||||
DROP INDEX `index_passkey_passkey_id` ON `sys_passkey`;
|
||||
|
||||
ALTER TABLE `sys_passkey` ADD UNIQUE INDEX `index_passkey_passkey_id` (`passkey_id`);
|
||||
@@ -0,0 +1,6 @@
|
||||
|
||||
ALTER TABLE "sys_passkey" ADD COLUMN "rp_id" varchar(256) NULL;
|
||||
|
||||
DROP INDEX "index_passkey_passkey_id";
|
||||
|
||||
CREATE UNIQUE INDEX "index_passkey_passkey_id" ON "sys_passkey" ("passkey_id");
|
||||
@@ -0,0 +1,6 @@
|
||||
|
||||
ALTER TABLE "sys_passkey" ADD COLUMN "rp_id" varchar(256) NULL;
|
||||
|
||||
DROP INDEX "index_passkey_passkey_id";
|
||||
|
||||
CREATE UNIQUE INDEX "index_passkey_passkey_id" ON "sys_passkey" ("passkey_id");
|
||||
@@ -74,7 +74,7 @@ input:
|
||||
credentials链接,然后点击编辑按钮,查看Secret key和HMAC key
|
||||
|
||||
litessl:[litesslEAB页面](https://freessl.cn/automation/eab-manager),然后点击新增EAB
|
||||
required: false
|
||||
required: true
|
||||
encrypt: true
|
||||
mergeScript: |2-
|
||||
|
||||
@@ -92,7 +92,7 @@ input:
|
||||
title: EAB HMAC Key
|
||||
component:
|
||||
placeholder: 需要EAB的颁发机构生成账号时填写
|
||||
required: false
|
||||
required: true
|
||||
encrypt: true
|
||||
mergeScript: |2-
|
||||
|
||||
@@ -107,7 +107,7 @@ input:
|
||||
}
|
||||
|
||||
account:
|
||||
title: ACME账号信息
|
||||
title: 生成ACME账号
|
||||
component:
|
||||
name: refresh-input
|
||||
action: GenerateAccount
|
||||
@@ -118,7 +118,7 @@ input:
|
||||
col:
|
||||
span: 24
|
||||
required: true
|
||||
helper: 请生成ACME账号,账号一旦生成不允许修改
|
||||
helper: 请点击右边按钮生成ACME账号,账号一旦生成不允许修改
|
||||
encrypt: true
|
||||
mergeScript: |2-
|
||||
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
name: asiaisp
|
||||
title: 橙域网络(asia-isp)授权
|
||||
desc: 橙域网络CDN API授权,用于部署证书到橙域CDN
|
||||
icon: clarity:plugin-line
|
||||
input:
|
||||
accessKeyId:
|
||||
title: AccessKeyId
|
||||
component:
|
||||
placeholder: 请输入 AccessKeyId
|
||||
required: true
|
||||
accessKeySecret:
|
||||
title: AccessKeySecret
|
||||
component:
|
||||
placeholder: 请输入 AccessKeySecret
|
||||
required: true
|
||||
encrypt: true
|
||||
testRequest:
|
||||
title: 测试连接
|
||||
component:
|
||||
name: api-test
|
||||
action: TestRequest
|
||||
helper: 点击测试接口是否正常
|
||||
pluginType: access
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-asiaisp/access.js
|
||||
@@ -2,6 +2,8 @@ name: tencent
|
||||
title: 腾讯云
|
||||
icon: svg:icon-tencentcloud
|
||||
order: 0
|
||||
dependPackages:
|
||||
tencentcloud-sdk-nodejs: ^4.1.112
|
||||
input:
|
||||
secretId:
|
||||
title: secretId
|
||||
|
||||
@@ -3,6 +3,8 @@ name: tencent
|
||||
title: 腾讯云验证码
|
||||
desc: ''
|
||||
showTest: false
|
||||
dependPackages:
|
||||
tencentcloud-sdk-nodejs: ^4.1.112
|
||||
input:
|
||||
accessId:
|
||||
title: 腾讯云授权
|
||||
|
||||
@@ -6,7 +6,7 @@ name: AliyunDeployCertToESA
|
||||
title: 阿里云-部署至ESA
|
||||
icon: svg:icon-aliyun
|
||||
group: aliyun
|
||||
desc: 部署证书到阿里云ESA(边缘安全加速),自动删除过期证书
|
||||
desc: 部署证书到阿里云ESA(边缘安全加速),支持边缘证书和SaaS证书两种模式
|
||||
needPlus: false
|
||||
input:
|
||||
cert:
|
||||
@@ -70,6 +70,20 @@ input:
|
||||
type: aliyun
|
||||
required: true
|
||||
order: 0
|
||||
deployMode:
|
||||
title: 部署模式
|
||||
value: edge
|
||||
component:
|
||||
name: a-radio-group
|
||||
vModel: value
|
||||
options:
|
||||
- label: 边缘证书
|
||||
value: edge
|
||||
- label: SaaS证书
|
||||
value: saas
|
||||
helper: 边缘证书:将证书部署到站点的边缘节点;SaaS证书:将证书部署到站点的SaaS域名
|
||||
required: true
|
||||
order: 0
|
||||
siteIds:
|
||||
title: 站点
|
||||
component:
|
||||
@@ -99,6 +113,39 @@ input:
|
||||
|
||||
helper: 请选择要部署证书的站点
|
||||
order: 0
|
||||
saasDomainIds:
|
||||
title: SaaS域名
|
||||
component:
|
||||
name: remote-select
|
||||
vModel: value
|
||||
mode: tags
|
||||
type: plugin
|
||||
action: onGetCustomHostnameList
|
||||
search: false
|
||||
pager: false
|
||||
single: false
|
||||
watches:
|
||||
- certDomains
|
||||
- accessId
|
||||
- siteIds
|
||||
- accessId
|
||||
- regionId
|
||||
required: false
|
||||
mergeScript: |2-
|
||||
|
||||
return {
|
||||
show: ctx.compute(({form})=>{
|
||||
return form.deployMode === 'saas'
|
||||
}),
|
||||
component:{
|
||||
form: ctx.compute(({form})=>{
|
||||
return form
|
||||
})
|
||||
},
|
||||
}
|
||||
|
||||
helper: 请选择要部署证书的SaaS域名(SaaS证书模式下必选)
|
||||
order: 0
|
||||
certLimit:
|
||||
title: 免费证书数量限制
|
||||
value: 2
|
||||
|
||||
@@ -0,0 +1,77 @@
|
||||
showRunStrategy: false
|
||||
default:
|
||||
strategy:
|
||||
runStrategy: 1
|
||||
name: AsiaIspDeployToCDN
|
||||
title: 橙域网络-部署证书到CDN
|
||||
desc: 部署证书到橙域网络(asia-isp) CDN加速域名
|
||||
icon: clarity:plugin-line
|
||||
group: cdn
|
||||
input:
|
||||
cert:
|
||||
title: 域名证书
|
||||
helper: 请选择前置任务输出的域名证书
|
||||
component:
|
||||
name: output-selector
|
||||
from:
|
||||
- ':cert:'
|
||||
required: true
|
||||
order: 0
|
||||
certDomains:
|
||||
title: 当前证书域名
|
||||
component:
|
||||
name: cert-domains-getter
|
||||
mergeScript: |2-
|
||||
|
||||
return {
|
||||
component:{
|
||||
inputKey: ctx.compute(({form})=>{
|
||||
return form.cert
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
||||
template: false
|
||||
required: false
|
||||
order: 0
|
||||
accessId:
|
||||
title: 橙域网络授权
|
||||
component:
|
||||
name: access-selector
|
||||
type: asiaisp
|
||||
required: true
|
||||
order: 0
|
||||
domainList:
|
||||
title: 加速域名
|
||||
component:
|
||||
name: remote-select
|
||||
vModel: value
|
||||
mode: tags
|
||||
type: plugin
|
||||
action: onGetDomainList
|
||||
search: true
|
||||
pager: true
|
||||
single: false
|
||||
pageSize: 10
|
||||
watches:
|
||||
- certDomains
|
||||
- accessId
|
||||
- certDomains
|
||||
- accessId
|
||||
required: true
|
||||
mergeScript: |2-
|
||||
|
||||
return {
|
||||
component:{
|
||||
form: ctx.compute(({form})=>{
|
||||
return form
|
||||
})
|
||||
},
|
||||
}
|
||||
|
||||
helper: 选择要部署证书的橙域CDN加速域名
|
||||
order: 0
|
||||
output: {}
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-asiaisp/plugin-deploy-to-cdn.js
|
||||
@@ -0,0 +1,52 @@
|
||||
showRunStrategy: false
|
||||
default:
|
||||
strategy:
|
||||
runStrategy: 1
|
||||
name: BaotaAutoDeploySiteCert
|
||||
title: 宝塔-全自动部署
|
||||
icon: svg:icon-bt
|
||||
group: panel
|
||||
desc: 根据证书域名自动匹配宝塔站点,全自动部署SSL证书。新增加速域名自动感知,自动新增部署
|
||||
runStrategy: 0
|
||||
needPlus: true
|
||||
input:
|
||||
cert:
|
||||
title: 域名证书
|
||||
helper: 请选择前置任务输出的域名证书
|
||||
component:
|
||||
name: output-selector
|
||||
from:
|
||||
- ':cert:'
|
||||
required: true
|
||||
order: 0
|
||||
certDomains:
|
||||
title: 当前证书域名
|
||||
component:
|
||||
name: cert-domains-getter
|
||||
mergeScript: |2-
|
||||
|
||||
return {
|
||||
component:{
|
||||
inputKey: ctx.compute(({form})=>{
|
||||
return form.cert
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
||||
template: false
|
||||
required: false
|
||||
order: 0
|
||||
accessId:
|
||||
title: 宝塔授权
|
||||
helper: 将自动查找证书匹配的站点,检查证书即将过期的站点并更新
|
||||
component:
|
||||
name: access-selector
|
||||
type: baota
|
||||
required: true
|
||||
order: 0
|
||||
output:
|
||||
deployedList:
|
||||
title: 已部署过的站点
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-plus/baota/plugins/plugin-deploy-automatch.js
|
||||
@@ -314,8 +314,11 @@ input:
|
||||
component:
|
||||
name: access-selector
|
||||
type: acmeAccount
|
||||
defaultSelect: true
|
||||
required: false
|
||||
helper: 请选择颁发机构对应的ACME账号
|
||||
helper: |-
|
||||
直接本地生成,无需外部注册
|
||||
点击选择按钮->添加->填写邮箱->生成账号即可
|
||||
mergeScript: |2-
|
||||
|
||||
return {
|
||||
@@ -554,9 +557,6 @@ output:
|
||||
cert:
|
||||
title: 域名证书
|
||||
type: cert
|
||||
certZip:
|
||||
title: 域名证书压缩文件
|
||||
type: certZip
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-cert/plugin/cert-plugin/apply.js
|
||||
|
||||
@@ -146,9 +146,6 @@ output:
|
||||
cert:
|
||||
title: 域名证书
|
||||
type: cert
|
||||
certZip:
|
||||
title: 域名证书压缩文件
|
||||
type: certZip
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-cert/plugin/cert-plugin/getter/aliyun.js
|
||||
|
||||
@@ -168,9 +168,6 @@ output:
|
||||
cert:
|
||||
title: 域名证书
|
||||
type: cert
|
||||
certZip:
|
||||
title: 域名证书压缩文件
|
||||
type: certZip
|
||||
pluginType: deploy
|
||||
type: builtIn
|
||||
scriptFilePath: /plugins/plugin-cert/plugin/cert-plugin/lego/index.js
|
||||
|
||||
@@ -142,9 +142,6 @@ output:
|
||||
cert:
|
||||
title: 域名证书
|
||||
type: cert
|
||||
certZip:
|
||||
title: 域名证书压缩文件
|
||||
type: certZip
|
||||
certMd5:
|
||||
title: 证书MD5
|
||||
type: certMd5
|
||||
|
||||
@@ -83,8 +83,8 @@ input:
|
||||
mode: tags
|
||||
type: plugin
|
||||
action: onGetGroupList
|
||||
search: false
|
||||
pager: false
|
||||
search: true
|
||||
pager: true
|
||||
single: true
|
||||
watches:
|
||||
- certDomains
|
||||
|
||||
@@ -17,15 +17,6 @@ input:
|
||||
- ':cert:'
|
||||
required: true
|
||||
order: 0
|
||||
certZip:
|
||||
title: 证书压缩文件
|
||||
helper: 请选择前置任务输出的域名证书压缩文件
|
||||
component:
|
||||
name: output-selector
|
||||
from:
|
||||
- ':certZip:'
|
||||
required: true
|
||||
order: 0
|
||||
email:
|
||||
title: 接收邮箱
|
||||
component:
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user